Siding with Hearst TV, a federal judge threw out a lawsuit claiming that the company violated the federal video privacy law by sharing information about a smartphone user's video history to Google and Braze.
In a 12-page ruling issued Friday, U.S. District Court Judge Richard Stearns in Boston found that Charles Therrien -- who had downloaded Hearst's WMUR app for local news and weather -- failed to prove that data the transmitted by Hearst to Google Ad Manager and the engagement platform Braze could identify him. Hearst sent some location data to both companies, and the Android advertising ID (a resettable string of numbers) to Google, according to the ruling.
The ruling came in a legal dispute that began in March 2023, when Hearst TV app user Michelle Saunders claimed in a class-action complaint that the company violated the Video Privacy Protection Act by allegedly sharing app users' video-viewing history -- along with device identifiers and geolocation data -- with Google Ad Manager and Braze, an engagement platform. Saunders later dropped out of the litigation and was replaced by Charles Therrien.
advertisement
advertisement
Therrien is one of numerous people who have recently sued online companies for allegedly violating the Video Privacy Protection Act by embedding analytics tools on their websites. That law, passed in 1988, prohibits video providers from sharing consumers' identifiable video-viewing information without their consent.
Hearst recently sought summary judgment -- meaning a ruling in its favor based on evidence developed in the course of litigation. The company made numerous arguments, including that Therrien failed to prove that the data shared with Google was personally identifiable.
Stearns agreed with Hearst. The judge said the record showed that just a single “geolocation data point” was shared -- a church that at least 75 people attended. That data, standing alone, wouldn't identify Therrien, Stearns ruled.
“If someone learned that a WMUR app user watched a video on the app at this 75-member church, that simple shard of information would not 'enable most persons to identify' the user’s home and work address and ultimately identify Therrien,” Stearns wrote.
“Thus, the court finds on this record that there is an insufficient amount of evidence for a reasonable juror to find that Therrien could 'reasonably and foreseeably' be identified from the geolocation data alone.”
Therrien claimed that Hearst's data showed it disclosed “856 points of his geolocation” to Braze, but the judge said the record didn't indicate what those “geolocation points” would reveal.
Stearns also ruled that the Android advertising ID disclosed to Google was not identifiable in itself.
“Without more, such as a name, home, or work address, one cannot identify Therrien” based only on the advertising ID, Stearns ruled.
Therrien also said Hearst disclosed his email address to Blaze, but Stearns said that even if the email address was personally identifiable information, the record shows that the disclosure fell within an exception to the video privacy law because it was made in the ordinary course of business.