As we noted in our recent post on the Second Circuit case Herrick v. Grindr, LLC, Section 230 of the Communications Decency Act (CDA) continues to provide immunity to online intermediaries from liability for user content, despite pressure from courts and legislatures seeking to chip away at this safe harbor. The Federal Circuit case Marshall’s Locksmith Service Inc. v. Google, LLC serves as another example of Section 230’s resiliency.

In Marshall’s Locksmith, the Federal Circuit affirmed the dismissal of claims brought by 14 locksmith companies against search engine operators Google, Microsoft and Yahoo! for allegedly conspiring to allow “scam locksmiths” to inundate the online search results page in order to extract additional advertising revenue.

The scam locksmiths at issue published websites targeting heavily populated locations around the country to trick potential customers into believing that they were local companies. These websites provided either a fictitious address or no address at all, and falsely claimed that they were local businesses. The plaintiffs asserted various federal and state law claims against the search engine operators relating to false advertising, conspiracy and fraud based on their activities in connection with the scam locksmiths’ websites. Continue Reading Federal Circuit Holds that Section 230 Locks Out Locksmiths

The French data protection authority, the CNIL, continues to fine organizations for failing to adopt what the CNIL considers to be fundamental data security measures. In May 2019, the CNIL imposed a EUR 400,000 fine on a French real estate company for failing to have basic authentication measures on a server and for retaining information too long. This is the second fine by the CNIL under the EU General Data Protection Regulation 2016/679 (GDPR) after the one against Google. The decision is among many pre-GDPR fines imposed by the CNIL for failing to meet security standards, and shows that data security continues to be a high enforcement priority for the CNIL.


French real estate company Sergic operated a website where individuals could upload information about themselves for their property rental applications. Responding to a complaint by an applicant, the CNIL investigated Sergic in September 2018, as it appeared that applicants’ documents were freely accessible without authentication (by modifying a value in the website URL). The CNIL confirmed the vulnerability and found that almost 300,000 documents were accessible in a master file containing information such as individuals’ government issued IDs, Social Security numbers, marriage and death certificates, divorce judgments, and tax, bank and rental statements. The CNIL also discovered that Sergic had been informed of the vulnerability back in March 2018 but did not fix it until September 2018.
Continue Reading The CNIL Strikes Again – Mind Your Security

A California Superior Court’s recent ruling in Murphy v. Twitter held that Section 230 of the Communications Decency Act shielded Twitter from liability for suspending and banning a user’s account for violating the platform’s policies. As we have previously noted, Section 230 has come under pressure in recent years from both courts and legislatures. But we have also examined other cases demonstrating Section 230’s staying power. The ruling in Murphy again shows that, despite the challenges facing Section 230, the statute continues to serve its broader purpose of protecting social media platforms from the actions of their users while allowing those platforms to monitor and moderate their services.

From January to mid-October 2018, Meghan Murphy posted a number of tweets that misgendered and criticized transgender Twitter users. After first temporarily suspending her account, Twitter ultimately banned her from the platform for violating its Hateful Conduct Policy. Twitter had amended this policy in late October 2018 to specifically include targeted abuse and misgendering of transgender people. Continue Reading California Court Finds Section 230 Protects Decision to Suspend and Ban Twitter Account

As we have frequently noted on Socially Aware, Section 230 of the Communications Decency Act protects social media sites and other online platforms from liability for user-generated content. Sometimes referred to as “the law that gave us the modern Internet,” Section 230 has provided robust immunity for website operators since it was enacted in 1996. As we have also written previously, however, the historically broad Section 230 immunity has come under pressure in recent years, with both courts and legislatures chipping away at this important safe harbor.

Now, some lawmakers are proposing legislation to narrow the protections that Section 230 affords to website owners. They assert that changes to the section are necessary to protect Internet users from dangers such as sex-trafficking and the doctored videos known as “deep fakes.”

