827 F.3d 262 (3rd Cir. 2016), 15-1441, In re Nickelodeon Consumer Privacy Litigation

Docket Nº:15-1441
Citation:827 F.3d 262
Opinion Judge:FUENTES, Circuit Judge :
Attorney:For Appellants: Jason O. Barnes, Esq. [ARGUED], Barnes & Associates, Jefferson City, MO; Douglas A. Campbell, Esq., Frederick D. Rapone, Esq., Campbell & Levine, LLC, Pittsburgh, PA; Barry R. Eichen, Evan J. Rosenberg, Esq., Eichen Crutchlow Zaslow & McElroy, LLP, Edison, NJ; James P. Frickleton,...
Judge Panel:Before: FUENTES, SHWARTZ, and VAN ANTWERPEN, Circuit Judges.
Case Date:June 27, 2016
Court:United States Courts of Appeals, Court of Appeals for the Third Circuit

Page 262

827 F.3d 262 (3rd Cir. 2016)


No. 15-1441

United States Court of Appeals, Third Circuit

June 27, 2016

Argued December 8, 2015.

Page 263

[Copyrighted Material Omitted]

Page 264

[Copyrighted Material Omitted]

Page 265

On Appeal from the District Court for the District of New Jersey. (Multidistrict Litigation No. 13-md-2443 District Court No. 2-12-cv-07829). District Judge: Honorable Stanley R. Chesler.

For Appellants: Jason O. Barnes, Esq. [ARGUED], Barnes & Associates, Jefferson City, MO; Douglas A. Campbell, Esq., Frederick D. Rapone, Esq., Campbell & Levine, LLC, Pittsburgh, PA; Barry R. Eichen, Evan J. Rosenberg, Esq., Eichen Crutchlow Zaslow & McElroy, LLP, Edison, NJ; James P. Frickleton, Esq., Edward D. Robertson, III, Esq., Bartimus Frickleton Robertson, P.C., Leawood, KS; Edward D. Robertson, Jr., Esq., Mary D. Winter, Esq., Bartimus Frickleton Robertson, P.C., Jefferson City, MO; Mark C. Goldenberg, Esq., Thomas Rosenfeld, Esq., Goldenberg Heller Antognoli & Rowland, PC, Edwardsville, IL; Adam Q. Voyles, Esq., Lubel Voyles LLP, Houston, TX.

For Amicus Curiae, Electronic Privacy Information Center: Alan J. Butler, Esq. [ARGUED], Marc Rotenberg, Esq., Washington, DC.

For Appellee Viacom, Inc.: Jeremy Feigelson, Esq., Debevoise & Plimpton LLP, New York, NY; David A. O'Neil, Esq. [ARGUED], Debevoise & Plimpton LLP, Washington, DC; Seth J. Lapidow, Esq., Stephen M. Orlofsky, Esq., Blank Rome LLP, Princeton, NJ.

For Appellee Google, Inc.: Colleen Bal, Esq., Michael H. Rubin, Esq. [ARGUED], Wilson, Sonsini, Goodrich & Rosati, PC, San Francisco, CA; Tonia O. Klausner, Esq., Wilson Sonsini Goodrich & Rosati, PC, New York, NY; Jeffrey J. Greenbaum, Esq., Joshua N. Howley, Esq., Sills, Cummis & Gross P.C., Newark, NJ.

For Chamber of Commerce of the United States of America, Amicus Curiae: Jeffrey B. Wall, Esq. [ARGUED], Sullivan & Cromwell LLP, Washington, DC.

Before: FUENTES, SHWARTZ, and VAN ANTWERPEN, Circuit Judges.


Page 266

FUENTES, Circuit Judge :

