A recent lawsuit against a college is a reminder that higher education institutions need to take a closer look at how they use video content online, especially when tracking tools are involved.
The suit alleges that the college used Meta Pixel to share viewer data with Meta, including the name of the video watched and the viewer’s Facebook ID. The suit alleges that this information could potentially identify individuals and their viewing habits. The college sought to dismiss the case, arguing it wasn’t a “video service provider” and that the videos were part of its standard operations. The judge disagreed, stating that the college was “engaged in the business of” delivering videos because it made money, not necessarily profit, from the videos in some way. Specifically, while the videos were free, they led to donations, purchases of books connected to the videos in their online store, or enrollment in paid programs. Additionally, the suit alleges that viewers had to submit their “valuable personal information,” name and email, to access the content, which led the court to find that they qualified as “subscribers” under the law.
Why It Matters
The Video Privacy Protection Act (VPPA), originally enacted to safeguard video rental records, is now being used to challenge how organizations handle viewership data for online media like embedded videos and similar streaming content. Plaintiffs are increasingly applying this law to digital platforms, raising risks for institutions that distribute video content or use video content in their curriculum.
Key Takeaways for Colleges and Universities
Even free educational content can raise legal concerns. If a school uses video content that includes embedded analytics technology that may transmit data to third parties, such uses, regardless of whether the school actively intended to share that data, increase their exposure.
As schools expand their digital offerings, they need to be thoughtful about how video content is delivered and how viewer data is handled. To manage exposure, schools should:
- Check what’s running on your site: Tracking pixels and analytics tools may be sending more data than expected. Review your tracking and cookie policy and align with disclosures;
- Assess vendors: Often, institutions rely on third-party vendor technologies and may not know how such technologies function. Diligence is essential when such technologies touch streaming and video content;
- Review curriculum: Educators should review their curriculum for the usage of media that involves video. Any related data that is transmitted as a consequence of viewing that video can present risk;
- Separate marketing from education: If videos are used to promote donations or paid programs that the school may generate revenue from, consider separating such content; and
- Create a risk management plan: Schools should create a risk management plan coupled with an inventory of applications to determine what technologies are used, when and what data is being collected, where it is being sent, and how the data is used.