The House Intelligence Committee Hearing

Recently, a low-tech fraudulent video that made House Speaker Nancy Pelosi’s speech appear slurred was widely shared on social media, inspiring Hany Farid, a computer-science professor and digital-forensics expert at the University of California, Berkeley, to tell The Washington Post, “this type of low-tech fake shows that there is a larger threat of misinformation campaigns—too many of us are willing to believe the worst in people that we disagree with.” Continue Reading Legislators Propose Narrowing § 230’s Protections

In March, Socially Aware reported on a lawsuit involving several prominent news outlets’ publication of a photo of NFL quarterback Tom Brady on Twitter. The case had the potential to upend a copyright and Internet-law rule that, in the words of a Forbes columnist, “media companies had viewed as settled law for over a decade.” Read exactly what common-law copyright rule the case called into question, and how the Tom-Brady-Twitter-photo lawsuit concluded without resolving the status of that rule.

Rep. Alexandria Ocasio-Cortez blocked the conservative media outlet The Daily Caller from following her on Twitter after the publication disputed something she’d said in connection with her Green New Deal resolution. Some First Amendment experts argue that public officials’ blocking of accounts on social media doesn’t violate the free speech rights of the owners of those blocked accounts. Last year, however, in a case filed by Columbia University’s Knight First Amendment Institute and seven individuals who claimed President Trump had blocked them on Twitter, a federal district court in New York held that Twitter’s “interactive space” constitutes a public forum, and that blocking users violates their right to free speech.

A draft law in Germany is believed to be the first regulatory proposal in Europe “to impose binding diversity obligations on social media platforms’ ranking and sorting algorithms,” according to the authors of a post on a media blog belonging to the London School of Economics. The proposed law would, among other things, prohibit “media intermediaries”—a category that includes social media platforms, search engines and news aggregators—from “unfairly disadvantage[ing] (directly or indirectly) or treat[ing] differently providers of journalistic editorial content to the extent that the intermediary has potentially a significant influence on their visibility.”

The government of Bahrain, an island-country in the Persian Gulf that has been increasing security since a Shi’ite Muslim-led uprising in 2011, recently sent text messages to its citizens’ phones warning them that merely following activist social media accounts could result in legal liability.

Pursuant to a 2016 Russian law that requires social media sites to acquiesce to the government’s requests for user data, the Russian government is requiring the dating app Tinder to collect and turn over all of its user data for at least six months. Blackmail fodder, anyone?

North Face, an outdoor-activity-accoutrements company, secretly executed an ad campaign on Wikipedia. The campaign may have been an ingenious way to get North Face’s products at the top of world travelers’ Google results, but it violated the educational platform’s terms of service and struck many people as unethical. The company and its ad agency have since apologized.

In a case that serves a reminder of the increasing use of social media posts as evidence in courts of law, a court near Paris held that a French rock star’s Instagram account provided sufficient evidence to prove that the musician had spent enough time in France over several years to give a French court competence over the his estate.

Nevada just joined California as the second state to enact an opt-out right for consumers from the “sale” of their personal information. Senate Bill 220, which was signed into law on May 29, 2019, is scheduled to take effect on October 1, 2019, three months prior to its precursor under the California Consumer Protection Act (the CCPA). The opt-out right is one of several changes made to Nevada’s existing online privacy law, which requires operators of commercial websites and other online services to post a privacy policy. In addition to the new opt-out right, the revised law exempts from its requirements certain financial institutions, HIPAA-covered entities, and motor vehicle businesses. Continue Reading Nevada Enacts CCPA-Style Opt-Out Right for Consumers—but Similarities Are Few

Last week, German regulators decided to no longer accept the widely used “JusProg” software as a sufficient means for online service providers to comply with statutory youth protection requirements. The decision is effective immediately, although it will most likely be challenged in court. If it prevails, it puts video-sharing platforms, distributors of gaming content, and online media services at risk of being held accountable for not properly protecting minors from potentially harmful content. For the affected providers, this is particularly challenging because it will be hard, if not impossible, to implement alternative youth protection tools that will meet the redefined regulatory standards.

