Updates to our Terms of Use

We are updating our Terms of Use. Please carefully review the updated Terms before proceeding to our website.

Thursday, March 28, 2024 | Back issues
Courthouse News Service Courthouse News Service

No Privacy Intrusion With Disney’s Data Collection

MANHATTAN (CN) - A federal judge tossed out a class-action lawsuit against Disney for allegedly sharing customers' personal information with Adobe, holding the information in question is not protected by privacy laws.

James Robinson, sued the entertainment giant in 2014 in Manhattan Federal Court, claiming he viewed the Disney shows on Roku, but had learned the company recorded his computer's hashed serial number, compiled information on which videos he viewed, and then sent that information to Adobe, which kept "massive digital dossiers on consumers."

Robinson's attorney argued the serial number by itself does not personally identifiable information but that when it is compiled with existing personal information, it does.

But U.S. District Judge Ronnie Abrams disagreed, saying Disney faced liability only if the data it had disclosed to Adobe identified an individual, not a computer, which it had not.

"The definition of PII the court hereby adopts readily distinguishes between names and addresses on the one hand, and an anonymized device serial number on the other," Abrams wrote. "The anonymized Roku serial number at issue here ... identifies a specific device, and nothing more."

The heart of the matter was whether Robinson's computer's serial number was, by itself, PII or whether it would require some kind of reverse engineering to make it so.

"If nearly any piece of information can, with enough effort on behalf of the recipient, be combined with other information so as to identify a person, then the scope of PII would be limitless," she wrote.

Abrams admitted that the "increasing ubiquity of digital technologies" has made it easier for companies to compile and track personal consumer information, but concluded consumers have no legal recourse to keep all their information private under current law.

Abrams said the 1988 Video Privacy Protection Act is the governing regulation, which was passed after former U.S. Circuit Judge Robert Bork's video tape rental history was published during his vetting process for a post on the U.S. Supreme Court. The law was amended in 2013 by President Barack Obama to allow companies to share certain rental information if they first obtained consumer permission.

The VPPA was written before online video streaming services, such as those provided by Roku, that allow consumers to download and stream video and music to their computers or televisions.

"There is no doubt that the world of Roku devices, streaming video, and data analytics is a very different one from that of the physical video stores and tape rentals in which the VPPA was originally passed," Abrams wrote, but that consumers don't have a remedy to keep all their information private.

Abrams also took issue with Robinson's argument that because hashed serial numbers - a code that ties a piece of software or a program to one specific computer - were random strings of numbers and letters (like names) and therefore constitute PII.

"[That argument] merely demonstrates what should already be obvious: much of human language is symbolic, communicated through systems of letters and numbers," Abrams wrote. "But such a generalized principle is not particularly useful in determining what PII - a statutorily defined term - means in this context."

Representatives of the parties could not be reached for comment.

Follow @NickRummell
Categories / Uncategorized

Subscribe to Closing Arguments

Sign up for new weekly newsletter Closing Arguments to get the latest about ongoing trials, major litigation and hot cases and rulings in courthouses around the U.S. and the world.

Loading...