The Supreme Court will hear Salazar v. Paramount Global in its October 2026 term, with a decision expected in early 2027. The question on the docket: whether signing up for a free email newsletter makes someone a “consumer” under the Video Privacy Protection Act. For a WooCommerce store running a newsletter popup, a product or hero video on any page, and a Meta Pixel firing in the background, that single ruling decides whether the combination is a non-event or a $2,500-per-visitor class action. Limited Run Games paid $2.72 million on a near-identical fact pattern in March. SCOTUS isn’t introducing the trap — it’s deciding whether it’s enforceable everywhere.

What Salazar v. Paramount Is Actually Asking

SCOTUS granted certiorari in Salazar v. Paramount Global on January 26, 2026. The case asks whether subscribing to a free online newsletter — no payment, no account, just an email address dropped into a popup form — makes the subscriber a “consumer” within the meaning of the VPPA, the 1988 statute originally written for video rental stores.

The VPPA matters in 2026 for a reason the statute’s drafters never anticipated. Section 18 U.S.C. § 2710 prohibits “video tape service providers” from knowingly disclosing personally identifiable information about a consumer’s video-viewing history to third parties without informed, separate consent. Modern courts have repeatedly applied it to websites that embed video content alongside third-party tracking pixels — Meta Pixel, TikTok pixel, Google tracking. Statutory damages are $2,500 per violation under 18 U.S.C. § 2710, with no cap on aggregate liability when applied at class-action scale.

Whether the statute reaches your WooCommerce store hinges on two definitional questions: is your site a “video tape service provider” — current case law generally says yes if you host or embed video content — and is the visitor a “consumer.” That second question is what Salazar will resolve.

The Three-Variable Fact Pattern Your WooCommerce Store Probably Has

Salazar isn’t an obscure edge case. It’s a description of a fairly common WooCommerce setup.

• Variable A — Newsletter signup form. Mailchimp popup, Klaviyo embedded form, Yikes Mailchimp opt-in, or the native WooCommerce subscribe-at-checkout box. Captures an email address; gives nothing in return except newsletter delivery.
• Variable B — Video content on a page that loads in the visitor’s browser. Product demo on the product detail page, hero video on the homepage, embedded YouTube or self-hosted MP4 on a category page. The page renders the video; the visitor may or may not press play.
• Variable C — Meta Pixel, or any equivalent tracking pixel, firing on the same page. Facebook for WooCommerce installs the pixel site-wide. So does most ad-management plugin stacks. The pixel fires PageView automatically on every page, including the page hosting the video.

The Salazar question maps onto this trio precisely. If a SCOTUS majority holds that a free newsletter signup creates “consumer” status, the existence of A + B + C on the same domain is the VPPA violation. The popup isn’t the side feature anymore — it’s the variable that creates standing.

You may be interested in: Your WooCommerce Store Is Putting Microsoft Clarity in the Wrong Consent Category

Why This Costs $2,500 Per Visitor

The $2,500-per-violation framing isn’t theoretical. On March 12, 2026, the U.S. District Court for the Eastern District of New York approved the settlement in Carbone v. Limited Run Games — a $2.72 million payout on the exact Meta-Pixel-firing-on-product-video-page fact pattern this article is about.

Two numbers from that case set the floor for what’s coming. First, 27,000+ valid claims were filed from a class of “hundreds of thousands” of potential members — a 10%+ claim rate, with only 17 opt-outs and zero objections. Plaintiff appetite for this fact pattern is real, organised, and currently underbid relative to the statutory ceiling. Second, the settlement included a structural restriction beyond the cash: Limited Run Games is now barred from knowingly using Meta Pixel, TikTok tracking, Google tracking, or X (Twitter) pixel on US-accessible video content pages without VPPA-compliant consent.

That structural restriction is the part operators tend to miss. Even if you settle a VPPA suit for cash you can afford, the consent decree on the back end can force you to re-architect your tracking stack anyway.

The Circuit Split: Why Your Exposure Already Depends on Your Zip Code

You don’t need to wait for SCOTUS to know how this would go in your jurisdiction today. The federal circuits have already split.

