United States District Court, D. Massachusetts
May 15, 2015
ALEXANDER YERSHOV, individually and on behalf of all others similarly situated, Plaintiff,
GANNETT SATELLITE INFORMATION NETWORK, INC., dba USA TODAY, Defendant
For Alexander Yershov, individually and on behalf of all others similarly situated, Plaintiff: Benjamin H. Richman, J. Dominick Larry, PRO HAC VICE, Edelson P.C., Chicago, IL; Erica C Mirabella, Boston, MA.
For Gannett Satellite Information Network, Inc., doing business as USA Today, Defendant: Heather B. Repicky, LEAD ATTORNEY, Nutter, McClennen & Fish, LLP, Boston, MA; Jacob A. Sommer, LEAD ATTORNEY, PRO HAC VICE, Zwillinger Genetski LLP, Washington, DC; Jeffrey G. Landis, Marc J. Zwillinger, LEAD ATTORNEYS, PRO HAC VICE, ZwillGen PLLC, Washington, DC.
MEMORANDUM AND ORDER ON DEFENDANT'S MOTION TO DISMISS
F. Dennis Saylor, IV, United States District Judge.
This is a putative class action arising out of the Video Privacy Protection Act (" VPPA" ), 18 U.S.C. § 2710. The VPPA, among other things, prohibits the disclosure of " personally identifiable information" of certain consumers of video services. Plaintiff Alexander Yershov has filed suit against defendant Gannett Satellite Information Network, Inc.
Gannett publishes a print and on-line newspaper called USA Today. Gannett has also created a mobile app, called the " USA Today App," that is designed to run on smartphones and other mobile devices, and that permits readers to view the on-line version of the newspaper. Viewers using the App can access video clips on various news, sports, and entertainment topics. Plaintiff alleges that defendant discloses " personally identifiable information" every time a person uses the USA Today App to watch video clips. Specifically, plaintiff alleges that every time a user of the App watches a video, the unique identification number of the user's smartphone is provided to a third-party data-analytics company. Plaintiff contends that by doing so, Gannett violates the VPPA.
On September 19, 2014, defendant filed a motion to dismiss pursuant to Fed.R.Civ.P. 12(b)(1) for lack of subject-matter jurisdiction and Fed.R.Civ.P. 12(b)(6) for failure to state a claim. For the following reasons, defendant's motion will be granted.
A. The USA Today App
Gannett Satellite Information Network, Inc., is based in McLean, Virginia. (Compl. ¶ 6). Gannett is a media company that produces news and entertainment programming. ( Id. ¶ 1). It distributes that content to consumers through a variety of media, including its flagship newspaper, USA Today. ( Id. ). In addition to the print edition of USA Today, Gannett offers content through websites and mobile software applications. ( Id. ). One of Gannett's mobile applications is the USA Today App. ( Id. ¶ 2).
The USA Today App is a mobile software application that allows individuals to access news and entertainment media content. ( Id. ¶ 9). It is available for installation on Android mobile devices, among others. ( Id. ). Android is a mobile device operating system developed by Google. ( Id. ¶ 1 n.1). Smartphones made by a variety of companies, including HTC and Samsung, use the Android operating system. ( Id. ). Users can install the USA Today App on an Android device by visiting the Google Play Store, the on-line media platform operated by Google. ( Id. ¶ 10). Once installed, the App allows users to view articles and video clips organized into sections, such as news and sports. ( Id. ¶ 12). Prior to using it for the first time, the App requests permission from users to " push" notifications on their device. ( Id. ¶ 10). The App does not otherwise seek a user's consent to disclose personal information to third parties for any purpose. ( Id. ¶ 11).
There is no charge to install the App or to view video clips after installation. ( See Compl. ¶ ¶ 9-11 (citing USA Today, Google Play, https://play.google.com/store/apps/ details?id=com.usatoday.android.news& hl=en (last visited July 2, 2014))). There is no registration requirement (such as a requirement that the user provide a name and e-mail contact). ( See id. ). After responding to the request for permission to " push" notifications, the user is not required to provide any other information in order to use the App. ( See id. ).
