Congress’ role in protecting information privacy has, historically, been reactive rather than proactive. The Video Privacy Protection Act of 1980 (‘‘VPPA’’ or ‘‘Act’’) is a perfect example of this reactive role. Arising out of the failed nomination of Judge Robert Bork to the Supreme Court, the Act is one of the most privacy protective ever passed and, perhaps, one of the most narrow.
Bork’s confirmation hearings were highly contentious and focused on many of the nominee’s more controversial views related to the judicial function and Constitutional interpretation. As his hearings progressed, many began to search his personal background for information that would, it may be assumed, reflect poorly on his candidacy. In 1998, one reporter from a small Washington, D.C. paper, the City Paper, fell on the idea of obtaining Bork’s video rental history. One may assume the reporter was not interested in finding whether Bork rented A Day at the Races, but no scandalous materials were found, and the story may have ended there. However, politicians and interest groups on all sides of the political spectrum immediately denounced the story and called for legal action. In response to this outcry, Sen. Patrick Leahy introduced the VPPA and, in short order, it was passed into law.
In summary, the Act forbids the release of information related to the rental of ‘‘prerecorded video cassette tapes or similar audio visual material’’ without the customer’s prior, written consent. The Act does not, by its express terms, extend beyond the protection of video rental records (despite initial drafts that included magazine subscriptions and other media). The VPPA does have some exceptions to this general ban. Disclosure of personally identifiable information will not violate the Act if made (1) to police officers pursuant to a valid warrant; (2) with the prior, written, and informed consent of the customer; (3) pursuant to a judicial subpoena (provided the customer is given the opportunity to be heard and oppose); and (4) in the ordinary course of business, including for debt collection, order fulfillment, or transfer of ownership of the store in question. Finally, video rental companies may release customer lists that identify name, address, and ‘‘genre’’ preferences, if such releases are solely for marketing or advertising purposes and the customer has been provided ‘‘clear and conspicuous’’ opportunity to opt out.
The Act authorizes the injured customer to sue any person who violates the Act. When a violation is established, the injured customer is entitled to damages of no less than $2,500 and may be awarded punitive damages and attorney fees and costs. Early decisions held that anyone who discloses or uses video rental information might be held liable. As a result, liability was previously extended to police officers or other individuals who obtained protected information in violation of the Act (Dirkes v. Borough of Runnemede ; Camfield v. City of Oklahoma ). However, a recent decision has called into question this earlier expansive reading of the Act. In Daniel v. Cantrell (2004), the Sixth Circuit Court of Appeals determined that only video rental companies and their direct employees can ‘‘violate’’ the Act and, as a result, other persons are immune from suit.
Although the Act’s protections are among the strongest in federal privacy law, it is unclear whether they continue to apply to new technologies. Most video rental services now rent, almost exclusively, DVDs and video games. The bare wording of the Act does not clearly encompass rentals of these new media, and no cases have, to date, been brought to test the VPPA’s application to them. As new technologies emerge, including ‘‘on-demand’’ video and digital content, the limits of the VPPA will be probed and its apparent anachronism tested.
DOUGLAS J. SYLVESTER
Cases and Statutes Cited