Companies commonly utilize Facebook as part of their online social media advertising strategy. Companies should revisit this strategy in light of a recent finding in the Northern California U.S. District Court (In re Hulu Privacy Litigation, Case No. 4:11-cv-03764 (N.D. Cal. 2011)).
Hulu, a well-known online video streaming service, has been engaged in litigation with users claiming that Hulu violated their privacy rights and federal privacy law by sharing information about the titles they viewed without consent. The court narrowed the initial complaint by dismissing allegations that Hulu transmitted user information to another website and denied the plaintiffs' request for class-action status. Despite these wins, Hulu was unable to persuade the court that the federal law – the Video Privacy Protection Act, a 1988 law prohibiting movie rental companies from disclosing information about which videos people watched – applied to online video streaming services. Hulu's loss of this crucial battle set the stage for the allegation that Hulu violated users' privacy rights by transmitting information about users to Facebook via the "like" button. The plaintiffs' claims include the allegation that between April 2010 and June 2012, the like button was configured so that it transmitted the titles of the videos users watched to Facebook's servers, regardless of whether the user clicked the like button indicating that the user liked the clip.
Hulu's latest response to the like button allegation is interesting. Hulu argues that it did not know that adding Facebook's like button would result in the transmission of information about its users to Facebook. Whether this argument will be successful or not, Hulu's battle over privacy of information with its users illustrates the challenges and risks associated with new media and why all companies must understand the information it may transmit to third parties.
Although it is still unknown whether Hulu's argument will be successful, all companies should be aware that privacy laws enacted to resolve issues related to the transmission of information in older mediums may be applied to transmission of the information in new media formats. Courts, like in the Hulu case, are interpreting the applicability of privacy laws more broadly. Accordingly, companies should audit their systems regularly and implement privacy and security policies that protect user information. Companies without comprehensive privacy and security programs should work to implement policies and procedures.
If you have questions about privacy or other data security issues, please contact the authors of this alert, Alisa Chestler or Karli Swift, or a member of Baker Donelson Privacy and Information Security Group.