B. Alleged Transmittal of PII
The complaint alleges that each time users view video clips on the App, it sends a record of the transaction to Adobe Systems, Inc., an unrelated company that, among other things, performs third-party data-analytics. ( Id. ¶ 13). Along with the record of the transaction, the App sends a user's GPS coordinates and the Android device's unique identification number (the " Android ID" ). ( Id. ¶ 13). The Android ID is a " 64-bit number (as a hex string) that is randomly generated when the user first sets up the device and should remain constant for the lifetime of the user's device." ( Id. ¶ 13 n.3 (citing Settings.Secure, Android Developers, http://developer.android.com/reference/android/provider/Settings.Secure.html#Android_ID)). Android IDs are unique to specific devices and users. ( Id. ¶ 16). It is not precisely clear what the " record of the transaction" includes, but it appears from the complaint that it includes an identification of the video watched by the user. ( See id. ¶ ¶ 42, 54, 57).
According to the complaint, Adobe " collects an enormous amount of detailed information about a given consumer's online behavior (as well as unique identifiers associated with a user's devices) from a variety of sources." ( Id. ¶ 20). " Once Adobe links a device's Android ID with its owner, it can then connect new information retrieved from Android apps--including the USA Today App--with existing data in the person's profile (which was previously collected by Adobe from other sources)." ( Id. ¶ 22). Therefore, when Adobe receives an individual's Android ID and the record of the video transaction from USA Today App, it is able to connect that information with information collected from other sources " to personally identify users and associate their video viewing selections with a personalized profile in its databases." ( Id. ¶ 29).
According to the complaint, Alexander Yershov downloaded and began using the USA Today App on his Android device in late 2013. ( Id. ¶ 39). He never consented to allowing USA Today to disclose his " personally identifiable information" to third parties. ( Id. ¶ 40).
The complaint alleges that " the combination of his device's unique Android ID and the records of videos that [Yershov] viewed . . . constitutes 'personally identifiable information' . . . because it allows Adobe to identify users such as Yershov, and to attribute their video-viewing records to their Adobe-created profiles." ( Id. ¶ 57).
C. Procedural Background
Plaintiff filed the complaint in this action on July 24, 2014, alleging a violation of the Video Privacy Protection Act, 18 U.S.C. § 2710. (Compl.). The complaint is a putative class action; the class is defined as " [a]ll persons in the United States who used the USA Today App to watch videos and had their PII transmitted to Adobe." ( Id. ¶ 43). The complaint alleges that all such class members " have had their statutorily defined right to privacy violated." ( Id. ¶ 62).
Defendant has moved to dismiss for failure to state a claim upon which relief can be granted.
II. Legal Standard
On a motion to dismiss, the Court " must assume the truth of all well-plead[ed] facts and give . . . plaintiff the benefit of all reasonable inferences therefrom." Ruiz v. Bally Total Fitness Holding Corp., 496 F.3d 1, 5 (1st Cir. 2007) (citing Rogan v. Menino, 175 F.3d 75, 77 (1st Cir. 1999)). To survive a motion to dismiss, the complaint must state a claim that is plausible on its face. Bell A. Corp. v. Twombly, 550 U.S. 544, 570, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007). That is, " [f]actual allegations must be enough to raise a right to relief above the speculative level, . . . on the assumption that all the allegations in the complaint are true (even if doubtful in fact)." Id. at 555 (citations omitted). " The plausibility standard is not akin to a 'probability requirement,' but it asks for more than a sheer possibility that a defendant has acted unlawfully." Ashcroft v. Iqbal, 556 U.S. 662, 678, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009) (quoting Twombly, 550 U.S. at 556). Dismissal is appropriate if the facts as alleged do not " possess enough heft to show that plaintiff is entitled to relief." Ruiz Rivera v. Pfizer Pharms., LLC, 521 F.3d 76, 84 (1st Cir. 2008) (alterations omitted) (internal quotation marks omitted).
The Video Privacy Protection Act (" VPPA" ), 18 U.S.C. § 2710, was enacted in 1988. Congress passed the VPPA after a " newspaper in Washington published a profile of [Supreme Court nominee and D.C. Circuit] Judge Robert H. Bork based on the titles of 146 films his family had rented from a video store." S. Rep. 100-599, 2d Sess. at 5 (1988), reprinted in 1988 U.S.C.C.A.N. 4342.
