Viacom and Google Defeat Privacy Claims over Kids' Online Data

A federal judge in Newark dismissed multidistrict litigation against Google Inc. and Viacom Inc. in rejecting claims that the companies' online data collection violates the privacy of children under 13. Brought on behalf of children who visit three Viacom websites ' Nick.com, NickJr.com and Neopets.com ' the litigation failed to state a claim under the Video Privacy Protection Act (VPPA) because no showing was made that the companies ever learn the children's actual identities, U.S. District Judge Stanley Chesler of the District of New Jersey said. And the claim under the tort of intrusion upon seclusion failed because the defendants' conduct would not be “highly offensive” to a reasonable person, Judge Chesler said in his Jan. 20 ruling. In re Nickelodeon Consumer Privacy Litigation, MDL 2443.

The complaint's dismissal comes after a July 2014 decision finding the pleadings deficient. The plaintiffs failed to cure those deficiencies in their latest pleadings, Judge Chesler said.

The litigation, representing six suits consolidated from around the country, concerned Viacom's practice of creating a record for each registered user of its websites for children, including gender, birth date and which videos and games users access from the site, according to court documents. Viacom also places a cookie onto the user's computer, allowing it to gather information, such as the user's IP address, device and browser settings, and Viacom shares that information with Google. Additionally, Viacom allows Google to place its own cookie on users' computers, allowing Google to track a user's Internet activity. Both Viacom and Google use the information they gather to target plaintiffs with ads, according to court documents.

Along with the VPPA and intrusion upon seclusion claims, the suit claimed the defendants violated New Jersey's Computer Related Offenses Act (CROA).

In the July 2014 ruling, Judge Chesler said the VPPA claim, which was raised against Viacom only, failed because the data collected and disclosed is not personally identifiable information. In an amended complaint, the plaintiffs said users could be identified by combining data collected by Viacom with information Google collects from its various websites and services, such as Google.com, Gmail and YouTube. But in his recent decision, Judge Chesler noted his conclusion from the July ruling that a VPPA violation requires information that identifies an actual person on its own, rather than in combination with information from other sources.

In addition, the district judge said, the plaintiffs' claim that individuals could be identified by combining data from Viacom websites with data from Google's own sources is “entirely theoretical.” Plaintiffs made no claim that any class members ever registered with Google, he said. What's more, Google doesn't permit children under 13 to register for its services, and the class consists entirely of persons under that age, he said.

Judge Chesler said the CROA claims against both defendants failed because the plaintiffs did not make the requisite showing of damage to business or property. They sought to frame their losses under the state statute in terms of unjust enrichment in a quasi-contractual setting, but Judge Chesler rejected their portrayal of the circumstances. The plaintiffs “failed to allege that they could have monetized the personally identifiable information collected, or if they could, that defendants' conduct prohibited them from still doing so,” Judge Chesler said.

The CROA targets computer hacking and “it is dubious whether the law also covers situations like this,” in which plaintiffs' computers have not been hacked and their information has not been stolen, the district judge said.

Judge Chesler also said the plaintiffs failed in their attempts to meet the requisite “highly offensive” standard to establish liability under the intrusion upon seclusion claims when they presented statistics showing that a large majority of the public opposes tracking children's online activity. “That which the public generally supports or opposes does not equate to that which an ordinarily reasonable person finds 'highly offensive,'” the judge said, adding that “collection and disclosure of anonymous browsing history and other similar information falls short of” the type of conduct deemed highly offensive in previous cases, including one where a video camera was hidden in a bathroom and the case of a woman whose ex-boyfriend distributed erotic photos of her without permission.

The plaintiffs' amended complaint is “an exercise in attempting to fit square pegs into round holes. Although plaintiffs have identified conduct that may be worthy of further legislative and executive attention, they have not cited any existing and applicable legal authority to support their claims,” Judge Chesler said.

Charles Toutant is a Reporter with The New Jersey Law Journal, an ALM sibling of Entertainment Law & Finance.

