Vizio’s woes continue over charges that the company installed software on smart TVs and collected viewing data on millions of consumers without their knowledge and consent.

Earlier this year, the company reached a deal with the Federal Trade Commission and the New Jersey Attorney General, requiring Vizio to pay $2.2 million and change its practices.

Now, Vizio must face a consumer class action alleging the company violated the Video Privacy Protection Act, a California federal court judge has ruled. The company moved to dismiss the consolidated litigation brought by six plaintiffs on the grounds that Congress never intended for the VPPA to apply to electronics manufacturers and that data allegedly collected about users did not constitute “personally identifiable information” protected by the statute.

As the information collected by the company on the smart TVs included zip codes, MAC addresses, IP addresses, and product model numbers, along with viewing data points about consumers, the plaintiffs characterized the information as highly personal.

U.S. District Court Judge Josephine L. Staton sided with the plaintiffs.

The VPPA establishes liability for a “video tape service provider,” defined as “any person, engaged in the business, in or affecting interstate or foreign commerce, of rental, sale, or delivery of prerecorded video cassettes tapes or similar audio visual materials.” The court had little trouble finding Vizio satisfied this definition.

Pointing to the “plain text of the statute,” the court explained that Congress used a disjunctive list of activities that “unmistakably indicates Congress intended to cover more than just the local video rental store.” The use of the phrase “similar audio visual materials” strengthens this reading and demonstrates that “the definition is medium-neutral; the defendant must be in the business of delivering video content, but that content need not be in a particular format,” the court added.

“Plaintiffs allege that Vizio has developed a product intimately involved in the delivery of video content to consumers, has created a supporting ecosystem to seamlessly deliver video content to consumers (including entering into agreements with content providers), and has marketed its product to consumers as a ‘passport’ to this video content,” the court wrote, finding that the plaintiffs qualified as “consumers” under the statute because they paid for Vizio’s applications.

Judge Staton also determined that the data collected by Vizio constituted PII under the VPPA. Again she noted that since Congress used a disjunctive list (using the word “includes”), it contemplated “that the Act would protect more than just a person’s name or physical address.”

However, the court stressed the posture of this case. “Ultimately, Plaintiffs will have to demonstrate that Vizio’s disclosures are ‘reasonably and foreseeably likely to reveal’ what video content Plaintiffs have watched,” the judge said. “But this is a factual inquiry ill-suited for resolution on a motion to dismiss.”

The court denied Vizio’s motion to dismiss with regard to the VPPA claims, but did toss claims under the Wiretap Act, California’s False Advertising Law, and Invasion of Privacy Act, albeit with leave to amend.

To read the order in In Re: Vizio, Inc., Consumer Privacy Litigation, click here.

Why it matters: The California federal court ruling is the latest decision that applies a 1988 statute to 21st Century technology. While some courts have ruled the law was meant to be flexible and found it can be used to sue app manufacturers, others—such as a Georgia federal court—have held the VPPA did not apply to a free app.