Among other things, the VPPA prohibits " video tape service providers" from " knowingly disclos[ing], to any person, personally identifiable information concerning any consumer of such provider" without the consumer's informed, written consent. 18 U.S.C. § 2710(b). The statute has three relevant definitions:
o the term " video tape service provider" means " any person, engaged in the business, in or affecting interstate or foreign commerce, of rental, sale, or delivery of prerecorded video cassette tapes or similar audio visual materials . . . ," 18 U.S.C. § 2710(a)(4);
o the term " personally identifiable information" " includes information which identifies a person as having requested or obtained specific video materials or services from a video tape service provider," 18 U.S.C. § 2710(a)(3); and
o the term " consumer" " means any renter, purchaser, or subscriber of goods or services from a video tape service provider." 18 U.S.C. § 2710(a)(1).
For present purposes, at least, defendant does not contest that it fits within the statutory definition of a " video tape service provider."  Defendant contends, however, that the complaint should be dismissed because (1) defendant did not disclose " personally identifiable information" within the meaning of the statute, (2) plaintiff is not a " consumer" within the meaning of the statute, and (3) plaintiff lacks standing because he has not pleaded an injury in fact.
A. Personally Identifiable Information
As noted, the VPPA prohibits " video tape service providers" from disclosing " personally identifiable information" (" PII" ) concerning a " consumer" to third parties. 18 U.S.C. § 2710(b). The complaint alleges that each time users view video clips on the USA Today App, defendant sends a record of the transaction along with the user's GPS coordinates and the Android ID for the user's device. The first issue is whether that information sent to Adobe qualifies as " personally identifiable information."
Any statutory analysis begins with the text of the statute. To some extent, of course, this exercise involves an attempt to place a square peg (modern electronic technology) into a round hole (a statute written in 1988 aimed principally at videotape rental services). Nonetheless, the statute says what it says, and the place to begin is with the words themselves. Again, the VPPA provides that " personally identifiable information" includes " information which identifies a person as having requested or obtained specific video materials or services from a video tape service provider." 18 U.S.C. § 2710(a)(3). Those words must be interpreted in " context and with a view to [their] place in the overall statutory scheme." Davis v. Michigan Dept. of Treasury, 489 U.S. 803, 809, 109 S.Ct. 1500, 103 L.Ed.2d 891 (1989). Here, the statute provides at least two clues as to the meaning of the term.
First, the statute permits disclosure of PII under five specific circumstances. 18 U.S.C. § 2710(b)(2). One of those circumstances is that disclosure may be made " to any person" if " the disclosure is solely of the names and addresses of consumers," but only if the consumer has had an opportunity to prohibit that disclosure, and if the disclosure does not identify the " title, description, or subject matter of the video."  Id. § 2710(b)(2)(D). That suggests (1) that a consumer's name and address are both PII, and (2) that the universe of PII is greater than the consumer's name and address.
Second, the list of statutory definitions uses the word " means" in three out of four instances (in other words, the definitions are formatted to provide that the term " x" means " y" ). See 18 U.S.C. § 2710(a)(1), (2), (4). As to PII, however, the statute provides that " the term 'personally identifiable information' includes information which identifies a person . . . ." Id. § 2710(a)(3) (emphasis in original). This suggests that the statutory term may have a broader definition than what is provided in the text, which may be a mere example of a possible form of PII.
With that framework in mind, the Court turns to the question whether the information sent to Adobe constitutes PII. When a user requests a video clip, Gannett discloses three kinds of information: (1) a record of the transaction (presumably, information concerning the precise video selected for viewing); (2) the user's GPS coordinates (that is, the precise location of the user); and (3) the Android ID of the user's smartphone or other device. There is no question that the information transmitted to Adobe identifies the " specific video materials or services" requested or obtained by the consumer. See 18 U.S.C. § 2710(a)(1)(3). The issue is whether that information also identifies a specific person.
