A federal district court applying Washington law recently found that there was no coverage for violations of the Video Privacy Protection Act (VPPA) under a commercial general liability (CGL) policy. The policy excluded coverage for a personal or advertising injury in connection with the violation of statutes that address “the sending, transmitting or communicating of any material or information, by any means whatsoever.” National Union Fire Insurance Co. of Pittsburgh, PA v. Coinstar, Inc., No. C13-1014-JCC (U.S.D.C. W.D. Wash. February 28, 2014). The court found that this Violation of Statutes exclusion operates to bar coverage for suits alleging violation of any statute dealing with consumers’ personally-identifiable information.
The VPPA Suit
In this case, the policyholder operated DVD-vending machines in locations across the United States. Companies that operate video rental or sale businesses are prohibited under the federal VPPA from disclosing “personally identifiable information” collected regarding consumers without the consumer’s prior informed, written consent. Personally identifiable information includes only “information which identifies a person as having requested or obtained specific video materials or services from a video tape service provider.” In addition, these businesses are prohibited from retaining personally identifiable information longer than necessary.
The policyholder’s DVD rental machines collected consumer names, credit card information, and information regarding what movie had been rented each time it rented a movie to a consumer. A putative class filed suit under the VPPA against the policyholder in Sterk v. Redbox Automated Retail, LLC, for allegedly (1) improperly retaining names, billing and contact information, credit card details, and video viewing histories from consumers for an indefinite time; and (2) not seeking informed, written consent from consumers before allegedly disclosing personally-identifiable information to marketers and advertisers. The federal district court found that the alleged disclosure of personally identifiable information to a third-party vendor fell within one of the VPPA’s limited exceptions to liability for disclosure, but an appeal of that ruling to the United States Court of Appeals for the Seventh Circuit remains pending.
The Coverage Action
After being sued in the putative class action, the policyholder tendered the suit to its CGL insurer, seeking coverage under personal injury and advertising injury coverage for injury allegedly arising from “[o]ral or written publication, in any manner, of material that violates a person’s right of privacy.” The insurer denied coverage and instituted a declaratory judgment action to resolve the dispute. In the ensuing coverage litigation, the U.S. District Court for the Western District of Washington agreed that the policy afforded no coverage as a result of the application of the Violation of Statutes exclusion.
The exclusion at issue precluded coverage for “any loss, injury, damage, claim, suit, cost or expense arising out of or resulting from, caused directly or indirectly, in whole or in part by, any act that violates any statute . . . that addresses or applies to the sending, transmitting or communicating of any material or information, by any means whatsoever.” The court recognized that the underlying plaintiffs alleged that retention of the customer information and its disclosure to third-parties violated the VPPA, and that the VPPA is a statute “which prohibits a ‘video tape service provider’ from disclosing [to any person] ‘personally identifiable information’ about one of its consumers.” The VPPA’s sole purpose, according to the court, is to protect the privacy of consumers by prohibiting “video tape service providers” from disclosing personal information about consumers. Accordingly, the court determined that the claim for violation of the VPPA fell squarely within the exclusion.
The court rejected the policyholder’s attempts to “avoid the plain reach” of the exclusion by pointing to earlier versions of it that specifically prohibited communications directly with consumers such as those under the Telephone Consumer Protection Act (TCPA) and the CAN-SPAM Act. These versions of the exclusion were not a part of the policy at issue, and the court found them to be irrelevant. Further, the court noted, the previous version of the exclusion also excluded coverage for violation of any statute “that prohibits or limits the sending, transmitting, communicating or distribution of material or information.” The policyholder also argued that the insurer’s reading of the exclusion could apply to virtually any statute, including trademark and copyright statutes, and thus rendered coverage illusory. The court rejected this argument, stating that application of the exclusion to the VPPA would not render coverage illusory, the trademark and copyright statutes did not “directly address” the sending, transmitting, or communicating of information, and that the policyholder’s construction ignored the plain terms of the exclusion.
The court’s decision confirms the broad reach of the Violation of Statutes exclusion, which previously has been applied to claims under statutes such as the TCPA and the CAN-SPAM Act, but which excludes coverage for any act that allegedly violates any statute, ordinance, or regulation that addresses or applies to the sending, transmitting, or communicating of material or information. Under this decision, there would be no coverage for any violation of statute governing disclosure of consumers’ personally-identifiable information.