The Video Privacy Protection Act (VPPA) may be decades old, but in 2025, it’s more relevant than ever for marketers and digital teams. With the rise of embedded video content and tracking technologies like pixels, companies face new legal risks under this legacy law.
In this blog, we’ll cover:
- What the VPPA is and why it was created
- How modern tracking tools like pixels may violate the VPPA
- Real-world examples of VPPA-related lawsuits
- How other laws, like wiretapping statutes, intersect with video tracking
- Practical steps to reduce risk and stay compliant
The origins of the VPPA: A privacy law born from public outcry
In 1987, Supreme Court nominee Judge Robert Bork’s video rental history was published by the Washington City Paper. At the time, the reporter who obtained this information, Michael Dolan, justified its publication by saying, “The only way to figure out what someone is like is to examine what that someone likes – take a hard look at the tools of leisure he uses to chip away life’s rough edges.”
The result of that Washington City Paper article was twofold. First, the Nation came to understand that Judge Borke and his family enjoyed Alfred Hitchcock, spy thriller, and period costume drama films. Second, public outcry over the privacy violation led to the Video Privacy Protection Act the following year, prohibiting video service providers from disclosing personally identifiable information, such as video requests, without consent or under specific legal conditions.
It is also important to note that the Video Protection Act provides for a private right of action and “actual damages but not less than liquidated damages in an amount of $2500” per violation.
Why the VPPA still matters in 2025
Originally aimed at physical video rental stores, the VPPA now applies to a broader range of businesses due to its definitions. Any company offering video content online could be considered a “video service provider,” especially if it uses tracking technologies that share user data with third parties.
Example: Pixels and video content
Consider a farm equipment company that hosts instructional videos on its website. If it uses Meta pixels that share video viewing data with Meta, it could fall under VPPA scrutiny—even though the law predates online video and tracking technologies.
Real-world case: Salazar v. NBA
Triggering court cases across 2024 and 2025, Michael Salazar signed up for a National Basketball Association (NBA) newsletter. Subsequently, he viewed basketball videos on an NBA website. Like our fictious case example above, the NBA website used Meta pixels that sent information to Meta and so allegedly violated the Video Protection Act when it allowed pixels to send information about Salazar’s video viewing in a way that identified Salazar.
It is interesting to read the history of Salazar’s case and various court findings – not all of which lead to a slam dunk through the Video Protection Act net. However, some of the findings have opened a door to legal risk related to pixels, third party sharing, and online video tracking.
Beyond the VPPA: Wiretapping laws and tracking technologies
The VPPA isn’t the only older law being applied to modern tracking practices. The California Invasion of Privacy Act (CIPA) prohibits recording or eavesdropping on private communications without consent. Courts are now examining whether pixels and cookies that transmit data to third parties without consent could violate wiretapping laws.
For example, in Doe v. Regents of the University of California, the plaintiffs asserted these violations related to the Meta pixel on the university’s website and patient portal.
How to reduce risk: Consent and transparency are key
To avoid legal pitfalls, companies should focus on transparency and consent when using tracking technologies.
Tips for tracker-related compliance
- Audit your trackers regularly: Scan all web assets to identify cookies, pixels, and other technologies. Understand what data they collect and where it’s sent.
- Update your privacy notices: Clearly explain what trackers are used, what data is collected, and how it’s shared. Make notices accessible and easy to understand.
- Implement a robust consent mechanism: Move beyond basic cookie banners. Consider an opt-in model for all trackers, including pixels, to ensure compliance with VPPA and wiretapping laws.
Future-proof your privacy strategy with a CPM Platform
A Consent and Preference Management (CPM) Platform can help manage trackers, align notices with actual data practices, and ensure ongoing compliance. Regular audits, clear categorization of trackers, and consistent consent practices will help protect your organization from emerging legal risks tied to legacy laws.
Ultimate guide to first-party data strategy
What you’ll find inside:
- Master the art of gathering rich, valuable insights directly from your customers
- Learn how to navigate the ever-changing landscape of data privacy regulations and build trust
- Get an in-depth overview of the latest tools and technologies available to optimize your data collection
- Follow our proven step-by-step framework to integrate data collection practices into your organization and drive tangible results
