• by Wendy Davis  @wendyndavis, February 5, 2024

A Massachusetts man who says he downloaded Dotdash Meredith's Allrecipes app can proceed with claims that the company violated a federal privacy law by allegedly transmitting information about the videos he watched to marketing services firm Twilio.

The ruling, issued late last week by U.S. District Court Judge Allison Burroughs in Massachusetts, stemmed from class-action complaint brought in 2022 by Robert Rancort, who alleged that the AllRecipes app sent Twilio users' geolocation data, mobile ad identifiers (alphanumeric strings linked to smartphones) and information that identified the videos users watched.

He claimed these alleged disclosures violated the federal Video Privacy Protection Act -- a 1988 law that prohibits video companies from transmitting consumers' personally identifiable video-viewing information to third parties.

Dotdash Meredith urged Burroughs to dismiss the complaint at an early stage of the proceedings. Among other arguments, the company said the allegations in the complaint didn't align with the activity outlawed by the video privacy act for several reasons.

Specifically, the company said Rancort didn't fit the law's definition of “consumer” because he hadn't purchased a paid subscription to use the recipe app. The company also argued that the video privacy law only applies to companies whose central business purpose is video sale, rental, or delivery.” And the company contended that the information allegedly shared with Twilio didn't personally identify Rancort, and didn't include the titles of videos he watched, only a numerical string that served as a content identifier.

Burroughs rejected all of those contentions.

“The court concludes that Mr. Rancourt was a 'subscriber,'” Burroughs wrote in her 35-page ruling.

“Mr. Rancourt was required to register for the app and to create an Allrecipes account. His decision to download the app, as opposed to using an internet browser to access Allrecipes content, evidences an intent to have an ongoing relationship or association with the app,” she added.

She also found the company was covered by the Video Privacy Protection Act because it was “engaged in the business” of providing video content.

Additionally, she wrote that disclosing the “video ID” could violate the statute, noting the complaint alleged that ordinary people could figure out the video's title merely by typing the numerical ID into Google's search engine. (On Monday afternoon, typing “allrecipes 12682” into Google's search bar on Monday afternoon yielded a top result of “Apple Pie by Grandma Ople Recipe.”)

The judge also said the geolocation data and mobile ad identifiers were considered “personally identifiable information” in federal courts in Massachusetts.

She noted that the 1st Circuit Court of Appeals, which covers Massachusetts, ruled in 2016 that Gannett would have to face claims it violated a video privacy law by allegedly sending Adobe the geolocations, device identifiers and titles of videos watched by users of the USA Today app.