On April 24, 2026, the 2nd Circuit affirmed dismissal of a parallel pixel-VPPA claim in Golden, citing Solomon v. Flipps Media as binding precedent. That makes the 2nd Circuit — New York, Connecticut, Vermont — currently defendant-favourable on this fact pattern. The 6th Circuit (Michigan, Ohio, Kentucky, Tennessee) and the 7th Circuit have read the “consumer” definition more broadly, keeping plaintiffs in court. A WooCommerce store with the same newsletter-popup-plus-video-plus-pixel stack faces materially different odds of class certification depending on where its visitors live.

That’s the practical state of the law right now. Salazar will collapse the split one way or the other in early 2027 — but for the next year, exposure is jurisdiction-dependent, and a single visitor from a plaintiff-favourable circuit is enough to start a case.

What to Do Before SCOTUS Rules

The decision is more than a year away. That’s enough time to either re-architect the stack, isolate the risk, or accept the exposure consciously. Either way, the audit is the same five-minute exercise.

Step 1: Does your store run a newsletter signup form on any page? Popup, footer form, checkout opt-in — all qualify.

Step 2: Does any page on the same domain render video content? Product demo, hero video, category video, embedded YouTube, self-hosted MP4. The visitor doesn’t need to press play — the page just needs to load the video element.

Step 3: Is Meta Pixel — or TikTok pixel, Google tag, X pixel — firing on those same pages?

If the answer is yes/yes/yes, you’re sitting in the Salazar test pattern. You don’t have a problem today; you have a binary outcome arriving in early 2027. The three remediation options each have a different cost profile:

• Remove the pixel from video pages. Cheapest, least disruptive — but you lose remarketing audiences and conversion attribution on those exact pages.
• Move to a VPPA-compliant consent gate. A separate, informed, written consent dialogue specifically authorising disclosure of video-viewing data to a named third party. Heavy UX cost; high refusal rate.
• Replace the client-side pixel with server-side event capture. No third-party pixel loads on the page; events are sent server-to-server from your hook layer to Meta’s Conversions API, TikTok’s Events API, and Google Ads Enhanced Conversions. This is the path that decouples your tracking from VPPA standing entirely.

You may be interested in: Six-Month Consent Rejection Period 2026: What Happens When Users Say No

Why Server-Side Removes the VPPA Variable

The VPPA violation in every pixel case rests on the same mechanic: the website knowingly discloses a consumer’s video-viewing PII to a third party — Meta, TikTok, Google — by virtue of loading their pixel on a page that contains video content. No pixel load, no third-party disclosure, no VPPA violation.

Server-side first-party tracking moves the disclosure boundary. Transmute Engine™ captures conversion events through WooCommerce hooks on your server, then sends them server-to-server to the Conversions API for Meta, the Events API for TikTok, and Enhanced Conversions for Google Ads — with no third-party pixel loading in the visitor’s browser at all. The video page renders only your own JavaScript; the third party never sees the page-view; there’s nothing to disclose at the moment the visitor watches the video.

That changes the legal question from “did a third-party pixel intercept this visitor’s video activity” to “did your server send a hashed conversion event after the visitor took an action you defined.” Different mechanic. Different exposure profile.

Key Takeaways

• SCOTUS will hear Salazar v. Paramount in October 2026 with a decision expected in early 2027 — the question is whether a free newsletter signup creates VPPA “consumer” status.
• $2,500 per violation under 18 U.S.C. § 2710, with no aggregate cap — Limited Run Games settled a near-identical case for $2.72 million in March 2026, with 27,000+ valid claims.
• The 2nd Circuit (Golden, April 24, 2026) is currently defendant-favourable; the 6th and 7th Circuits are plaintiff-favourable. Your exposure depends on your visitors’ jurisdiction until SCOTUS collapses the split.
• The three-variable fact pattern — newsletter signup + video on the page + Meta/TikTok/Google/X pixel firing — is the precise combination Salazar will rule on.
• Server-side first-party event capture removes the third-party pixel from the video page entirely, decoupling conversion tracking from the VPPA mechanic regardless of how SCOTUS rules.

FAQ

Audit your store today: newsletter signup form, video content on any page, Meta Pixel firing on those pages. If the answer is yes/yes/yes, you have a year to choose between removing the pixel, gating with VPPA-compliant consent, or moving server-side. See how Seresa moves WooCommerce conversion tracking off the page and onto the server →