In a seemingly simple little case that has turned out to have all kinds of interesting and important twists, the United States Court of Appeals for the Ninth Circuit last month held that Section 230 of the Communications Decency Act did not preclude a plaintiff from stating a valid claim for promissory estoppel against an Internet service provider.
The case, Barnes v. Yahoo!, Inc., arose in 2004 when Cecilia Barnes broke up with her long-term boyfriend, who responded by creating in Barnes’s name several Yahoo profiles that contained nude pictures of Barnes and various open solicitations for sex. When Barnes was flooded with calls, personal visits, and emails, she followed Yahoo’s policy for getting a fraudulent profile removed by mailing in a request. Two months later, the profiles remained, so Barnes contacted a local news program who began to report the story. The day before the story was to run, a Yahoo representative contacted Barnes, asked her to fax in another removal request, and said she would “personally walk the statement over” to the group responsible for taking down a profile and see that it got done.
It did not, and Barnes sued for negligent undertaking, as described in Section 323 of the Restatement (Second) of Torts, and for promissory estoppel.
Barnes claimed that by promising to take down her profile and then failing to do so, Yahoo had undertaken a task that it subsequently completed negligently. Moreover, Barnes asserted, Yahoo's promise constituted a contract that, once Barnes had relied upon it, the company could not later repudiate.
In response to the complaint, Yahoo moved to dismiss, arguing that Section 230 of the CDA provides Yahoo with immunity from Barnes's claims. Section 230(c) reads, in part:
No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.
Yahoo is clearly an “interactive computer service” provider, and it did not create or develop the profiles at issue in whole or in part, so Yahoo should not have liability on any claim that would treat it as the "publisher" of those profiles.
On appeal, the Ninth Circuit held that Barnes’s negligent undertaking claim was barred by the Section 230 because, in the final analysis, what Barnes was alleging that Yahoo failed to do with due care was to remove a profile from its Web site. That, the court said, is the essence of publishing -- deciding what gets published and what does not -- and Section 230 precludes Yahoo from liability for its actions as a publisher.
However, the court came to a different conclusion with respect to Barnes's promissory estoppel claim. That claim, the court said, is a contract claim, not a tort claim, and Yahoo’s alleged breach had nothing to do with its role as a publisher. Rather, Yahoo's potential liability was based on its promise to do something that it later failed to do.
To be clear, in addressing the negligent undertaking claim, the court said that the task that Yahoo had failed to complete constituted publishing and was covered by Section 230, and yet that very same conduct in the context of a contract claim was actionable.
While the court was careful to say that a simple monitoring policy or even “an attempt to help a particular person” will not always give rise to a contract claim, where the facts suggest that the company intended to be bound by its words, a claim might arise. The court said that the solution for companies like Yahoo is easy -- “disclaim any intention to be bound” in the language of any monitoring policy or when agreeing to help a particular customer.
Leaving aside the particular claims, the court also made an interesting procedural ruling that may actually have more far-reaching impact than the rulings on the particular claims. The case had reached the court on a motion to dismiss in which Yahoo cited Section 230 as the reason Barnes failed to state a claim. The Ninth Circuit made clear that a Section 230 defense is an affirmative defense that is not appropriately asserted as a motion to dismiss, but rather as part of an answer.
For an interesting discussion of the implications of this part of the ruling, see this post on the Technology and Marketing Law Blog, which has posted extensively on this case.
Add a comment
Archives
- January 2022
- June 2021
- March 2020
- August 2019
- March 2019
- October 2018
- July 2016
- June 2016
- May 2016
- February 2016
- November 2015
- September 2015
- July 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- July 2014
- March 2014
- July 2013
- June 2013
- April 2013
- March 2013
- October 2012
- September 2012
- August 2012
- April 2012
- March 2012
- February 2012
- January 2012
- November 2011
- September 2011
- June 2011
- May 2011
- April 2011
- February 2011
- January 2011
- December 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2006
- February 2006
Recent Posts
- Rethinking Your Cyber Insurance Needs as Your Workplace Evolves
- Data Breach Defense for Educational Institutions
- COVID-19 and the Increased Cybersecurity Risk in a Work-From-Home World
- Like Incorporating Facebook into your Website? EU Decision Raises New Issues
- Lessons Learned: Key Takeaways for Every Business from the Capital One Data Breach
- Will Quick Talks to WRAL About Privacy Issues Related to Doorbell Cameras
- About Us
- Not in My House - California to Regulate IoT Device Security
- Ninth Circuit Says You’re Going to Jail for Visiting That Website without Permission
- Ninth Circuit Interprets “Without Authorization” under the Computer Fraud and Abuse Act
Topics
- Data Security
- Data Breach
- Privacy
- Defamation
- Public Records
- Cyberattack
- FCC Matters
- Reporters Privilege
- Political Advertising
- Newsroom Subpoenas
- Shield Laws
- Internet
- Miscellaneous
- Digital Media and Data Privacy Law
- Indecency
- First Amendment
- Anti-SLAPP Statutes
- Fair Report Privilege
- Prior Restraints
- Education
- Wiretapping
- Access to Courtrooms
- FOIA
- HIPAA
- Drone Law
- Access to Search Warrants
- Access to Court Dockets
- Intrusion
- First Amendment Retaliation
- Mobile Privacy
- Newsroom Search Warrants
- About This Blog
- Disclaimer
- Services