The Law and Business of Social Media
March 06, 2024 - Section 230 Safe Harbor, Digital Content, Social Media Policy, Defamation

Part 3 – Section 230: 27 Years Old and Still in the Spotlight

In the prior two installments of our six-part series examining Section 230, the section of the 1996 Communications Decency Act (CDA) that immunizes online service providers from liability stemming from the publication and filtering of content created by a third party, we looked at the origins of Section 230 and the early cases that established the broad scope of the safe harbor.

In this third installment, we examine a trend in the cases that started in about 2015, in which the broad interpretation of Section 230 that characterized the early cases started to meet with some resistance and plaintiffs found ways to plead around the safe harbor. If you missed our prior installments, we suggest that you go back and read those before moving on to this third installment (here are Part 1, Part 2(A), and Part 2(B)).

Before we discuss the cases referenced above, recall that a defendant receives immunity under Section 230(c)(1) only if:

  1. it is a provider or user of an interactive computer service (“Prong One”);
  2. whom the plaintiff seeks to treat as a publisher or speaker of information (“Prong Two”); and
  3. that information was provided by another information content provider (“Prong Three”).

See Barnes v. Yahoo! (9th Cir. 2009) for this three-prong articulation.

This opens three potential lines of attack for a plaintiff seeking to overcome a defendant’s Section 230 defense:

  • Attack Prong One. Defendant’s liability is not related to being a provider or user of an interactive computer service.
  • Attack Prong Two. Defendant’s liability is not based on being a publisher or speaker of information.
  • Attack Prong Three. The information at issue was not provided by another information content provider.

We will now look at a series of cases in which plaintiffs successfully attacked Prong One, Prong Two, or Prong Three.

Attack Prong One. Defendant’s liability is not related to being a provider or user of an interactive computer service.

 Prong One is not usually at issue in cases where a platform (e.g., a social media site) is the defendant. Platforms are almost always deemed to be providers of interactive computer services. But courts sometimes struggle with immunity for users (as opposed to providers) of interactive computer services. This typically arises in cases where an individual forwards or shares defamatory content originally created by someone else. As we saw in cases such as Batzel v. Smith and Barrett v. Rosenthal, discussed in Part 2, courts have often extended the Section 230 immunity to users in accordance with the plain language of the statute. But not always. And sometimes, when they rejected the applicability of Section 230 in these situations, courts did so either by ignoring that users are also protected under Section 230 or by finding that the defendant was not acting as a user with respect to the objectionable conduct.

Maxfield v. Maxfield, a Connecticut case from 2015, is an example of this. In Maxfield, the plaintiff sued his ex-wife for defamation, claiming that she forwarded screenshots of defamatory tweets about him to his current wife. The ex-wife defended on Section 230 grounds, based on the fact that she forwarded third-party tweets but did not write the tweets herself. The court, however, found that she was not covered by Section 230 immunity because she “merely transmitted” the defamatory messages. The opinion states: “Ms. Maxfield does not operate a website and plainly is not ‘a provider of an interactive computer service.’ While she might, on occasion, be considered a ‘user of an interactive computer service,’ she did not do so in the behavior alleged in the complaint.” Therefore, the court rejected the defendant’s Section 230 defense.

Attack Prong Two. Defendant’s liability is not based on being a publisher or speaker of information.

Attacking Prong 2 by arguing that the defendant’s liability is not based on acting as a publisher or speaker has often met with success. As we discussed in Part 2, Barnes v. Yahoo!, was an early example of this. In that case from 2009, the Ninth Circuit held that Section 230 did not immunize Yahoo from the plaintiff’s promissory estoppel claim because the claim was not based Yahoo’s activities as a publisher or speaker but rather from Yahoo’s promise to remove the third-party content at issue. Such cases were relatively rare, however, for about the first decade of Section 230’s existence.

That started to change with cases such as Doe v. Internet Brands, a Ninth Circuit case from 2016 in which a Jane Doe plaintiff sued Internet Brands, the parent company of Model Mayhem, alleging that the site’s operators were negligent in failing to notify its users of the risk that rapists were using the website to find victims. Consequently, Doe argued, she was drugged and raped by two assailants who had used the website to lure her to a fake audition.

The plaintiff argued that Section 230 did not apply because a “failure to warn” claim did not depend on Model Mayhem being the publisher or speaker of content provided by another person. The Ninth Circuit bought the plaintiff’s argument and overturned the district court’s earlier dismissal of the case, which had been based on Section 230 immunity.

In his opinion, Judge Clifton explained that Jane Doe did not seek to hold Internet Brands liable as a publisher or speaker of content posted by a user on the website, or for its failure to remove content posted on the website. Instead, she sought to hold Internet Brands liable for failing to warn her about information it obtained from an outside source about how third parties targeted victims through the website. This duty to warn would “not require Internet Brands to remove any user content or otherwise affect how it publishes or monitors such content.” Since the claim did not treat Internet Brands as a publisher or speaker, the court ruled that Section 230 did not apply.