Without question, a person's name, social security number, and date of birth are PII. See In re Pharmatrak, Inc., 329 F.3d 9 (1st Cir. 2003) (finding that the definition of " contents" in Electronic Communication Privacy Act encompasses " personally identifiable information such as a party's name, date of birth, and medical condition" ). Similarly, a person's home address is PII, under the statutory construction noted above and as a matter of common sense. Similar types of information, such as a place of birth, a mother's maiden name, an automobile license plate number, or a home telephone number, could also be PII under at least some circumstances; for example, celebrities and public officials often have unlisted telephone numbers and " blocked" license plate numbers in order to protect their privacy and security.
It requires no great leap of logic to conclude that the unique identifier of a person's smartphone or similar device--its " address," so to speak--is also PII. A person's smartphone " address" is an identifying piece of information, just like a residential address. Indeed, it is in many ways a more significant identifier. Smartphones typically contain " vast quantities of personal information." Riley v. California, 134 S.Ct. 2473, 2485, 189 L.Ed.2d 430 (2014). " [A] cell phone collects in one place many distinct types of information--an address, a note, a prescription, a bank statement, a video--that reveal much more in combination than any isolated record." Id. Therefore, the type of information that could be ascertained from a smartphone could potentially be devastating to an individual's privacy interests. A person with access to a smartphone's unique identifer could potentially learn a huge quantity of personal information about the user of that smartphone. Furthermore, a smartphone may be more directly connected to a specific individual that even a residential address; for example, people are much more likely to share their homes with other persons than their smartphones.
Defendant makes two principal objections to that conclusion. First, it contends that the Android ID cannot be PII because it identifies an object, rather than a human being. But that contention cannot be correct. A home address describes an object, not a person, but there can be little doubt that it is PII. Indeed, and as noted, the VPPA expressly refers to the " addresses of consumers," in a context clearly indicating that an address is PII. And that is true even though multiple persons may share a residence. The identity of an object--its unique " address," whether in the physical world or in cyberspace--can therefore constitute PII, at least under some circumstances.
Next, defendant contends that the Android ID cannot be PII because that information cannot be linked to a specific person without access to certain additional information--specifically, the information that a particular phone is used by a particular person. But that is true of every identifier other than a person's name. For example, a social security number is a string of nine numbers that only takes on meaning if it can be identified as the number of a specific person. Likewise, a date in a calendar is meaningless as an identifier, unless it is identified as a specific person's date of birth. Even a person's name may be of limited use as an identifier without further information; there may be hundreds, or thousands, of persons with the same or a similar name.
At oral argument, defendant conceded that a home address qualifies as PII even though it requires an extra step to link it to a specific person. Defendant contended, however, that home addresses qualify as PII because there are public record databases that can link home addresses to individuals, but there is no such publicly accessible database that links an Android ID to a person. Defendant therefore contended that in isolation the Android ID is a meaningless number. But the same could also be said for social security numbers. There is no publicly accessible database that links those numbers to individuals, but a social security number is nonetheless unquestionably the type of information that fits within the definition of PII.
It is also noteworthy that Gannett transmits the GPS coordinates of the user along with the Android ID. Presumably, that information would be sufficient to identify a very specific location (such as a building) from which the user viewed the video. It therefore appears possible to identify, with a relatively high degree of accuracy, the residential address of users at the same time as their Android ID. Indeed, in areas of relatively low-density housing, the GPS coordinates of the user are essentially identical to a residential address.
Finally, defendant notes that the substantial weight of authority points in the opposite direction. Of particular relevance is the Northern District of Georgia's ruling in Ellis v. Cartoon Network, Inc., 2014 WL 5023535 (N.D.Ga. Oct. 8, 2014), because its facts are very similar to the facts of the present case.
In Ellis, the court examined whether the Cartoon Network App's transmission of a user's video history along with the user's Android ID to a third party constituted a violation of the VPPA. Id. at *2. For purposes of the motion to dismiss, the court accepted that the third party was able to reverse engineer the consumer's identities from the Android ID, using information previously collected from other sources. Id. at *1. In its analysis, the court found that PII " is that which, in its own right, without more, 'link[s] an actual person to actual video materials.'" Id. at *3 (quoting In re Nickelodeon, 2014 WL 3012873, *10 (D.N.J. July 2, 2014)). The court determined that the Android ID does not identify a specific person without the third party taking extra steps. Id. As a result, it concluded that " the disclosure of an Android ID alone . . . does not qualify as personally identifiable information under the VPPA." Id. It relied on district court decisions in In re Hulu Privacy Litigation, 2014 WL 1724344 (N.D. Cal. Apr. 28, 2014), and In re Nickelodeon Consumer Privacy Litigation, 2014 WL 3012873 (D.N.J. July 2, 2014), to come to its conclusion.
