An Interactive Company Website Does Not Necessarily Mean Liability

As social media continues to expand on the internet, more and more businesses are developing and setting up their own websites. These websites can include public Facebook pages, social media forum pages and blogs. With such increasing popularity, businesses must understand the legal ramifications of owning and running a website and allowing third party individuals to post messages or content on the site.

A key question many business leaders ask is "whether their company is legally responsible when a third party posts defamatory statements or illegal content on its website." Generally, the answer is no. The Communications Decency Act of 1996, 47 U.S.C § 230, grants providers of interactive computer services with legal immunity. Interactive computer services are defined as "any information service...that provides or enables computer access by multiple users to a computer server...." Thus, while the writers of the defamatory content may be liable for defamation, the distributors of the information, or website owners, are not liable. This immunity is critical for any business that decides to host a website, particularly when more and more companies have set up public Facebook pages. Indeed, recent cases have shown that a variety of businesses, including online review forums, search engines and chat sites, may be affected by this legislation.

Eligibility Requirements For §230

The Communications Decency Act provides that a service provider, such as an online blog host, will not be liable for potentially unlawful, or defamatory, speech on its website, if the following three elements are established:

  • The person or entity must be a provider or user of an interactive computer service;
  • The underlying claim must treat the service provider as a publisher or speaker of the information; and
  • The communication at issue must have been provided by another information content provider.

Broad Immunity For Internet Service Providers

In applying this statute, a majority of courts have determined that Congress intended to grant "broad immunity to entities...that facilitate the speech of others on the Internet." In Johnson v. Arden, the Eighth Circuit held that an interactive website, where the public could post comments about businesses, was immune to liability for defamation under § 230. In that case, a cat breeding business alleged that the website operator conspired with its users to post multiple false statements about the business on the website. The court noted that the majority of federal circuit courts have interpreted § 230 broadly. Ultimately, the court held that the website was nothing more than a service provider and that it did not exercise control over the content of the posts. Therefore, it was immune from liability for the information produced by the third-party users of its site.

Immunity has also been extended to providers who had notice of the unlawful speech posted on their sites. In Zeran v. America Online, Ken Zeran sued AOL for defamatory statements posted on AOL's website bulletin board. Specifically, the posts listed Zeran's home phone number and advertised that he was selling offensive t-shirts regarding the Oklahoma City bombing. Over a period of about five days, Zeran contacted AOL repeatedly, to complain that the posts caused him to receive excessive phone calls and death threats. Despite AOL's knowledge of the defamatory comments, the court held that AOL was not liable for the third-party's posts, pursuant to section 230. The court stated that "Congress made a policy choice...not to deter harmful online speech through the separate route of imposing tort liability on companies that serve as intermediaries for other parties' potentially injurious messages." Furthermore, the court held that the effects of notice-based liability would subject providers to an "impossible burden" of monitoring the vast amount of speech communicated over the internet. Thus, whether the defendant had notice of the defamatory posts is irrelevant for purposes of the Communications Decency Act.

State Court Application Of The CDA

State courts have also applied the Communications Decency Act broadly. For instance, the most popular social media site, Facebook, was sued for defamation after four of its users posted negative sexual comments about someone on the website. Facebook sought dismissal of the claim, asserting immunity under § 230, as an interactive computer service. While Facebook's qualification as an interactive computer service was undisputed, a question still existed about whether it was eligible for § 230 immunity because its "Terms of Use grant[ed] [Facebook] an ownership interest in the alleged defamatory content."Although the Terms of Use did contain such a provision, the court determined that Facebook's ownership interest in the content on its website was irrelevant to a § 230 analysis. Ultimately, because Facebook was a service provider and "there was no claim [that it] had any hand in creating the content," it was not liable under § 230.

Businesses Should Avoid Posting Their Own Comments

The best way for businesses to qualify for immunity under the Communications Decency Act is to remain uninvolved with the creation and content of the posts on their website. Indeed, a website will be held liable for its own unlawful statements, but not for content produced by third parties that it allows to appear online. Thus, ensuring that a website host's conduct does not rise to the level of a "content provider" is very important. In fact, the Fourth Circuit has noted that "the scope of section 230 immunity turns on whether the service provider's actions also make it an 'information content provider.'"

This issue was recently discussed in Hare v. Richie, when Dirty World, the owner of a gossip website with the domain name "thedirty.com," was sued for defamatory comments posted on the website about Hare. Dirty World filed a motion to dismiss, claiming protection under the Communications Decency Act. Whether the website was an information content provider of the allegedly defamatory comments, and thus unable to be provided immunity under §230, was the central issue in the case. The posts were largely written by users of the defendant-website. However, multiple comments were published, in reply to the posts, by the founder and editor of the website, Nik Richie. Ultimately, the court denied Dirty World's motion, finding that Richie's comments may satisfy the elements of defamation and thus, could expose the website to liability. However, the court explicitly stated that Dirty World "will be free to raise the issue of §230(c)(1) immunity" in a motion for summary judgment, for the posts made by its users. Further, the court also noted that Dirty World could address, in the same motion, whether the thedirty.com founder's comments actually did constitute defamation, which the court seemed to believe they did not. Thus, a business should be careful, or avoid, posting comments of its own in response to its users potentially unlawful posts.

Service providers still enjoy immunity even if they exercise some discretion about what comments are posted on their website. For example, in Dimeo v. Max, Max had a blog and message board on which multiple people allegedly posted defamatory comments about Dimeo.While maintaining this blog, Max did not post all of the comments submitted. Instead, he selected, removed and edited posts that appeared on the message board. Whendeciding whether Max was liable for these defamatory posts, the court referred to the three elements to establish immunity under section 230. Under that analysis, the court found that two of the three elements for § 230 immunity were easily established: (1) The blog was a service provider because multiple users were able to access it and post comments; and (2) Dimeo's claim of defamation treated Max as the speaker of the comments. Therefore, the sole element at issue was whether Max's editorial actions demonstrated that he had developed the content of the posts. The Court held that Max was not a content provider because the posts were completely authored by the users. Furthermore, the court reasoned that if editing comments meant that a service provider could be held liable, then providers who removed defamatory content would also be held liable.Therefore, to prove that an entity is a "content provider," evidence of more than editing and selecting comments to post must exist.

For Further Consideration

Today, it is becoming more and more common for businesses, of all varieties, to maintain a presence on the internet through a company website. Often included on these sites is a comment section, or discussion area, for visitors and users to post their own ideas. Unfortunately, not every comment made by such visitors is lawful. However, companies should be comforted to know that they are protected from liability for their users' unlawful comments, under the Communications Decency Act.

With that said, companies must take the essential steps to be eligible for this significant legal protection. Most importantly, businesses that decide to host a website with an area allowing comments, should exercise very little control over the postings. While a company may edit the forum in a limited fashion, by deleting comments or choosing what to publish, the posts should be created entirely by the users; thereby minimizing the business' association with the unlawful content as much as possible. An easy way to avoid liability is to ensure that the company's own employees do not create potentially unlawful comments and post them on the site. By limiting their website to merely an intermediary for visitor's comments, businesses will remain up-to-date with technology and ensure their eligibility for immunity under the Communications Decency Act.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.