E-Commerce Law Week, Issue 446

Service Providers' CDA Shield Withstands Two New Attacks

Plaintiffs' search for chinks in websites' Communications Decency Act (CDA) armor continues.  Section 230(c)(1) of the CDA has been interpreted as giving websites and other "provider[s] or user[s] of an interactive computer service" broad immunity from suits that "treat[]" them as the "publisher or speaker of any information provided by another information content provider."  Some plaintiffs have tried to pierce, or circumvent, this shield by focusing on websites' operational policies and practices as distinct from their "editorial" functions.  But two courts recently recently rejected this novel theory.  In Universal Communication Systems, Inc. v. Lycos, Inc., the First Circuit turned away plaintiffs' contention that "the construct and operation of Lycos's web sites contributed to the proliferation of misinformation," finding that Lycos' choice of "registration process" and "link structure" was "an editorial decision" protected by Section 230.  And in Doe v. MySpace, Inc., a federal court in Texas found that plaintiffs' suit was "based on MySpace's editorial acts," not its alleged "negligent failure to take reasonable safety measures to keep young children off of its site," and therefore granted the social networking site's motion to dismiss.  These rulings suggest that even if a website's use policies or technical features permit the posting of inaccurate and harmful information, website operators should still be able to claim CDA immunity for content posted by third parties.

Court Upholds Search Engines' Right to Reject Ads

Meanwhile, in a case invoking another CDA immunity provision, a federal court in Delaware held that a person cannot sustain a First Amendment claim against a search engine for refusing to run his ads.  In Langdon v. Google, Inc., the court dismissed First Amendment claims against Google, Microsoft, and Yahoo!, finding that the plaintiff's requested relief -- requiring the search engines to place his ads "in prominent places on their search engine results" and to "'honestly' rank" his websites -- violated the search engines' own free speech rights.  The court also held that the search engines were protected by Section 230(c)(2)(A) of the CDA, which prohibits holding service providers liable for their "good faith" efforts to restrict access to "objectionable" material.  Finally, the court found the plaintiff could not make out a First Amendment claim because the search engines are not "state actors" subject to constitutional restrictions.  While not surprising, the court's ruling should reassure search engines that, despite their increasingly important social role, they remain private actors entitled to make editorial decisions about what information to display through their services.

FTC Aces Another Self-Graded Exam, While Issuing Warning to Social Networking Sites

Like many of the school-aged children it is tasked with protecting, the Children's Online Privacy Protection Act (COPPA) recently received a report card of sorts -- from the Federal Trade Commission.  When Congress enacted COPPA in 1998, it required the FTC to review the effectiveness of its implementing rule within five years of its effective date.  In its report, which was begun in 2005 and completed last month, the FTC gives itself and its Rule generally high marks, but also cites a few areas of concern.  The report concludes that since "COPPA and the Rule enhance parental involvement in children’s online activities; help protect children’s privacy and safety online; maintain the security of children’s personal information collected online; and limit the online collection of personal information from children without parental consent," without imposing "overly burdensome or disproportionate" requirements on business, no changes to the FTC's implementation of the COPPA are necessary.  But it also repeatedly warns of the emerging dangers posed by social networking sites.  Coupled with the Commission's 2006 settlement with social networking site Xanga.com -- which, at $1,000,000, is by far the largest COPPA civil penalty to date -- the report's focus on social networking sites suggests that the FTC may begin targeting such sites and other online services that market themselves to adults and teens but are nonetheless popular among children.

California Decision Opens the Door to More Pretexting Suits

When it comes to pretexting, where California leads, the federal government soon follows.  Several months after California enacted legislation prohibiting the misrepresentation of one's identity to obtain confidential phone records, the federal government followed suit.  And in pretexting cases stemming from Hewlett-Packard's boardroom spying scandal, California's attorney general last October announced that he was pressing charges, while the feds waited until January to take action.  (The California charges were dropped yesterday, as we will discuss in next week's ECLW.)  So companies that routinely handle customers' personal information may want to take note of a recent pretexting-related ruling by the California Supreme Court.  In Taus v. Loftus, the court held that a common law privacy claim based on a researcher's alleged use of misrepresentation to trick a woman into disclosing personal information about her former foster daughter could proceed, since "a jury could find that plaintiff reasonably expected that an investigator would not seek and obtain access to such personal information about her from a relative or friend by falsely posing as an associate or supervisor of a mental health professional in whom plaintiff had confided."  Thanks to this ruling, plaintiffs in California may be able to sustain pretexting actions not only in cases where confidential information is held in a computerized or physical record, but also where the information resides in the mind of a close friend, relative, or perhaps even a business associate.  The court's ruling also indicates that plaintiffs may be able to bring successful suits based on pretexting even in the absence of a specific statute prohibiting such conduct, at least where truly personal information is at issue and the defendants' actions are particularly egregious.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.