The Nickelodeon case involved a class of children under the age of thirteen who sued Viacom for violating the VPPA. The case involved plaintiffs who visited " certain Viacom-owned websites and willingly provide[d] Viacom with their gender and age when they register[ed] as users of the sites." Id. at *2. When the plaintiffs went to these websites, Viacom also placed a " cookie" on their computer without their consent or that of their parents." Id. The " cookie" allowed Viacom to acquire certain information about each plaintiff, including their " 'IP address'; 'browser settings'; 'unique device identifier'; 'operating system'; 'screen resolution'; 'browser version'; and certain 'web communications,' specifically 'detailed URL . . . requests and video materials requested and obtained from Viacom children's websites." Id. at *1. Whenever registered users watched video on Viacom's websites, Viacom made a record of that activity and shared it with Google. Id. at *1-2. The court refused to credit allegations in the complaint that Viacom and Google were able to link online activity and information with offline activity and information, and thereby " identify specific users." Id. at *2 n.3. Against that backdrop, the court examined whether Viacom's disclosures to Google of " anonymous usernames; IP address; browser setting; 'unique device identifier'; operating system; screen resolution; browser version; and 'detailed URL requests and video materials requested and obtained' from the Viacom websites, requests which presumably contain" gender and age information and the title of a video, violated the VPPA. 2014 WL 3012873, at *10. The court cited the Hulu decision as holding that " PII is information that must link 'a specific, identified person and his video habits'--what the Hulu [c]ourt characterizes as any information 'akin' to a name." Id. at *10 (quoting Hulu, 2014 WL 1724344, at *12, 14). The Nickelodeon court concluded that " PII is information which must, without more itself link an actual person to actual video materials." Id. The court found that " all Google knows from the disclosure of this information . . . is 'a child's username, sex, age, type of computer,' and IP address." Id. at *11. It is not enough that " information might one day serve as the basis of personal identification after some effort on the part of the recipient" because " the same could be said for nearly any type of personal information; this [c]ourt read the VPPA to require a more tangible, immediate link." Id. Because this information in isolation did not identify a person, the court concluded that plaintiff's VPPA claim against Viacom failed. Id. at *9.
In Hulu, on a motion for summary judgment, the Northern District of California examined whether three types of disclosures by Hulu were PII. 2014 WL 1724344, at * 9. The first disclosure, to comScore, was a " watch page" URL web address that contained the video name and the Hulu user's unique seven-digit Hulu User ID. Id. Using the user ID, comScore could access a user's profile page, which listed the user's first and last name. Id. The second disclosure, to comScore, was a " comScore ID" that was unique to each registered user, which " allowed comScore to link the identified user and the user's video choices with information that comScore gathered from other websites that the same user visited." Id. The third disclosure, to Facebook, included unique identifiers that sometimes consisted of the user's IP address, the URL web address with the video name, and the user's Facebook ID. Id. The court in Hulu found that " the statute, the legislative history, and the case law do not require a name, instead require the identification of a specific person tied to a specific transaction, and support the conclusion that a unique anonymized ID alone is not PII but context could render it not anonymous and the equivalent of the identification of a specific person." Id. at *11. It therefore explained that " a unique anonymized ID could be PII if other evidence renders it the equivalent of identifying a specific person." Id. However, it also noted that case law supported a " conclusion that anonymous identification data alone is not PII." Id. In examining the three types of disclosures, the court looked at how the third party used the information. Id. at *12. The court concluded that the disclosure of the watch page URL containing the video name and a user's unique seven-digit Hulu User ID was not PII because there was no evidence that suggested any linking of a specific, identified person and his video habits. Id.. Likewise, the court concluded that the disclosure to comScore of the comScore ID was not PII on the ground that although " [t]here may be substantial tracking that reveals a lot of information about a person . . . [,] there is a VPPA violation only if that tracking necessarily reveals an identified person and his video watching." Id. Finally, the court concluded that the disclosure to Facebook of the watch page, the user's IP address, and the Facebook user ID was PII because it constituted information that identified the Hulu user's actual identity on Facebook. Id. at *13. " If the cookies contained a Facebook ID, they could show the Hulu user's identity on Facebook." Id. at *14.