Table of Contents

I. Background
A. Internet Cookie Technology
B. Factual Allegations
C. Procedural History in the District Court
II. Arguments and Claims Foreclosed bye Our
Decision in Google
A. Article III Standing
B. The Federal Wiretap Act
C. The California Invasion of Privacy Act
D. The Federal Stored Communications Act
E. The New Jersey Computer Related
Offenses Act
III. Claims Raising Issues Beyond Those We
Addressed in Google
A. The Video Privacy Protection Act
1. Whether Google is an Appropriate
Defendant under the Act
2. Whether Viacom Disclosed " Personally
Identifiable Information"
B. Intrusion upon Seclusion
1. The Plaintiffs' Intrusion Claim Is Not
2. The Plaintiffs Have Adequately Alleged
an Intrusion Claim
IV. Conclusion
Most of us understand that what we do on the Internet is not completely private. How could it be? We ask large companies to manage our email, we download directions from smartphones that can pinpoint our GPS coordinates, and we look for information online by typing our queries into search engines. We recognize, even if only intuitively, that our data has to be going somewhere. And indeed it does, feeding an entire system of trackers, cookies, and algorithms designed to capture and monetize the information we generate. Most of the time, we never think about this. We browse the Internet, and the data-collecting infrastructure of the digital world hums along quietly in the background. Page 267 Even so, not everything about our online behavior is necessarily public. Numerous federal and state laws prohibit certain kinds of disclosures, and private companies often promise to protect their customers' privacy in ways that may be enforceable in court. One of our decisions last year, In re Google Inc. Cookie Placement Consumer Privacy Litigation,1 addressed many of these issues. This case addresses still more. This is a multidistrict consolidated class action. The plaintiffs are children younger than 13 who allege that the defendants, Viacom and Google, unlawfully collected personal information about them on the Internet, including what webpages they visited and what videos they watched on Viacom's websites. Many of the plaintiffs' claims overlap substantially with those we addressed in Google, and indeed fail for similar reasons. Even so, two of the plaintiffs' claims--one for violation of the federal Video Privacy Protection Act, and one for invasion of privacy under New Jersey law--raise questions of first impression in our Circuit. The Video Privacy Protection Act, passed by Congress in 1988, prohibits the disclosure of personally identifying information relating to viewers' consumption of video-related services. Interpreting the Act for the first time, we hold that the law permits plaintiffs to sue only a person who discloses such information, not a person who receives such information. We also hold that the Act's prohibition on the disclosure of personally identifiable information applies only to the kind of information that would readily permit an ordinary person to identify a specific individual's video-watching behavior. In our view, the kinds of disclosures at issue here, involving digital identifiers like IP addresses, fall outside the Act's protections. The plaintiffs also claim that Viacom and Google invaded their privacy by committing the tort of intrusion upon seclusion. That claim arises from allegations that Viacom explicitly promised not to collect any personal information about children who browsed its websites and then, despite its assurances, did exactly that. We faced a similar allegation of deceitful conduct in Google, where we vacated the dismissal of state-law claims for invasion of privacy and remanded them for further proceedings. We reach a similar result here, concluding that, at least as to Viacom, the plaintiffs have adequately alleged a claim for intrusion upon seclusion. In so doing, we hold that the 1998 Children's Online Privacy Protection Act, a federal statute that empowers the Federal Trade Commission to regulate websites that target children, does not preempt the plaintiffs' state-law privacy claim. Accordingly, we will affirm the District Court's dismissal of most of the plaintiffs' claims, vacate its dismissal of the claim for intrusion upon seclusion against Viacom, and remand the case for further proceedings. I. Background We begin by summarizing the allegations in the plaintiffs' complaints.2 Page 268 A. Internet Cookie Technology When a person uses a web browser to access a website, the browser sends a " GET" request to the server hosting that site. So, for example, if a person types " www.nick.com" into the address bar of his or her web browser, the browser contacts the server where Nick.com is hosted and transmits data back to the user's computer.3 In addition to other content, Nick.com may also display ads from third parties. These ads typically reside on a different server. To display the ad, the Nick.com server will direct the user's browser to send another " GET" request to the third-party server, which will then transmit the ad directly to the user's computer. From the user's perspective, all of this appears to happen simultaneously, and all the visual information on Nick.com appears to originate from a single source. In reality, the Nick.com website is an assemblage of content from multiple servers hosted by different parties.4 An Internet " cookie" is a small text file that a web server places on a user's computing device.[5] Cookies allow a website to " remember" information about a user's browsing activities (such as whether or not the user is logged-in, or what specific pages the user has visited). We can distinguish between first-party cookies, which are injected into a user's computer by a website that the user chooses to visit ( e.g., Nick.com), and third-party cookies, which are placed on a user's computer by a server other than the one that a person intends to visit ( e.g., by an ad company like Google).6 Advertising companies use third-party cookies to help them target advertisements more effectively at customers who might be interested in buying a particular product. Cookies are particularly powerful if the same company hosts ads on more than one website. In those circumstances, advertising companies are able to follow a user's browsing habits across multiple websites that host the company's ads. Given Google's dominance in the Internet advertising market, the plaintiffs claim that Google is able to use cookies to track users' behavior across large swaths of the Internet.7 B. Factual Allegations Defendant Viacom owns the children's television station Nickelodeon. It also operates Nick.com, a website geared towards children that offers streaming videos and interactive games.8 A child registers to use Nick.com by signing up for an account and choosing a username and password.9 During the registration process, a child provides his or her birthdate and gender to Viacom, and Viacom then assigns the child a code based on that information.10 The Page 269 plaintiffs also assert that Viacom's registration form includes a message to children's parents: " HEY GROWN-UPS: We don't collect ANY personal information about your kids. Which means we couldn't share it even if we wanted to!" 11 The plaintiffs allege that Viacom and Google unlawfully used cookies to track children's...

To continue reading