Cartoon Network Defeats Video Privacy Case Because Phone IDs Aren't Personal Data

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

Oct. 10 — A federal district court Oct. 8 dismissed a putative class action under the Video Privacy Protection Act against the Cartoon Network Inc. after concluding that a mobile device identifier doesn't constitute personally identifiable information (PII).

“The Android ID is a randomly generated number that is unique to each user and device,” Judge Thomas W. Thrash Jr. of the U.S. District Court for the Northern District of Georgia wrote. “It is not, however, akin to a name. Without more, the Android ID does not identify a specific person.”

The court looked to In re Hulu Privacy Litig., No. 3:11-cv-03764-LB, 2014 BL 120236 (N.D. Cal. Apr. 28, 2014), for guidance. As in Hulu, here a third party would have to take additional steps to link the Android ID with a specific person, the court said.

Mobile App Allegations

The named plaintiff sued the Atlanta-based Cartoon Network on behalf of a proposed class of consumers, alleging that its mobile application transmits a complete record of a user's video history and the user's Android ID to a third party, data analytics company Bango.

The plaintiff alleged that, in combination with the Android IDs obtained from Cartoon Network, Bango used information collected from other sources to reverse-engineer consumers' identities.

He contended that the disclosure of Android IDs to Bango violated the VPPA, 18 U.S.C. § 2710, which prohibits a “video tape service provider” from knowingly disclosing a consumer's PII. The statute defines PII to include “information which identifies a person as having requested or obtained specific video materials or services from a video tape service provider.”

Cartoon Network moved to dismiss the amended complaint.

Failure to State a Claim

The court first found the plaintiff's allegation of a violation of the VPPA was sufficient by itself for purposes of standing. It said that Congress's use of the term “aggrieved” in the VPPA suggested that it intended “to allow for broad standing.”

In addition, contrary to the defendant's contention, the allegations that the plaintiff downloaded the app, that he used it to watch video clips and that his Android ID and viewing history were transmitted to Bango were sufficient to qualify him as a “subscriber” and thus a “consumer” within the meaning of the VPPA, the court said.

But the plaintiff still failed to state a claim for a VPPA violation because an Android ID doesn't constitute PII within the meaning of the statute, the court found.

Several other courts “have held that ‘personally identifiable information' is that which, in its own right, without more, ‘link[s] an actual person to actual video materials,' ” the court said, quoting In re Nickelodeon Consumer Privacy Litig., No. 2:12-cv-07829, 2014 BL 186702 (D.N.J. July 2, 2014).

Here, an Android ID alone doesn't constitute PII, the court concluded.

“Like the disclosure in In re Hulu that did not violate the VPPA because the third party had to take extra steps to connect the disclosure to an identity, the disclosure by the Defendant here required Bango to collect information from other sources,” the court said. “From the information disclosed by the Defendant alone, Bango could not identify the Plaintiff or any other members of the putative class.”

The court dismissed the complaint without leave to amend.

Edelson PC and the Jordan Firm LLC represented the named plaintiff. Kirkland & Ellis LLP, ZwillGen PLLC and Troutman Sanders LLP represented the defendant.

Full text of the court's opinion is available at


Request Bloomberg Law: Privacy & Data Security