The Hulu decision does not necessarily support a finding that an Android ID is not PII. The case was decided on a motion for summary judgment, and specifically noted that " a unique anonymized ID alone is not PII but context could render it not anonymous and the equivalent of the identification of a specific person." It is unclear whether the court meant that context could render it PII if other information provided in the disclosure with the anonymized ID identified a specific person, or whether context could render it PII if the third party receiving the information had independent information that helped link the ID with a specific person. No matter what it holds, it is clear that the inquiry is context-dependent. Based on the logic of the Hulu decision, it would appear that the factual record would need to be developed before concluding that an Android ID is not PII.
In any event, Nickelodeon 's conclusion that " PII is information which must, without more, itself link an actual person to actual video materials" is flawed. That conclusion would seemingly preclude a finding that a home address or social security number is PII. Surely, that cannot be correct. Therefore, because it relies on Nickelodeon and Hulu, the holding in Ellis that an Android ID is not PII is unpersuasive.
The opinions cited above seem to take an unrealistic view of the nature of personal identifiers, and how readily different databases or pieces of information can be linked together. The courts appear to frame the issue in large part by referring to these identifiers as " anonymous identifiers," which is unhelpful and possibly misleading. Again, a social security number or a date of birth, in isolation, is anonymous. However, it would be absurd to conclude that a social security number is not PII, simply because there is no publicly-available database linking those numbers with names.
Likewise, it is unrealistic to refer to PII as " information which must, without more, itself link an actual person to actual video materials." Again, that would appear to preclude a finding that home addresses, social security numbers, and dates of birth are PII. Moreover, drawing a link between the Android ID and a person's name may not be difficult. If, as alleged, Adobe collects information from the USA Today App linking an Android ID and GPS information with a specific video, and collects information from another source (such as GPS information linked to residential addresses, and residential addresses linked to names)--it would be relatively easy for Adobe to link that information to identify a person. It is also possible, of course, that third parties such as Adobe have access to databases that link Android IDs to specific persons.
In short, the information alleged disclosed to Adobe by Gannett, which consists of an Android ID and a GPS location, constitutes " personally identifiable information" within the meaning of the Video Privacy Protection Act.
B. Plaintiff Is Not a " Subscriber"
The VPPA defines a " consumer" as any " renter, purchaser, or subscriber of goods or services from a video tape service provider." 18 U.S.C. § 2710(a)(1). Plaintiff contends that he is a " subscriber" for purposes of the VPPA because he " downloaded, installed, and watched videos" using the App.
The term " subscriber" is not defined in the statute. Traditionally--and certainly as of 1988, when the statute was enacted--a " subscriber" would have been defined principally as a person who has signed up to receive a periodical or a commercial service, typically having agreed to make a regular payment. See, e.g., Webster's Ninth New Collegiate Dictionary 1176 (Frederick C. Mish, et al., eds., 1991) (defining " subscribe" as " to enter one's name for a publication or service; also: to receive a periodical or service regularly on order" ); Subscriber Definition, The Oxford English Dictionary (online ed.), http://oed.com/view/Entry/ 192954?redirectedFrom=Subscriber#eid (last visited Apr. 2, 2015) (defining " subscriber" as " a person who makes a regular payment in return for entitlement to receive a periodical, membership of a society, access to a commercially provided service, etc." ). The traditional subscription business model involves an individual making periodic payments in exchange for delivery of magazines, newspapers, or other content. See, e.g., Subscribe to Home Delivery, Boston Globe, http://services.bostonglobe.com/subscribers/homedelivery.aspx?id=5278 (last visited Apr. 14, 2015).
