• by Wendy Davis  @wendyndavis, June 17, 2014

In a significant win for Hulu, a federal judge ruled today that a group of consumers who are suing the company for alleged privacy violations can't proceed as a class.

The consumers say the online video company violated the Video Privacy Protection Act by allegedly disclosing the names of the programs they watched with Facebook. The users sought to proceed on behalf of everyone who had both a Hulu and a Facebook account between April 2010 and June 2012.

U.S. District Court Magistrate Judge Laurel Beeler in San Francisco denied that request today, ruling that not all Hulu users were equally affected by the potential violation of the law. The ruling theoretically allows the consumers to move forward as individuals, but as a practical matter, the decision could make it prohibitively expensive for the consumers to continue with the lawsuit.

Beeler previously ruled that Hulu might have violated the federal video privacy law, which prohibits movie rental companies from disclosing information about the videos people watch. But the judge said today that even if Hulu ran afoul of the law, the violations wouldn't have affected people who changed their default settings or took other anti-tracking measures.

That's because information about the movies was transmitted from Hulu to Facebook via cookies, but those cookies weren't sent in every case. If users took steps to block tracking -- such as by using ad-blocking software, clearing their cookies, logging out of Facebook, or using different browsers for Facebook and Hulu -- their movie-viewing history wouldn't have been shared.

Beeler said in her ruling that there didn't appear to be a good way to distinguish between the users who took those kinds of measures and the ones who didn't.

She rejected a proposal, put forward by the consumers' lawyers, to simply ask users how they configured their computers. “The court cannot tell how potential class members reliably could establish by affidavit the answers to the potential questions: Do you log into Facebook and Hulu from the same browser; do you log out of Facebook; do you set browser settings to clear cookies; and do you use software to block cookies,” she wrote.

Beeler also suggested that the possibility of a large damage award -- the Video Privacy Protection Act calls for damages of $2,500 -- creates an incentive for consumers to lie. “That incentive and the vagaries of subjective recollection makes this case different than the small-ticket consumer protection class-actions that this district certifies routinely,” Beeler wrote.

The decision was without prejudice, meaning that the consumers can try again to convince Beeler to certify a class. But it's not clear they will be able to. Beeler wrote that she couldn't yet tell whether the problems she flagged “could be resolved by narrowing the class definition, by defining subclasses, by reference to objective criteria, by a damages analysis that addresses pecuniary incentives, or otherwise.”

The consumers who are suing originally accused Hulu of also sharing data about them with comScore, but counts relating to those allegations were dismissed in April.

Beeler issued a key ruling in the case last year, when she said that the federal video privacy law applies to streaming video, as well as physical copies of movies. She wrote that the law is designed to protect the privacy of people who watch video, regardless of technical format.

That decision marked the first time a court explicitly ruled that streaming video is covered by the 1988 privacy law, which was passed after a newspaper in Washington obtained and published the video rental records of Supreme Court nominee Robert Bork.