Online Streaming: What Makes a Customer? featured image

Online Streaming: What Makes a Customer?

by John DiGiacomo

Partner

Revision Legal

Music-streaming services allow their subscribers to rent music through the Internet rather than purchase albums. Services such as Apple Music and Tidal charge a membership fee and often have exclusive music deals with certain artists. Other services, like Pandora and Spotify, allow users to subscribe for free and listen to music with occasional advertisements. Despite the free subscription, some consumers pay for commercial-free streaming, even though they aren’t able to download the music.

Pandora, in particular, allows subscribers to create playlists based on a musical genre or specific artist. However, users may not select specific songs. Rather, Pandora streams music and the listener can indicate whether they like or dislike each individual song that plays. Based on the listener’s selections, Pandora modifies the playlist to suit the listener’s preference.

Do Music Subscribers Have Privacy Rights?

Under the Preservation of Personal Privacy Act (PPPA), a person involved in the business of selling, renting, or lending sound recordings may not release information that indicates the customer’s identity. This includes the customer’s purchase, lease, rental, or borrowing of those recordings.

In 2011, Peter Deacon sued Pandora. He claimed that it violated the PPPA when it made his profile page available to the public and integrated the profile with his Facebook account. Deacon stated that because the profile included information about his music preferences, it violated his personal privacy. However, only a customer may claim a violation under the PPPA. Further, the act defines a customer as a person who purchases, rents, or borrows. The Court held that Deacon was not a customer, despite his use of Pandora for free music streaming, because both renting and borrowing often require an exchange of payment. Therefore, Deacon needed to have a paid subscription to claim a violation of the PPPA.

Internet-based services are becoming more widespread in today’s society. Consumers should be aware of how those services my affect their privacy. Chief Justice Young noted that Deacon’s case required applying a rarely used statute to new technology that did not exist at the time the statute was created, which brings up the question of whether this statute, among other privacy laws, should be amended to protect the users of internet-based technology.

For more information about privacy, contact Revision Legal’s team of experienced internet attorneys through the form on this page or call 855-473-8474.

 

Image courtesy of Flickr user g4ll4is

Privacy Rights, Streaming Services, and the Evolving Consumer Protection Landscape

The Deacon v. Pandora case turns on a deceptively simple question that will grow more important as subscription and freemium services expand: what is a customer for purposes of personal privacy statutes, and does a free-tier user of an internet service have enforceable privacy rights?

The PPPA and Its Digital Limitations

Michigan’s Preservation of Personal Privacy Act (MCL § 445.1711 et seq.) was enacted in 1988, well before streaming music existed. The statute’s protection for a customer’s purchase, lease, rental, or borrowing of sound recordings reflects a brick-and-mortar paradigm. The Michigan Supreme Court’s holding in Deacon v. Pandora — that a free-tier user who does not pay for the service is not a customer — exposes a gap in privacy protection that legislators have since begun to address. In 2016, Michigan amended the PPPA to extend its protections in certain respects, and advocacy groups have pushed for broader amendments to cover freemium and ad-supported models.

The Video Privacy Protection Act: A Cautionary Tale for Streaming Services

The federal Video Privacy Protection Act (VPPA), 18 U.S.C. § 2710, prohibits video tape service providers from knowingly disclosing personally identifiable information concerning any consumer to third parties without prior written consent. Class actions have been filed against major streaming services, news sites with video content, and apps that embedded video players, alleging that sharing viewing history data with advertising pixels — particularly the Meta Pixel — constitutes unlawful disclosure under the VPPA. Statutory damages are $2,500 per violation, a figure that multiplies catastrophically in class actions with millions of affected users.

Data Sharing with Third-Party Advertisers

Even where a freemium user is not protected by a specific statutory scheme, the service provider’s data sharing practices must comply with the FTC Act’s prohibition on unfair or deceptive practices, the California Consumer Privacy Act (CCPA), and the operator’s own privacy policy. If a privacy policy states that personal listening data will not be shared with third parties, and the company then shares it through advertising technology, it faces FTC enforcement exposure and private CCPA claims. The CCPA grants California consumers the right to know what personal information is collected and sold, to opt out of the sale of their personal information, and to obtain deletion of collected data. Similar rights now exist under the laws of Virginia, Colorado, Texas, Washington, and other states.

