In a recent decision—Mollett, et al. v. Netflix, Inc., No. 12-17045—the Ninth Circuit Court of Appeals held that Netflix cannot be held liable under the Video Privacy Protection Act (“VPPA”) for displaying recently-viewed content on the TV screen.

The plaintiffs, two Netflix subscribers, filed a class action in the Northern District of California alleging that Netflix had violated the VPPA or California’s state law equivalent (Cal. Civ. Code § 1799.3) by displaying recently-viewed content automatically after a subscriber signs in, which could be viewed by a third party such as the subscribers’ family, friend, or a guest of the household. The district court dismissed plaintiffs’ complaint for failure to state a claim, and plaintiffs appealed.

The Ninth Circuit affirmed the District Court’s ruling, finding that the display of recently-viewed content constituted a permissible disclosure “to the consumer” since it was only disclosed to a person who typed in the correct password, which theoretically should only be the consumer or a person to whom the consumer has given his or her password. The fact that nearby third parties might access the subscriber’s account did not alter the legal status of Netflix’s disclosures because “[t]he lawfulness of [the] disclosure cannot depend on circumstances outside of Netflix’s control.” To hold otherwise would convert the VPPA from a “prohibition on unlawful disclosure to a requirement of secure disclosure—an outcome plainly not supported by the VPPA’s text.” The court also affirmed the district court’s dismissal of plaintiffs’ California state law claims on the same grounds in light of the similarities between the two statutes.

This opinion clarifies that once protected information is provided to the consumer, it is then the consumer’s burden to protect his or her personal information.