A federal judge in Newark dismissed multidistrict litigation against Google Inc. and Viacom Inc. in rejecting claims that the companies' online data collection violates the privacy of children under 13. Brought on behalf of children who visit three Viacom websites ' Nick.com, NickJr.com and Neopets.com ' the litigation failed to state a claim under the Video Privacy Protection Act (VPPA) because no showing was made that the companies ever learn the children's actual identities, U.S. District Judge Stanley Chesler of the District of New Jersey said. And the claim under the tort of intrusion upon seclusion failed because the defendants' conduct would not be “highly offensive” to a reasonable person, Judge Chesler said in his Jan. 20 ruling. In re Nickelodeon Consumer Privacy Litigation, MDL 2443.

The complaint's dismissal comes after a July 2014 decision finding the pleadings deficient. The plaintiffs failed to cure those deficiencies in their latest pleadings, Judge Chesler said.

The litigation, representing six suits consolidated from around the country, concerned Viacom's practice of creating a record for each registered user of its websites for children, including gender, birth date and which videos and games users access from the site, according to court documents. Viacom also places a cookie onto the user's computer, allowing it to gather information, such as the user's IP address, device and browser settings, and Viacom shares that information with Google. Additionally, Viacom allows Google to place its own cookie on users' computers, allowing Google to track a user's Internet activity. Both Viacom and Google use the information they gather to target plaintiffs with ads, according to court documents.

Along with the VPPA and intrusion upon seclusion claims, the suit claimed the defendants violated New Jersey's Computer Related Offenses Act (CROA).

In the July 2014 ruling, Judge Chesler said the VPPA claim, which was raised against Viacom only, failed because the data collected and disclosed is not personally identifiable information. In an amended complaint, the plaintiffs said users could be identified by combining data collected by Viacom with information Google collects from its various websites and services, such as Google.com, Gmail and YouTube. But in his recent decision, Judge Chesler noted his conclusion from the July ruling that a VPPA violation requires information that identifies an actual person on its own, rather than in combination with information from other sources.

In addition, the district judge said, the plaintiffs' claim that individuals could be identified by combining data from Viacom websites with data from Google's own sources is “entirely theoretical.” Plaintiffs made no claim that any class members ever registered with Google, he said. What's more, Google doesn't permit children under 13 to register for its services, and the class consists entirely of persons under that age, he said.

Judge Chesler said the CROA claims against both defendants failed because the plaintiffs did not make the requisite showing of damage to business or property. They sought to frame their losses under the state statute in terms of unjust enrichment in a quasi-contractual setting, but Judge Chesler rejected their portrayal of the circumstances. The plaintiffs “failed to allege that they could have monetized the personally identifiable information collected, or if they could, that defendants' conduct prohibited them from still doing so,” Judge Chesler said.

The CROA targets computer hacking and “it is dubious whether the law also covers situations like this,” in which plaintiffs' computers have not been hacked and their information has not been stolen, the district judge said.

Judge Chesler also said the plaintiffs failed in their attempts to meet the requisite “highly offensive” standard to establish liability under the intrusion upon seclusion claims when they presented statistics showing that a large majority of the public opposes tracking children's online activity. “That which the public generally supports or opposes does not equate to that which an ordinarily reasonable person finds 'highly offensive,'” the judge said, adding that “collection and disclosure of anonymous browsing history and other similar information falls short of” the type of conduct deemed highly offensive in previous cases, including one where a video camera was hidden in a bathroom and the case of a woman whose ex-boyfriend distributed erotic photos of her without permission.

The plaintiffs' amended complaint is “an exercise in attempting to fit square pegs into round holes. Although plaintiffs have identified conduct that may be worthy of further legislative and executive attention, they have not cited any existing and applicable legal authority to support their claims,” Judge Chesler said.

Charles Toutant is a Reporter with The New Jersey Law Journal, an ALM sibling of Entertainment Law & Finance.