- within Privacy, Litigation, Mediation & Arbitration and Transport topic(s)
Duane Morris Takeaways: On October 30, 2025, in DellaSalla, et al. v. Samba TV, Inc., 2025 WL 3034069 (N.D. Cal. Oct. 30, 2025), Judge Jacqueline Scott Corley of the U.S. District Court for the Northern District of California dismissed a complaint brought by TV viewers against a TV technology company alleging that the company's provision of advertising technology in the plaintiffs' smart TVs committed the common law tort of invasion of privacy and violated the Video Privacy Protection Act ("VPPA"), the California Invasion of Privacy Act ("CIPA"), and California's Comprehensive Computer Data Access and Fraud Act ("CDAFA"). The ruling is significant as it shows that in the hundreds of adtech class actions across the nation alleging that adtech violates privacy laws, plaintiffs do not plausibly state a common law claim for invasion of privacy unless they specify in the complaint the information allegedly disclosed and explain how such a disclosure was highly offensive. The case is also significant in that it shows that the VPPA does not apply to video analytics companies, and that California privacy statutes do not apply extraterritorially to plaintiffs located outside California.
Background
This case is one of a legion of class actions that plaintiffs have filed nationwide alleging that third-party technology captured plaintiffs' information and used it to facilitate targeted advertising.
This software, often called advertising technologies or "adtech," is a common feature of millions of consumer products and websites in operation today. In adtech class actions, the key issue is often a claim brought under a federal or state wiretap act, a consumer fraud act, or the VPPA, because plaintiffs often seek millions (and sometimes even billions) of dollars, even from midsize companies, on the theory that hundreds of thousands of consumers or website visitors, times $2,500 per claimant in statutory damages under the VPPA, for example, equals a huge amount of damages. Plaintiffs have filed the bulk of these types of lawsuits to date against healthcare providers, but they have filed suits against companies that span nearly every industry including retailers, consumer products, universities, and the adtech companies themselves. Several of these cases have resulted in multimillion-dollar settlements, several have been dismissed, and the vast majority remain undecided.
In DellaSalla, the plaintiffs brought suit against a TV technology company that embedded a chip with analytics software in plaintiffs' smart TVs. Id. at *1, 5. According to the plaintiffs, the company intercepted the plaintiffs' "private video-viewing data in real time, including what [t]he[y] watched on cable television and streaming services," and tied this information to each plaintiff's unique anonymized identifier in order to "facilitate targeted advertising," all allegedly without the plaintiffs' consent. Id. at *1. Based on these allegations, the plaintiffs claimed that the TV technology company violated the CIPA, CDAFA, and VPPA, and committed the common-law tort of invasion of privacy.
The company moved to dismiss, arguing that the CIPA and CDAFA did not apply because the plaintiffs were located outside California, that the VPPA did not apply because the TV technology company was not a "video tape service provider," and that the plaintiffs failed to plausibly allege a highly offensive violation of a privacy interest.
The Court's Decision
The Court agreed with the TV technology company and dismissed the complaint in its entirety, with leave to amend any existing claims but not to add any additional claims without further leave.
On the CIPA and CDAFA claims, the Court found that the plaintiffs did not allege that any unlawful conduct occurred in California. Instead, the plaintiffs alleged that the challenged conduct occurred in their home states of North Carolina and Oklahoma. Id. at *1, 3-4. For these reasons, the Court dismissed the CIPA and CDAFA claims, finding that these statutes do not apply extraterritorially. Id.
On the VPPA claim, the Court addressed the VPPA's definition of "video tape service provider," which is "any person, engaged in the business ... of rental, sale, or delivery of prerecorded video cassette tapes or similar audio visual materials." Id. at *5. The plaintiffs argued that the TV technology company was a video tape service provider "because its technology is incorporated in Smart TVs, which deliver prerecorded videos. [The defendant] advertises its technology precisely as providing a 'better viewing experience' 'immersive on-screen experiences' and a 'more tailored ad experience' through its technology." Id. The Court rejected this argument. It held that "[t]his allegation does not plausibly support an inference, [the defendant]—an analytics software provider—facilitated the exchange of a video product. Rather, the allegations support an inference [the defendant] collected information about Plaintiffs' use of a video product, but not that it provided the product itself." Id. (emphasis added).
On the common law claim for invasion of privacy, the TV technology company argued that this claim failed because the plaintiffs "have no expectation of privacy in the information it collects and Plaintiffs have not alleged a highly offensive intrusion." In examining this argument, the Court noted that Plaintiff had only provided "vague references" to the information supposedly intercepted. Id. at *4. This information included video-viewing data generally (none specified) tied to an anonymized identifier. Id. at *1, 5. Thus, the Court agreed with the defendant's argument and found that plaintiffs identified "no embarrassing, invasive, or otherwise private information collected" and no explanation of how the tracking of video viewing history with an anonymized ID caused plaintiffs "to experience any kind of harm that is remotely similar to the 'highly offensive' inferences or disclosures that were actionable at common law." Id. at *5. In sum, the Court concluded that "Plaintiffs have not plausibly alleged a highly offensive violation of a privacy interest."
Implications For Companies
DellaSala provides powerful precedent for any company opposing adtech class action claims (1) brought under statutes enacted in states other than the plaintiffs' place of residence; (2) brought under the federal VPPA where the company allegedly transmitted video usage information, as opposed to any videos themselves; and (3) alleging common-law invasion of privacy, where the plaintiffs have not specified the information disclosed and why such a disclosure is highly offensive.
The last point is a recurring theme in adtech class actions. Just as this plaintiff suing a TV technology company did not plausibly state a common-law claim for invasion of privacy without identifying the videos watched and any highly offensive harm in associating those videos with an anonymized ID, so did a plaintiff not plausibly state a claim for invasion of privacy by way of alleging adtech's disclosure of protected health information ("PHI"), without specifying the PHI allegedly disclosed (as we blogged about here). These cases show that for adtech plaintiffs to plausibly plead claims for invasion of privacy, they at least need to identify what allegedly private information was disclosed and explain how the alleged disclosure was highly offensive.
Disclaimer: This Alert has been prepared and published for informational purposes only and is not offered, nor should be construed, as legal advice. For more information, please see the firm's full disclaimer.
