A 1988 Law Could Make Every Tracking Pixel Illegal—The Supreme Court Will Decide

The Case That Could Reshape Online Tracking

On January 26, 2026, the Supreme Court granted certiorari in Salazar v. Paramount Global, agreeing to resolve a circuit split over the scope of the Video Privacy Protection Act (VPPA). The question before the Court: who counts as a "consumer" under the law, and can ordinary website visitors sue companies that share their browsing data with Facebook through tracking pixels?

Michael Salazar alleges that Paramount's 247Sports.com embedded a Meta Pixel that transmitted his video viewing activity and Facebook ID to Meta for advertising purposes. The tracking happened without his knowledge or consent every time he watched video content on the site while logged into Facebook.

The case hinges on a deceptively simple legal question: does subscribing to a website's newsletter make you a "consumer" protected by the VPPA, or must you specifically subscribe to video content?

A Law From the VHS Era

The VPPA was enacted in 1988 after a reporter obtained and published Supreme Court nominee Robert Bork's video rental history from a local store. Congress acted swiftly, making it illegal for "video tape service providers" to disclose consumers' viewing habits without consent.

Nearly four decades later, courts are grappling with how this law applies to a world where tracking pixels on websites routinely capture and share users' video viewing behavior with advertising platforms. The VPPA carries statutory damages of $2,500 per violation, making it one of the few federal laws that gives individuals real leverage against tracking.

The Circuit Split

Federal appeals courts have reached opposite conclusions about who the VPPA protects:

The Second Circuit ruled broadly: if you subscribe to any service from a company that provides video content, even just a newsletter, you qualify as a consumer. Under this interpretation, millions of website users would gain standing to sue over tracking pixel data sharing.

The Sixth Circuit, in the decision now before the Supreme Court, took the narrow view: only subscribers to actual video content are protected. A newsletter subscriber who happens to watch videos on the same site is out of luck.

The D.C. Circuit sided with the Sixth Circuit's narrow reading, deepening the split and making Supreme Court intervention inevitable.

What This Means for Every Website

The outcome will ripple far beyond Paramount. Meta Pixel alone is installed on millions of websites worldwide. Google Analytics, TikTok Pixel, and dozens of other tracking tools operate on similar principles, collecting and transmitting user behavior data to third parties.

If the Court adopts the broader interpretation, any website that embeds tracking pixels and offers video content could face VPPA liability for sharing viewing data. At $2,500 per violation, the potential exposure is staggering. Companies that collect email newsletter signups, which is virtually every website, could suddenly find their entire user base qualifies as protected consumers.

For compliance teams, the implications are immediate. Organizations would need to audit every tracking pixel on their properties, evaluate whether video content appears alongside other offerings, and potentially restructure how third party analytics tools access user data.

The Tracking Pixel at the Center

The Meta Pixel, formerly known as the Facebook Pixel, is a snippet of JavaScript code that website operators embed on their pages. When a visitor loads the page, the pixel fires and transmits data back to Meta, including:

• Pages visited and videos watched
• The visitor's Facebook ID (if logged into Facebook)
• Device information and IP address
• Purchase and conversion events

This data allows Meta to build detailed profiles for targeted advertising. The same model is used by Google, TikTok, X, and countless other advertising platforms through their own pixel implementations.

Email tracking pixels work on the same principle. When you open an email containing a tracking pixel, it quietly transmits your IP address, device type, location, and the exact time you read the message back to the sender.

What Privacy Advocates Are Watching

Privacy researchers see Salazar v. Paramount as a potential landmark. Without a comprehensive federal privacy law, the VPPA has become one of the few tools available to individuals seeking accountability for online tracking. A broad ruling could:

• Establish that routine website analytics practices require explicit consent
• Create new compliance obligations for any website embedding third party tracking code
• Generate a wave of class action litigation against companies using tracking pixels
• Push Congress to finally address online tracking through updated legislation

A narrow ruling, on the other hand, would effectively limit the VPPA to its original video rental context, leaving most online tracking unregulated at the federal level.

Timeline

The case will proceed to merits briefing in 2026, with oral arguments expected during the October 2026 Term. A decision is anticipated in early 2027.

How to Protect Yourself Now

Regardless of how the Court rules, tracking pixels are already embedded across the web and in your inbox. Tools like Gblock block spy pixels in Gmail, preventing senders from knowing when you read their emails, your location, and your device information. For website tracking, browser extensions that block third party scripts and pixels offer an additional layer of protection.

The Supreme Court may soon decide whether tracking pixels violate federal law. Until then, the only guaranteed protection is blocking them yourself.