Business and Real Estate Litigation Reporter
June 2007
Can Your Company be Held Liable for the Third-Party Content Posted on its Website?
Immunity Protections under the Communications Decency Act
By Cynthia Cretan and Barry MacNaughton
Individuals and companies frequently post third party content on internet sites that they operate. Examples of such third party content range from reports and studies conducted by third parties, to articles written by third parties, as well as to comments posted by users on a message board on the website. These common business practices have lead to lawsuits against website operators based upon the third party content. There are numerous bases for potential liability in connection with third party content posted on a website, such as exposure to tort liability for defamation or unfair competition or even exposure to criminal liability. This raises the question of to what extent can the operator of the underlying internet site be held civilly or criminally liable for any third party content posted on its site and how to avoid unnecessary risk from that content.
Congress attempted to address the issue of liability for third party content by enacting Section 230 of the Communications Decency Act of 1996 (“CDA”). By enacting this provision, Congress intended to encourage the free exercise of Internet expression and courts have interpreted Section 230 of the CDA to do just that. Indeed, courts regularly have found that defendant website operators are immune from liability for third party content posted on their sites. The defense of Section 230 immunity is employed consistently to dispose of lawsuits early in litigation, and thus it is key for companies and individuals to understand when that immunity applies.
In general, Section 230 of the CDA provides broad protections from liability for online providers of third party content. Section 230(c)(1) states that “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” Therefore, whether an operator can take advantage of Section 230 immunity will turn in large part on an understanding of just what the terms “interactive computer service” and “information content provider” mean.
First, this Section 230 protection from liability will apply only to a “provider or user of an interactive computer service.” Courts generally have interpreted the term “interactive computer service” broadly, finding that it covers a wide variety of internet users. For example, the term includes internet access providers such as America Online, and it also covers websites, web hosts of message boards or chat rooms and email list operators. Recent case law has found the protections apply to websites such as Myspace.com (Doe v. MySpace, Inc., W.D. Tex. Feb. 13, 2007) and Craigslist.com (Chicago Lawyers’ Committee for Civil Rights under the Law, Inc. v. Craigslist, Inc., N.D. Ill. Nov. 14, 2006), as well as to internet service or access providers like Earthlink, Inc. (Associated Bank Corp. v. EarthLink, Inc., W.D. Wis. Sept. 13, 2005) and America Online (Zeran v American Online, Inc., 129 F. 3d 327 (4th Cir. 1997), and even messaging tool providers like Microsoft (Eckert v. Microsoft Corp., 2007 WL 496692 (E.D. Mich. Feb. 13, 2007). In fact, a recent California Supreme Court opinion found that the term “user,” as included in Section 230, should include any individual that is on the internet. (Barrett v. Rosenthal (40 Cal. 4th 33 (2006)). Therefore, it is likely that an individual or company that provides information online will be considered an “interactive computer service” for the purposes of the ability to claim Section 230 immunity.
Secondly, the CDA makes clear that immunity is available only if the provider is publishing information provided by “another information content provider”, that is, the information must be truly third party content, as opposed to content that originates with the provider. An “information content provider” is defined in the statute as “any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet or any other interactive computer service.”
Whether or not information was provided “in whole or in part” by a third party may be clear from its content, such as a message posted on a message board website. This analysis is less clear when the site operator is involved in the creation of the actual underlying content, actions that can expose the provider to liability. For example, a California federal court held that Yahoo! Inc. did not have immunity from tort liability under CDA Section 230 where Yahoo had created phony user profiles in its online dating service and misrepresented that expired users were still available for dates. (Anthony v. Yahoo! Inc., N.D. CA 3/17/06) Similarly, a federal court in Arizona held that a website operator that posted complaints about businesses was not immune from liability where the operator added its own original, editorial content to defamatory material posted by third parties. (Hy Cite Corp. v. Badbusinessbureau.com, D. Ariz. 2/23/05) A very recent federal case held that no immunity applied where the defendent “created” questionaires filled out by online users. (Fair Housing Council v. Roomates.com LLC, 9th Cir. 5/5/07) A provider or distributor of information on the internet is immune from liability where the content it publishes is purely from a third party but the provider may lose the protections of Section 230 when it actively creates, edits, manipulates or alters that third party content in some way.
Despite the fact that courts regularly interpret Section 230 in a defense-favorable manner, it is important to note that there are explicit exceptions to the protections found in Section 230 scenarios where the immunity protections are simply not available. Most notably, Section 230 will not apply to insulate a website operator from liability for its own criminal conduct, and it will not protect the website operator against liability for its own violation of another’s intellectual property.
In evaluating whether a service provider can claim immunity for the content posted on an internet site it operates, it is key to evaluate first whether it is providing or using an interactive computer service and then to confirm that the relevant content really has been created by a third party. If both those determinations can be made, it is likely that the protections of Section 230 of the CDA will immunize the defendant from liability.
The CDA provides significant practical protections to businesses that maintain websites offering third party content. That content can become a magnet for litigation despite its seemingly innocuous nature. Businesses and service providers can stay within the safe harbor provisions of the CDA if they avoid the temptation to alter or edit that third party content. By doing so, you can maintain an active website that readily updates content without incurring the potential liability that could arise from that content.
If you have any questions regarding this newsletter, please contact Barry MacNaughton, a Partner in the firm’s Litigation practice at (310) 281-6342, or by e-mail at bmacnaughton@ecjlaw.com; or Cynthia Cretan, an Associate in the firm’s Litigation practice at (310) 281-6372, or by e-mail at ccretan@ecjlaw.com. If you or one of your colleagues would like to receive the firm’s Business and Real Estate Litigation Reporter , contact Marlena Chumo at (310) 281-6328, or by e-mail at mchumo@ecjlaw.com.