What Streaming Services Must Do to Protect User Privacy

  • Conduct a data mapping exercise to identify every category of user data collected, every third party data is shared with, and the legal basis for each sharing arrangement.
  • Draft a compliant privacy policy that accurately describes your data collection and sharing practices.
  • Implement CCPA and state law opt-out mechanisms — if your service has California users, you must provide a conspicuous Do Not Sell or Share My Personal Information link and honor opt-out requests within 15 business days.
  • Audit your advertising pixels before deploying tracking pixels to assess whether they capture and transmit viewing or listening history data that could constitute a VPPA or PPPA violation.

If you operate a streaming service or consumer-facing application and need to assess your data privacy obligations, Revision Legal’s internet attorneys can help. Contact us through the form on this page or call 855-473-8474.

The Future of Consumer Privacy Law for Digital Services

The Deacon v. Pandora decision highlighted a gap between the scope of Michigan’s PPPA and the reality of internet-based services. That gap has been closing steadily as state legislatures update privacy statutes and as federal proposals for a comprehensive national privacy law have gained traction. For operators of digital services — whether streaming, social media, e-commerce, or content publishing — the direction of travel in consumer privacy law is clear: the obligations are expanding, the definition of covered personal information is broadening, and the consequences of noncompliance are increasing. Businesses that treat privacy compliance as a checkbox exercise, or that rely on privacy policies drafted years ago without updating them to reflect new services or new legal requirements, are accumulating regulatory and litigation risk that will eventually come due. The smart approach is proactive: conduct regular privacy audits, update your data practices and disclosures in tandem, and treat your privacy program as a living element of your business operations rather than a one-time legal task. Revision Legal’s internet attorneys help digital businesses build and maintain privacy programs that are designed to satisfy current legal requirements and that can adapt as the law continues to evolve. If your business collects personal information from users in Michigan or any other state, contact us through the form on this page or call 855-473-8474 to discuss how we can help.

Emerging State Privacy Laws and What They Mean for Streaming Businesses

The patchwork of state privacy laws continues to expand beyond California’s CCPA and CPRA. Virginia’s Consumer Data Protection Act (CDPA), effective January 2023, grants Virginia residents rights to access, correct, delete, and opt out of the sale of their personal data. Colorado’s Privacy Act, Texas’s Data Privacy and Security Act, and similar statutes in a growing number of states each establish similar rights with some variations in scope and enforcement mechanisms. For a streaming or digital media business, the practical implication is that a privacy compliance program designed solely around California law is likely insufficient. Any business with users distributed across multiple states needs a privacy program that identifies the applicable state law for each category of user, maps data processing activities to the relevant legal basis required under each applicable law, and implements technical mechanisms to honor the different rights granted by different state statutes. As the number of state privacy laws continues to grow, building a privacy program on a federal floor — rather than state-by-state compliance — becomes increasingly important, even in the absence of a comprehensive federal privacy statute. Revision Legal helps digital businesses navigate this complex and evolving legal landscape. Contact us through the form on this page or call 855-473-8474.

Extra, Extra!
Related Posts

Top Legal Issues an Internet Lawyer Can Help Your Online Business Solve

Top Legal Issues an Internet Lawyer Can Help Your Online Business Solve

Revision Legal

Running an online business has never been more accessible — but the legal risks that come with it are just as real as those facing any brick-and-mortar operation, and often more complex. A website, a social media presence, and a digital product catalog create exposure across privacy law, intellectual property, consumer protection, and online reputation […]

Read more about Top Legal Issues an Internet Lawyer Can Help Your Online Business Solve

5 Reasons to Hire an Internet Lawyer Before Launching Your E-Commerce Website

5 Reasons to Hire an Internet Lawyer Before Launching Your E-Commerce Website

Revision Legal

Launching an e-commerce website involves far more than choosing a platform, uploading products, and opening for business. From the moment you start collecting customer data to the first sale you process, your business is subject to a complex web of federal and state regulations. Mistakes made at launch — incomplete disclosures, unenforceable terms, unregistered trademarks […]

Read more about 5 Reasons to Hire an Internet Lawyer Before Launching Your E-Commerce Website

How Strong Are Your Terms and Conditions? Legal Gaps E-Commerce Owners Miss

How Strong Are Your Terms and Conditions? Legal Gaps E-Commerce Owners Miss

Revision Legal

Most e-commerce businesses invest heavily in acquiring customers — paid ads, SEO, influencer campaigns — but give almost no attention to the legal documents that govern what happens after a customer lands on their site. Terms and conditions are not a formality. They are a contract. When they are vague, outdated, or copied from another […]

Read more about How Strong Are Your Terms and Conditions? Legal Gaps E-Commerce Owners Miss

Put Revision Legal on your side

Let's Discuss Your Case