A similar argument worked—to an extent—in Darnaa v. Google, a Northern District of California case from 2016 that involved YouTube’s removal of the plaintiff’s music video based on YouTube’s belief that the plaintiff had artificially inflated view counts. The plaintiff sued for breach of the covenant of good faith and fair dealing, interference with prospective economic advantage, and defamation. She sought damages and an injunction to prevent YouTube from removing the video or changing the video’s URL.

The district court held that Section 230(c)(1) preempted the plaintiff’s interference claim, but not her good faith and fair dealing claim. The court explained that the latter claim sought to hold YouTube liable for breach of its good faith contractual obligation to the plaintiff, rather than in its capacity as a publisher; as such, Section 230 did not shield YouTube against this claim.

In yet another case from 2016, the Northern District of California court in Airbnb v. City and County of San Francisco denied Airbnb’s request for a preliminary injunction barring enforcement of a San Francisco ordinance that makes it a misdemeanor to provide booking services for unregistered rental units. Airbnb argued that such an ordinance would conflict with Section 230, which contains an express preemption clause stating that no liability may be imposed under any state or local law that is inconsistent with Section 230. But the court held that the ordinance did not treat Airbnb as the publisher or speaker of Airbnb’s rental listings because the ordinance applies only to providing and collecting fees for booking services in connection with an unregistered unit, and does not regulate what can and cannot be published. Therefore, the court denied the request for preliminary injunction.

Attack Prong Three. The information at issue was not provided by another information content provider.

As we noted in Part 2 in connection with the case, Section 230(c)(1) immunity only applies if the relevant information was “provided by another information content provider.” If the defendant itself created the relevant content, in whole or in part, then it cannot avail itself of the safe harbor. In the time period we are looking at here, plaintiffs increasingly met with success in attacking this Prong Three element of Section 230.

In Diamond Ranch Academy v. Filer, a 2016 district court case from Utah, the plaintiff, who ran a residential youth treatment facility, sued the defendant, who ran a website where those who had attended plaintiff’s facility could share their experiences, for defamation. The defendant asserted a Section 230 defense, arguing that she had merely summarized “many of the core complaints about [the plaintiff’s facility] in a format that [was] more digestible than reading through many separate survivors’ testimonies,” and, in doing so, was exercising her prerogative as a publisher (after all, publishers often edit materials before publishing them). The court disagreed. The court pointed out that the defendant’s posts “do not lead a person to believe that she is quoting a third party. Rather, [she] has adopted the statements of others and used them to create her comments on the website.” The court also noted that some of the third-party statements did “not retain their original form.” With respect to the summaries of third-party statements, the court held that the plaintiff was not entitled to immunity under Section 230 because she was the author.

In the 2016 case Huon v. Denton, the Seventh Circuit Court refused to immunize the defendant from liability for an allegedly defamatory comment posted on its website. The case involved a comment to a story published on Jezebel, a property owned by Gawker, that called the plaintiff a “rapist.” The court held that the plaintiff’s claim survived the defendant’s motion to dismiss on Section 230 grounds because the plaintiff had plausibly alleged that Gawker employees anonymously authored comments to increase traffic to the website (even though there was no allegation that Gawker employees had written the specific allegedly defamatory comment at issue).

In Samsel v. DeSoto County School District, a 2017 case from the Northern District of Mississippi, the superintendent of a school district forwarded to 48 principals in his district an email that he had received from the chair of the school board. The chair of the school board had received the original email from a math teacher. The email from the math teacher contained allegedly defamatory statements about the plaintiff, a football coach. When forwarding the email, the superintendent included a cover note asking the recipients to “[p]lease share this email with your staff from the Chairman of our School Board. As Superintendent I agree with [the chair of the school board] 100 percent! Tell your staff they have permission to respond at will.” The plaintiff sued the superintendent for defamation and the superintendent attempted to invoke Section 230(c)(1).

The district court acknowledged that persuasive authority from other courts suggested that the default rule was that “one who forwards an email written by another which contains defamatory statements enjoys immunity under [Section 230],” but it distinguished the current case on the grounds that the superintendent added defamatory content (i.e., the cover note). According to the court, the superintendent’s position gave him access to information that could confirm or deny the truth of the math teacher’s statements, so his expression of “100 percent” support of the chair’s email “essentially endorsed and confirmed the veracity of the accusations, in the eyes of the reader.” Therefore, the court held, “a jury could reasonably find that [the superintendent] . . . essentially became a publisher of defamatory material himself, within the meaning of [Section 230].”


Please look out for installment number four of this six-part series, where we continue to trace the history of Section 230.