Salazar v. Paramount Global

The Fact Pattern

Paramount's Business

• Owns 247Sports.com, a college sports recruiting website
• Publishes recruiting news, videos, and a free email newsletter
• Newsletter contains text-based recruiting news, NO embedded video

Michael Salazar's Interaction

• Subscribed to the 247Sports free newsletter
• Visited the website occasionally
• Watched some college sports highlight videos on the site
• Was logged into Facebook while visiting

The Meta Pixel Issue

Paramount embedded Meta Pixel on its website. When Salazar visited pages with video:

• Meta Pixel fired
• Transmitted data to Meta including:
  • Page URL (showing he visited a page with videos)
  • His Facebook ID (because he was logged into Facebook)
  • Behavior data

The Allegation: Paramount disclosed Salazar's video-watching information to Meta without his informed written consent. This is a VPPA violation IF Salazar is a "consumer."

The Courts

District Court: Dismissed the case. Salazar is not a VPPA "consumer" because he subscribed to a newsletter, not to video.

Sixth Circuit (Panel): Affirmed. Salazar is not a VPPA "consumer."

Supreme Court (January 26, 2026): Granted certiorari to resolve the circuit split.

What's at Stake

If Broad Ruling:

• Massive expansion of VPPA liability
• Companies with video face exponential class action exposure
• Billions of dollars in potential damages

If Narrow Ruling:

• Limited VPPA exposure
• Smaller classes, smaller damages
• Defendants get breathing room

How the "Consumer" Definition Affects Your Store

The core question the Supreme Court will decide is whether Salazar qualifies as a "consumer" under the VPPA — and this matters enormously for your eCommerce brand.

The VPPA originally protected people who subscribe to video services. Think Netflix, cable TV, or a streaming platform where video is the main thing you're paying for. Salazar subscribed to a newsletter, not a video service. Paramount's argument is straightforward: he's not a video customer, so the VPPA doesn't apply to his visit.

But here's the eCommerce angle. If the Supreme Court rules broadly — that anyone who visits a page with video content counts as a VPPA "consumer" — your Shopify store becomes vulnerable the moment you embed:

• Product demo videos
• Customer testimonial clips
• YouTube product reviews
• Livestream shopping events
• TikTok embeds in blog posts

All of these could trigger VPPA liability if Meta Pixel, Google Analytics, or any other tracking pixel fires while a visitor watches. You don't need to charge for the video. You don't need a separate video subscription. Just the mere presence of video content on a page could make every visitor a "protected consumer."

For DTC brands, this is particularly risky. Many of you use video liberally — unboxing content, founder stories, product how-tos. If Salazar wins, you'll need to rethink when and how those pixels can fire. If the ruling is narrow, you get more breathing room, but the uncertainty itself is costly right now because you have to assume the worst case while the Supreme Court decides.

The timeline matters too. A decision is expected by June 2026. Until then, you're operating in a gray zone where plaintiffs' attorneys are scanning eCommerce sites aggressively, looking for exactly this vulnerability.

The Meta Pixel Firing Problem in eCommerce

Meta Pixel is ubiquitous in eCommerce. It tracks purchases, page views, cart abandonment, and custom events. It's how you retarget customers and measure campaign ROI. But it's also the mechanism that got Paramount sued.

Here's what happened in Salazar: Meta Pixel fired automatically when a user visited a video page. Paramount didn't ask permission. Paramount didn't disclose to the pixel that video was present. The pixel just collected and transmitted data to Meta, including information that could reasonably infer the user watched video.

For your store, the risk is similar. If you have:

• A blog post with an embedded product demo video
• A FAQ page with a Loom walkthrough
• A customer stories page with video testimonials
• A landing page with a YouTube embed

And Meta Pixel fires on any of these pages before a user consents — you could face the same exposure Paramount does.

The VPPA requires "informed written consent" before disclosing video-watching information to third parties. Most eCommerce cookie banners say something like "We use cookies for marketing and analytics," but they don't specifically call out video or Meta Pixel. That's a policy-to-practice gap that plaintiffs' attorneys target.

The fix isn't to remove Meta Pixel (you need it for performance). It's to ensure your banner explicitly mentions third-party pixels, video tracking, and data sharing with Meta. It's also to delay pixel firing until after consent is granted — not before. Some brands use Segment, mParticle, or other consent-aware tag managers to enforce this. Others hardcode delays. The method matters less than the outcome: no pixel data flows until consent is logged.

VPPA Damages and Class Action Economics

You might think, "Okay, worst case: I get sued. I settle for some amount and move on." But VPPA damages are designed to make that thinking expensive.

The VPPA allows statutory damages of $100 to $2,500 per violation, per person. In a class action, a "violation" can mean each time the pixel fires. So if 10,000 users visited a video page and the pixel fired, and you have one year of data, that's 10,000 potential violations at a minimum statutory floor of $100. That's $1 million right there — before attorney fees, court costs, or settlement premiums.

Most VPPA class actions settle between $5 million and $25 million, depending on class size and the strength of the plaintiff's arguments about actual harm. Your insurance may not cover it either — many cyber liability policies exclude VPPA claims or cap coverage at levels below potential exposure.

The economics push toward early settlement even when the law is unclear. A plaintiffs' attorney can afford to fund a class action if the class is large (thousands of users) and the potential payout is substantial. The uncertainty created by the Salazar case — not knowing whether courts will expand VPPA coverage — actually increases settlement pressure, because defendants can't afford to wait for the Supreme Court decision and then defend cases simultaneously.

Building a Consent Infrastructure Now

Waiting for the Supreme Court to decide is not a practical compliance strategy. Your brand needs to assume the broader interpretation of the VPPA and build accordingly.

Start with an audit: map every page on your site that contains video. Include embeds, livestreams, and auto-playing clips. For each page, identify what tracking pixels fire and when.

Then, layer in consent management. This means:

• A compliant cookie banner that specifically mentions video tracking and Meta Pixel
• Consent records that you can produce in discovery (showing when each user consented)
• A tag management system that respects consent signals and delays pixel firing until consent is granted
• A process to delete data if users withdraw consent

This infrastructure protects you in two ways. First, if you do get sued, you can demonstrate good-faith efforts to comply. Courts view compliance attempts favorably, even if they're not perfect. Second, you reduce the plaintiff's class size — fewer "unaware" users means smaller exposure.

The goal is not to eliminate VPPA risk entirely (that would require removing video, which defeats the purpose). The goal is to reduce the size and severity of potential claims and to document that you tried to comply responsibly.