This alert provides the legal background for the decision and discusses its implications in more detail. It is relevant to all online service providers that target German users. Continue Reading Youth Protection in Germany: Are Online Age Checks & Daytime Blackouts Ahead?

A federal district court in California has added to the small body of case law addressing whether it’s permissible for one party to use another party’s trademark as a hashtag. The court held that, for several reasons, the 9th Circuit’s nominative fair use analysis did not cover one company’s use of another company’s trademarks as hashtags. Whether a hashtag is capable of functioning as a trademark, the topic of two of Socially Aware’s most popular posts, is—of course—another issue entirely.

In what The New York Times describes as “the latest in a line of rulings allowing companies to use arbitration provisions to bar both class actions in court and class-wide arbitration proceedings,” the Supreme Court held that the employment agreements of workers at the lighting fixture retailer Lamps Plus can’t band together to sue the company for allegedly failing to protect their data. The details of the data breach make for an interesting read.

The U.K.’s data regulator has proposed rules that would prevent social media platforms from allowing children to “like” posts. Here’s why.

Officials in a Georgia city might pass a law that would allow elected and appointed officials and employees of the city to sue—at the city’s taxpayers’ expense—anyone who defames them on social media.

Instagram influencer Gianluca Vacchi, who is not a fictional character, but—according the complaint he filed in a federal court in New York—“an international social media celebrity, influencer, fashionista, and disk jockey” —is suing E*Trade for allegedly depicting a character in its commercials who is “stunningly identical” to him. The suit claims copyright infringement, Lanham Act false association and unfair competition, and violation of New York’s right of publicity and privacy.

The Chinese social media company Weibo restored access to this type of content from its platform after significant backlash from its users.

In the age of smartphones and social media, what can trial lawyers do to secure a jury that relied only on the evidence presented in court?

Artificial intelligence is informing which items McDonald’s includes on its outdoor digital menu displays.

The California State Bar is considering using artificial intelligence, too. The bar hopes that AI can help it to more efficiently determine which attorney misconduct complaints to pursue, and perform a function that affects every wannabe lawyer.

Should Wendy’s put Spicy Chicken Nuggets back on its menu? Social media users have spoken (with some prompting from Chance the Rapper).

The Directive on Copyright in the Digital Single Market (Directive) was finally approved by all EU legislative bodies on April 15, 2019. Introducing “modernizing EU copyright rules for European culture to flourish and circulate” was a key initiative of the European Commission’s Digital Single Market (DSM), which, according to the Commission’s President Jean-Claude Juncker, has now been completed by the Directive as “the missing piece of the puzzle.” The Directive was approved, just in time for the elections to the EU Parliament taking place in May 2019. Within a period of 24 months, the Member States are required to implement the Directive’s provisions into national law.

Various Member States have issued, along with their approval of the Directive, statements regarding their interpretation of the Directive and voicing quite different views about the upcoming implementation process. While Germany strongly opposes the notion of upload filters, it appears that France is in favor of a copyright protection mechanism that includes upload filters. At the same time, it remains a pressing question whether currently available algorithm-based filters would even be able to sufficiently differentiate between infringing and non-infringing content. Continue Reading The EU Copyright Directive Passes – But Member States Remain Split on Upload Filters

Often hailed as the law that gave us the modern Internet, Section 230 of the Communication Decency Act generally protects online platforms from liability for content posted by third parties. Many commentators, including us here at Socially Aware, have noted that Section 230 has faced significant challenges in recent years. But Section 230 has proven resilient (as we previously noted here and here), and that resiliency was again demonstrated by the Second Circuit’s recent opinion in Herrick v. Grindr, LLC.

As we noted in our prior post following the district court’s order dismissing plaintiff Herrick’s claims on Section 230 grounds, the case arose from fake Grindr profiles allegedly set up by Herrick’s ex-boyfriend. According to Herrick, these fake profiles resulted in Herrick facing harassment from over 1,000 strangers who showed up at his door over the course of several months seeking violent sexual encounters. Continue Reading Appeals Court Again Upholds Section 230 Protections in Case Against Grindr