More Consumer Protection

North of the Border, South of Dismissal: A Canadian gaming company's Motion to dismiss a VPPA lawsuit fails

Published on
July 2, 2026
North of the Border, South of Dismissal: A Canadian gaming company's Motion to dismiss a VPPA lawsuit fails

Oh Canada.

If a Canadian company runs a website, collects a couple hundred million monthly visits from Americans, and allegedly ships those Americans' video-watching habits off to Google, can it avoid a U.S. courtroom by pointing at the border?

According to a new decision out of the District of Massachusetts, the answer is no.

In Saul v. Valnet Inc., 2026 U.S. Dist. LEXIS 144616 (D. Mass. June 30, 2026), the plaintiff filed a putative class action under the Video Privacy Protection Act (VPPA) against the operator of gamerant.com, a popular gaming news site. For the uninitiated, the VPPA is a  federal statute enacted to preserve personal privacy around tthe videos you watch. It prohibits a video tape service provider from knowingly disclosing a consumer's personally identifiable information—including what videos they watched—without informed, written consent.

The Saul complaint alleges the defendant installed Google Tag and Google Analytics on its site, disclosing users' Google Account IDs—which Google can link to names and email addresses—along with URLs revealing exactly which videos they watched. All allegedly without consent.

The defendant, a Canadian company, moved to dismiss for lack of personal jurisdiction. But the plaintiff invoked Rule 4(k)(2), the federal rule built for exactly this scenario: a federal claim against a defendant not at home in any single state. And the numbers did the defendant no favors. Its own website reported that 232 million of its 448 million monthly sessions came from U.S. users, and the defendant didn't dispute that it likely earns a majority of its revenue from this country. The Court found the company "knew that it was serving U.S. customers and took no steps to limit its website's reach," relying on Plixer International v. Scrutinizer GmbH, and noted that under Fuld v. Palestine Liberation Organization, the Fifth Amendment test is, if anything, more flexible than the plaintiff needed.

Turns out you can't cash American ad revenue and then act shocked when an American courtroom comes calling.

The consent defense fared no better. The defendant argued the plaintiff agreed to its privacy policy when he made an account. But the Court held the policy wasn't incorporated into the complaint and couldn't be considered at the pleading stage—the complaint's only screenshot referenced a different company's policy entirely. And even if the Court could consider it, the policy said nothing about when any disclosure occurred and fell short of the VPPA's strict consent requirements. Consistent with Rodriguez v. ByteDance and Adams v. America's Test Kitchen, a privacy policy floating somewhere on a website is not a magic wand.

Motion to dismiss denied on all grounds. Nice win for the American consumer. Nice win for US.

Contributors
Garrett Berg
Founder, Consumer Nation
Subscribe to newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.