Chick-Fil—a hit with privacy lawsuit over video data collection

The Chick-fil-A logo on a restaurant.

Photo: Sheila Fitzgerald (Shutterstock)

While Chick-fil-A served you sandwiches, it also passed data to Facebook’s parent company Meta. Aaccording to a new lawsuit filed Sunday, the fast food chain did so in a manner that violated one of the few federal privacy laws in the United States.

Chick-fil-A has been releasing bizarre animated videos over the past four years over the Christmas season titled “The Stories of Evergreen Hills.” We’ve posted a seven-minute sample below, which you can check out if you’re crazy. These low-budget holiday masterpieces are available on YouTube, or you can view them on Chick-fil-A’s dedicated website, evergreenhills. com. That website caught the attention of privacy advocates because of how it is tracked and shared data.

Like hundreds of millions of other websites, evergreenhills.com has a built-in metapixel, a tracker that sends data to the social media company about who visits the site. Companies like Chick-fil-A use that information to retarget people with ads and measure how well ad campaigns are working. The Pplaintiffs allege that Chick-fil-A violated a law, the Video Privacy Protection Act (VPPA), which says you can’t share personally identifiable information about people’s viewership without their permission.

Typically, the metapixel does not collect your name, phone number, or home address, but it does collect unique ID numbers that the social media company uses to identify you and target ads to you. According to privacy advocates, that obviously meets the criteria for personally identifiable information, because it is information that identifies you individually. But the injured Chick-fil-A customers will have to take that argument to court.

The snow globe | Stories of evergreen hills | Made by Chick-fil-A

Chick-fil-A did not immediately respond to a request for comment. The evergreenhills.com privacy policy states that the company collects information about its visitors and may share that information with Facebook and other social media companies.

Contrary to popular belief, there are basically no privacy laws in the United States, especially at the federal level. The few state laws related to data privacy, such as the California Consumer Privacy Act, give you some rights after the data is collected, but generally require companies to obtain your consent.

But when video is involved, you enter a legal gray area.

The VPPA is an obscure 1988 law designed to protect information about people’s videotape rental, called the Video Privacy Protection Act (VPPA), written after the press leaked a list of movie viewing habits of the unsuccessful candidate for the Supreme Court, Robert Bork.

Three and a half decades later, that law could land Chick-fil-A in the deep fryer, along with a growing list of actually every company on the planet that shows online videos.

The VPPA says that “videotape service providers” (or anyone who provides similar services) may not disclose personally identifiable information about what videos you watch without your informed, written consent. If a company shares your information in violation of the law, it will owe you $2,500, not including any damages and attorneys’ fees. When there’s a class action lawsuit involving thousands or millions of potential victims, that money adds up quickly.

However, it is not clear whether the structure of the Internet falls within the scope of Reagan-era privacy law. The multimillion-dollar question is how courts will define “personally identifiable information.”

Chick-fil-A is in good company. There has been an absolute explosion of class action lawsuits filed over alleged VPPA violations over the past year. In October, Bloomberg Law identified 47 separate lawsuits, a number that has only grown since then, bringing claims against companies such as the NBA, GameStop, CNN, BuzzFeed, and Dotdash Meredith, owner of People Magazine. It almost seems like lawyers are scouring the internet looking for more websites to sue. It’s like a meme for lawyers.

Reading the text of the law, it seems It’s clear that sending video viewing data that would allow a company to identify you is in the spirit of what Congress wanted to protect in the 1980s. But if that’s true, the chicken hits the fan. This kind of data sharing is just how the internet works (which is a shame for anyone who’s a fan of not being spied on). There are metapixels and similar tracking tools on just about every website you visit. If all those video websites broke the law, companies could be on the hook for decades or even hundreds of years. billions of dollars.

Leave a Comment