First Page


Last Page


Document Type



As a central concept in American information privacy law, personally identifiable information (PII) plays a critical role in determining whether a privacy violation has occurred. Under the Video Privacy Protection Act of 1988 (VPPA), PII “includes information which identifies a person as having requested or obtained specific video materials or services.” Despite the clarity that these words may have when the Statute was enacted, the line separating PII from non-PII in the context of streaming video is not easily drawn, in part due to the prevalence of behavior tracking technologies and the emergence of “big data” analytics. The First Circuit, in Yershov v. Gannett Satellite Information Network, Inc., has held that PII is information that is “reasonably and foreseeably likely” to identify a person’s video viewing activities. By contrast, under the Third Circuit’s holding in In re Nickelodeon Consumer Privacy Litigation, PII is information that would enable an ordinary person to identify an individual. As applied to device identifiers, Internet “cookies,” and other behavior tracking information, the Third Circuit’s “ordinary person” test undermines an important privacy interest. This Comment examines the meaning of PII under the VPPA, tracing the evolution of the concept from its origins through the Statute’s legislative history and modern jurisprudence. After arguing that the intent of the VPPA is best effectuated by a consideration of the context in which the information is disclosed, this Comment identifies the salient contextual factors and concludes by urging the adoption of a factor-based test for determining whether information constitutes PII.