E-Commerce Law Week, Issue 497

Report on Data Insecurity Names Names

Despite enforcement actions by the Federal Trade Commission, a nearly nationwide patchwork of state breach notification laws, and several industry initiatives, identity theft remains a serious problem.  In a paper released late last month, Chris Hoofnagle, a Senior Fellow of the Berkeley Center for Law & Technology, proposed a free market solution:  provide consumers with better information about the incidence of identity theft at financial institutions and telecom carriers, and then let them "vote with their feet."  Using data culled from identity theft reports submitted to the FTC in January, March, and September of 2006, Hoofnagle found that "some institutions have a far greater incidence of identity theft than others," with Bank of America having the highest number of identity theft events (over 1,000 a month), and HSBC having the highest incidence of identity fraud among the largest U.S. banks (an estimated 21 annual incidents per billion in deposits).  Hoofnagle also found that "major telecommunications companies had numerous identity theft events" and discovered that identity thieves apparently focus on a short list of targets -- according to his paper, 25 financial and telecom institutions accounted for nearly 50% of identity theft complaints for the three months studied.

Court Upholds CDA Immunity for Website that Categorized and Encouraged Defamatory Posts

Section 230(c)(1) of the Communications Decency Act (CDA) gives websites and other "provider[s] or user[s] of an interactive computer service" broad immunity from suits that "treat[]" them as the "publisher or speaker of any information provided by another information content provider."  But some courts have held that a service provider's participation in the development of content can deprive it of CDA immunity.  A federal court in Florida recently weighed in on this issue, ruling in Whitney Information Network, Inc. v. Xcentric Ventures, LLC, that the CDA protected Xcentric and its founder from a suit over allegedly defamatory consumer reports posted to their "Rip-Off Report" (ROR) website by third parties, despite the defendants' actions to categorize and encourage such posts.  Whitney Information Network (WIN) -- which provides seminars and educational programs on real estate and investing -- brought the suit after it discovered that several unflattering and allegedly inaccurate reports about its business had been posted to the ROR website.  In granting the defendants' motion for summary judgment, the court concluded that the defendants were not responsible for the "creation or development" of these allegedly defamatory postings even though the defendants "created" the categories under which visitors to the site were required to classify their postings, "actively solicit[ed] visitors to post reports about companies that rip-off consumers," and provided guidance to visitors for the preparation of reports.  Rather, the court held that the visitors themselves were ultimately responsible for the categorization and content of their posts.  So, while some courts have recently limited the scope of CDA immunity, others appear committed to a broad reading of that statute's protections for online service providers. 

EC Asks Greece and the Netherlands to Amend Gambling Laws

The European Commission has again reminded EU Member States that inconsistent treatment of foreign and domestic gambling operators can be a losing proposition.  Noting that Greece and the Netherlands have continued to promote "addictive" state-run games while placing significant restrictions on gambling providers licensed in other Member States, the EC announced on February 28 that it has "formally requested" that these countries bring their gambling laws into compliance with EU law, which requires Member States to be “consistent and systematic” in their efforts to limit gambling activities.  According to the EC, Greek and Dutch laws prohibit providers licensed in other Member States from offering their services in Greece and the Netherlands, respectively, and also place restrictions on domestic advertising of foreign gambling services.  (The Greek restrictions reach providers of both sports betting and games of chance, while Dutch restrictions apply only to sports betting.)  The EC opined that these restrictions were "not compatible" with Article 49 of the EC Treaty -- which guarantees nationals of Member States the freedom to provide services anywhere within the Community -- and noted that these states' restrictions on gambling services had "not been shown to be necessary, proportionate and non-discriminatory."  If Greece and The Netherlands do not provide a "satisfactory response" to the EC's requests within two months, they may be called before the European Court of Justice.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.