Chick-Fil-A Hit With Privacy Lawsuit Over Video Data Collection

The Chick-fil-A logo on a restaurant.

Photo: Sheila Fitzgerald (Shutterstock)

While Chick-fil-A served you sandwiches, it also served data to Facebook’s parent company, Meta. Aaccording to a new trial filed Sunday, the fast food chain did so in a way that violated one of the only federal privacy laws in the United States.

Chick-fil-A has been releasing bizarre animated videos during the Christmas season for the past four years called “The Evergreen Hills Stories.” We’ve posted a seven-minute sample below, which you can watch if you’re crazy. These budget vacation masterpieces are available on YouTube, or you can check them out on Chick-fil-A’s dedicated website, evergreenhills.com. This website has caught the attention of privacy lawyers because of the way it tracks and shares The data.

Like hundreds of millions of other websites, evergreenhills.com incorporates a Metapixel, a tracker that sends data about people who visit the site to the social media company. Companies like Chick-fil-A use this information to retarget people with advertisements and measure how well advertising campaigns are working. The Pplaintiffs allege that Chick-fil-A violated a law called the Video Privacy Protection Act (VPPA), which states that you cannot share personally identifiable information about people’s video audience without their consent.

The metapixel does not typically collect your name, phone number, or home address, but does collect unique identification numbers that the social media company uses to identify you and target you with advertisements. According to privacy advocates, this obviously meets the criteria for personally identifiable information, because this is information that identifies you individually. But aggrieved Chick-fil-A customers will have to make that argument to the judge.

The Snow Globe | Evergreen Hills Stories | Created by Chick-fil-A

Chick-fil-A did not immediately respond to a request for comment. The privacy policy of evergreenhills.com states that the company collects information about its visitors and may share that information with Facebook and other social media companies.

Contrary to popular belief, there are virtually no privacy laws in the United States, especially at the federal level. The few state data privacy laws, such as the California Consumer Privacy Act, give you certain rights after the data is collected, but they generally require companies to obtain your consent.

But when there is video, you enter a legal gray area.

The VPPA is an arcane 1988 law intended to protect information about videotape rentals called the Video Privacy Protection Act (VPPA), drafted after the press leaked a list of Supreme Court nominee Robert’s movie viewing habits. Bork.

three and a half decades later this law may land Chick-fil-A in the fryer, with a growing list of basically all the companies on the planet which shows videos online.

The VPPA states that “videotape service providers” (or anyone offering similar services) may not disclose personally identifiable information about the videos you watch without your informed, written consent. If a company shares your data in violation of the law, they owe you $2,500, not including any punitive damages and attorneys’ fees. When there is a class action lawsuit involving thousands or millions of potential victims, that money quickly adds up.

However, it is unclear whether the structure of the Internet falls under Reagan-era privacy law. The multi-million dollar question is how the courts will define “personally identifiable information”.

Chick-fil-A is in good company. There has been an absolute explosion of class action lawsuits filed for alleged violations of the VPPA over the last year or so. In October, Bloomberg Law identified 47 different lawsuits, a number that has only grown since, filing complaints against companies including NBA, GameStop, CNN, BuzzFeed and Dotdash Meredith, owner of People Magazine. It almost seems like lawyers are scouring the web looking for more websites to sue. It’s like a meme for lawyers.

Reading the text of the law, it seems clear that sending video viewing data that allows a company to identify you is in the spirit of what Congress wanted to protect in the 80s. But if that’s true, the chicken is gonna hit the fan. This kind of data sharing is just like the way the internet works (which is unfortunate for anyone who likes not to be spied on). Metapixels and similar tracking tools exist on virtually every website you visit. If each of these websites with videos broke the law, the companies could be held liable for tens or even hundreds of years. Billions of dollars.

Leave a Comment