Privacy & Information Security Law Blog

On March 11, 2011, Virginia resident Peter Comstock filed a class action complaint against Netflix, Inc. in the United States District Court for the Northern District of California.  According to the complaint, Netflix “tracks its users’ viewing habits with respect to both videos watched over the Internet...and physical movies ordered through the Internet and watched at home,” while encouraging “subscribers to rank the videos they watch.”  The complaint alleges that Netflix’s practice of maintaining customer movie rental history and recommendations, “long after subscribers cancel their Netflix subscription,” violates the federal Video Privacy Protection Act (“VPPA”), and California’s Customer Records Act and Unfair Competition Law.  In addition, the complaint alleges that Netflix’s failure to properly store user information and its sale of customer data to third parties led to its unjust enrichment and a breach of its fiduciary duty.  Comstock and the putative class are seeking both an injunction to stop Netflix’s current practices and monetary damages.

Specifically, the complaint alleges that under the VPPA, Netflix must destroy personally identifiable information as soon as practicable, but no later than one year after the information is no longer necessary for its collected purpose.  Further, the complaint alleges that “Netflix violated...[California’s Unfair Competition Law] by failing to inform its subscribers...that it would retain their personally identifiable information and video programming viewing histories indefinitely.”

This most recent complaint mirrors a January 26, 2011 lawsuit, also filed in the Northern District of California, that alleges the same violations of law.  In 2010, another class action lawsuit and a Federal Trade Commission inquiry prompted Netflix to halt the release of its customer data pursuant to a contest the company had designed to improve its movie recommendation algorithm.