By Tanner Bowen
Tanner Bowen is a sophomore at the University of Pennsylvania studying business.
In recent American politics, most citizens have experienced a heightened sense of uneasiness about the development of technology and the extent to which the government can obtain and retain their personal information. A prime example of this tension took place earlier this year, when Senator Rand Paul (R-KY) decided to filibuster the soon-to-expire Patriot Act, a law first passed after 9/11 which extended the government’s ability to monitor citizens in its efforts to combat terrorism.  However, the public’s concern over invasions of its privacy isn’t just limited to the behavior of the government. With the growth of numerous technology-driven entertainment sectors, corporations are now coming under attack for the ways in which they handle personal data.
One particular effort to control companies’ actions is the Video Privacy Protection Act. This legislation arose following the 1987 Supreme Court confirmation hearing of Judge Robert Bork, during which his personal movie rental data was released to the public.  The Act restricts video service providers’ retention and disclosure of a consumer’s personal information.  The retention component specifies that the corporation must destroy all of its information about a customer within one year after he or she stops using the company’s services. This last point in particular has yielded interesting rulings from a few of the Circuit Courts.
The most recent case brought under the Video Privacy Protection Act is Rodriguez v. Sony Computer Entertainment America, LLC. This case originated when Sony Computer, a video service provider, allegedly violated the Act by storing the plaintiff’s information and failing to destroy it after the one-year period after the end of his use of the service. After Sony’s PlayStation Network updated its policies in 2010, Rodriguez decided to stop using the video streaming services. Despite this, he alleged that Sony had stored his video rental information and distributed it to other Sony entities.
In its ruling, the Ninth Circuit Court of Appeals dismissed Rodriguez’s claims as lacking standing to privately enforce the retention requirements of the Video Privacy Protection Act. The Court looked at the Seventh Circuit’s opinion in Sterk I, where the plaintiff had sued Redbox for retaining his personal information but that Court dismissed his claim.  The rationale for the dismissal of both claims was based upon poor language employed by Congress when writing the statute. Essentially, the language was so ambiguous that the courts were not sure as to the scope of relief that was available. Eventually, the reasoning was developed that because subsection (c) (establishing right of action for unlawful disclosure) appears before the prohibitions and subsections (d) and (e) (talking about retention), then only relief for unlawful disclosure is enforceable.
However, the Ninth Circuit went farther into its analysis than just the sequential ordering of the subsections. It argued that because retention does no physical injury to the plaintiffs, no relief should be given to them. Thus, as long as a corporation does not do anything with this personally identifiable information, even if it holds the data beyond the one-year statute of limitations, no foul has been committed.
Furthermore, Rodriguez had also brought an unlawful disclosure claim, but this was quickly dismissed as well. In fact, there are numerous exceptions to the Act where the corporation would not be liable. The one that applied to this case was the exemption for disclosure made “incident to the ordinary course of business of the video tape service provider.”  This instance fell under the exception due to the disclosure occurring as a result of the transfer of ownership, which happened when Sony Computer transitioned to Sony Network.
Reading this opinion may leave readers feeling uneasy about the legal precedent this ruling establishes. Particularly, individuals who do not wish to have their information indefinitely stored may conclude that the US court system has given the green light to corporations to store data past the destruction deadline so long as they do not do so with malicious intent. With the ever-conflicting views of privacy law within the United States, the courts will continue to play a larger role in just how secure we can feel with our information in the hands of others.
 Neuman, Scott. “Sen. Rand Paul Stages ‘Filibuster’ To Protest Patriot Act.” NPR. May 21, 2015. Accessed September 10, 2015.
 Dolan, Michael. “Borking Around.” New Republic. December 20, 2012. Accessed September 10, 2015.
 18 U.S Code § 2710. LII. January 10, 2013. Accessed September 10, 2015.
 “Seventh Circuit Limits Damages Recovery under the VPPA.” HL Chronicle of Data Protection. March 28, 2012. Accessed September 10, 2015.
 18 U.S. Code § 2710
Photo Credit: Flickr User Marilyn M
The opinions and views expressed through this publication are the opinions of the designated authors and do not reflect the opinions or views of the Penn Undergraduate Law Journal, our staff, or our clients.