In the modern electronic world, subscriptions entail a broader spectrum of activity. Certain periodicals allow access (or complete access) to online content only with a subscription. See, e.g., Washington Posthttps://subscribe.washingtonpost.com/acquisition/ acquisitionapp.html#/offers/promo/digital01 (last visited Apr. 14, 2015); N.Y. Times, http://www.nytimes.com/subscriptions/Multiproduct/lp88U46.html?campaignId=4FWFJ& __KE YWORDS__=$[keywordText]& __CAMP__=4FWFJ (last visited Apr. 14, 2015). In addition, individuals may subscribe to YouTube channels and podcasts. Subscribe to the Channels You Love, YouTube, https://support.google.com/youtube/answer/4489286?hl=en (last visited Apr. 15, 2015); Discovering Podcasts, Apple, https://www.apple.com/itunes/podcasts/discover/ (last visited Apr. 15, 2015). A " subscriber" has also been defined as " a person who adds his or her details to an electronic newsgroup mailing list, etc., in order to receive, or contribute to, its contents; a person who has signed up to receive messages or other information from a newsgroup, mailing list, etc." Subscriber Definition, The Oxford English Dictionary (online ed.), http://oed.com/view/Entry/192954?redirectedFrom=Subscriber#eid (last visited Apr. 2, 2015).
A common thread can be distilled from these definitions and examples. Subscriptions involve some or all of the following: payment, registration, commitment, delivery, and/or access to restricted content. To download and use the USA Today App, an individual does not have to pay any money; does not have to register; and does not have to make any commitment of any kind. The complaint does not allege that downloading the App causes individuals to be placed on an e-mail list or permits individuals to access otherwise restricted content. To watch videos on the USA Today App, users simply click on the app and click on the video. The App appears to merely be a more convenient form of visiting the USA Today website. Under the circumstances, an individual who downloads and uses the USA Today is not a " subscriber" within the meaning of the VPPA. In common parlance, an individual who watches video on the App is simply known as a " user."
That conclusion is bolstered by the fact that subscriptions do exist for other forms of apps. See, e.g., Subscriptions on Google Play, Google, https://support.google.com/googleplay/ answer/2476088?hl=en (last visited Apr. 15, 2015); Monetize Apps: Paid Apps vs. In-App Purchases vs. Freemium vs. Subscription, buildblog by thinkapps, http://thinkapps.com/blog/ post-launch/monetize-apps-paid-apps-vs-app-purchases-vs-freemium-vs-subscription/ (last visited Apr. 15, 2015). According to Google, a " subscription is when you pay a recurring fee rather than a one-time price for content on Google Play. You'll automatically be charged at the beginning of each subscription term." Subscriptions on Google Play, supra. In its Buildblog, ThinkApps (which is an on-demand service for designing and building applications for web, mobile and wearables) explains that there are many different models for apps. Monetize Apps, supra. Among those models are paid apps, free apps, and subscription apps. Id. According to this blogpost, " [s]ubscription apps offer users access to a particular service or content for a weekly, monthly, or annual fee." Id. Thus, because there is a recognized concept of a subscription within the app context--and because users of the USA Today App do not fit within that concept--individuals who use the USA Today App are not " subscribers" within the VPPA's definition of " consumer."
Again, however, the weight of authority seems to point in the opposite direction. In Ellis v. Cartoon Network, the court relied on a 2012 decision in the Hulu case to conclude that an app user qualifies as a " subscriber." 2014 WL 5023535, at *2. The Ellis court did not look to the plain meaning of " subscriber," and appeared to rely on the Hulu court's analysis as conclusive. Id. In Hulu, the defendant contended that plaintiff could not be a " subscriber" on the ground that the ordinary meaning of the term implied the payment of money. 2012 WL 3282960, at *7-8. The court determined that the plaintiffs in the Hulu case pleaded " more than just visiting Hulu's website." Id. at *8. The court concluded that because the term " subscriber" does not necessarily imply the payment of money, the plaintiffs in that case could be considered " subscribers." 
Again, this Court concludes that Hulu, and the cases that follow its reasoning, are not correctly decided. Here, at least, where there is no payment of money, no registration of information, no periodic delivery, and no privilege to view restricted content, none of the necessary elements of a subscription are present. Plaintiff is therefore not a " subscriber" within the meaning of the VPPA. Accordingly, the complaint fails to state a claim upon which relief can be granted.
For the foregoing reasons, the motion to dismiss is GRANTED.