Key Cases
Sixth Circuit: Salazar v. Paramount Global (133 F.4th 642, 6th Cir. 2025)
The court held: Salazar is NOT a VPPA "consumer" because he subscribed to a newsletter, not to video.
Key language from Judge Nalbandian: "A person is a 'consumer' only when he subscribes to 'goods or services' in the nature of 'video cassette tapes or similar audio visual materials.'"
The court emphasized that "goods or services" must be read as "video-related goods or services."
D.C. Circuit: Pileggi v. Washington Post (89 F.4th 661, D.C. Cir. 2024)
The court held that simply reading articles on a news site does not make you a VPPA "consumer," even if the site contains embedded video.
To be a "consumer," you must actually consume the video offering.
Impact on Defendants
Under the narrow reading, defendants have:
- Smaller class sizes (only actual video consumers qualify)
- Easier dismissal (plaintiffs must prove consumer status)
- Lower damages exposure
- Better settlement leverage
Example:
- 50,000 actual video watchers (out of 1M visitors) = $5M-$125M exposure
- Settlement range: $2M-$20M
The infrastructure answer
The free PieEye compliance scan identifies whether your website has the VPPA vulnerabilities that plaintiffs' attorneys look for — tracking pixels firing on video pages without consent, data flowing to third parties before users have agreed, and policy-to-practice mismatches.
For the complete VPPA compliance framework, see our VPPA compliance guide. For the circuit split and forum shopping implications, see VPPA circuit split and forum shopping. For the Supreme Court case that will resolve this split, see Salazar v. Paramount Global.
Run a free PieEye compliance scan — it takes minutes, requires no code changes to initiate, and tells you exactly what a plaintiffs' attorney's scanning tool would find if it looked at your website today.
What This Means for Your Shopify or BigCommerce Store
If you run an eCommerce brand on Shopify or BigCommerce, you need to understand where you sit under these new standards. The narrow "consumer" definition is good news — but only if you document your actual business model clearly.
Here's the practical reality: if your store has a product video on a landing page, but customers aren't subscribing to video content itself, you're likely outside the VPPA's strictest interpretation. A product demo video on your PDP (product detail page) doesn't trigger VPPA obligations the way a subscription video service does.
However, this doesn't mean you can ignore the law. The problem is that tracking pixels (Meta Pixel, Google Analytics, TikTok Pixel) fire on all pages — including pages with embedded video. If you're collecting data about who watches your product videos without their consent, you've created the exact vulnerability plaintiffs' lawyers target, regardless of whether your store technically qualifies as a VPPA "video service."
The safest move: audit which pages on your store contain embedded video, third-party tracking, or both. Document your intent — are customers subscribing to video content, or just viewing product demos? That distinction matters in court, but it only protects you if your technical setup matches your business reality. A mismatch between what your privacy policy says and what your pixels actually do is where plaintiffs find leverage.
The Consent and Tracking Pixel Problem
These circuit decisions focus on who qualifies as a "consumer," but they sidestep a bigger issue for eCommerce: consent and pixels almost always move slower than the law.
Your Meta Pixel or Google Analytics tag likely fires the moment someone lands on your site — before they've seen a cookie banner, agreed to anything, or consented to tracking. If that page contains video (even incidental video), you've potentially created a VPPA violation before the "consumer" question even matters.
The D.C. Circuit in Pileggi emphasized that being a "consumer" requires actually consuming the video. But plaintiffs argue: how can you "consent" to data collection about your video consumption before you've even clicked play? The timing gap is real.
For Shopify and BigCommerce brands using Klaviyo, Google Analytics, or Meta Pixel, this creates a practical headache. You can't wait for cookie consent before pixels fire — modern tracking infrastructure doesn't work that way. But you can configure your pixels to delay video-related tracking until after consent is collected.
If your store uses Klaviyo for email, for example, and you're tracking video engagement to segment customers, that data flow needs explicit consent before collection starts. The narrower VPPA standard doesn't exempt you from consent obligations; it just changes the damages calculation if you get sued.
Dismissal Standards and Early Case Closure
The Sixth and D.C. Circuits have made it much easier for defendants to win at the motion-to-dismiss stage. That's important for your brand because it means plaintiffs have to do more work to prove their case — and that work gets expensive.
Under Salazar and Pileggi, a plaintiff can't just say "your website has tracking and video." They have to prove the plaintiff subscribed to video content specifically, not to news, products, or general web browsing. That's a higher bar, and courts are dismissing cases that don't clear it.
What does this mean for you? If a VPPA class action names your store as a defendant, your lawyers can now point to these rulings and argue for early dismissal based on your actual business model. You're selling products, not video subscriptions. The burden shifts to the plaintiff to explain why your store falls under the VPPA at all.
The catch: this defense only works if your privacy policies, terms of service, and technical setup are consistent. If your documentation says you're a retailer but your pixel configuration looks like a video surveillance operation, you've handed plaintiffs' lawyers ammunition.
Building a Defense-Ready Documentation Framework
The smartest move now is to audit your current setup and document it thoroughly. You need three things: (1) a clear description of your business model in your privacy policy, (2) a map of where video appears on your site and why, and (3) a record of your pixel configuration and consent flow.
For example, if you're a DTC apparel brand that uses Shopify, document that product videos are demonstrations of merchandise, not a subscription service. If you use Google Analytics to track engagement, document that this is for commerce optimization, not video surveillance. If you collect email addresses through Klaviyo, document that this is for order fulfillment and marketing, not video consumption tracking.
This documentation becomes your defense if you're ever named in a VPPA lawsuit. It shows the court that you understood the distinction between video services and eCommerce, and that you structured your business accordingly. Without it, the court has to guess your intent — and that guess usually goes against the defendant.