CDA Does Not Protect Websites That Fail to Warn Users About Known Dangers

Published On September 30, 2014 | By Roshni Patel | General, Litigation, Privacy
TwitterLinkedInFacebookRedditCopy LinkEmailPrint

In a recent opinion, Jane Doe No. 14 v. Internet Brands Inc., the Ninth Circuit decided that Section 230 of the Communications Decency Act (CDA) does not preclude liability for a website operator that failed to warn users about known threats posed by third parties who contacted users through the website. is a networking site that offers a platform for models, photographers, makeup artists, and other industry professionals to market their services. Jane Doe, an aspiring model, created a profile on the site and used the service to pursue modeling jobs. In January 2011, she was lured by two men, Lavont Flanders and Emerson Callum, to Miami for a casting call. When Doe arrived, she was drugged and raped, and the rape was recorded for distribution as a pornographic film.

Doe alleged that the website’s operator, Internet Brands, knew that Flanders and Callum had engaged in this rape scheme before and failed to warn its users about it. In 2008, Internet Brands purchased from brothers Donald and Tyler Waitt. Two years later, the Waitts sued Internet Brands for money owed on the purchase. Internet Brands filed a counterclaim, alleging that the Waitts had breached their contract and committed fraud when they failed to disclose a pending criminal case against Lavont Flanders for raping at least five women whom he met through Doe argued that given this knowledge, Internet Brands had a cognizable “special relationship” with her such that its failure to warn her of the rape scheme constituted negligence under California law.

Internet Brands filed a motion to dismiss Doe’s lawsuit, claiming immunity under Section 230 of the CDA. Section 230 protects websites that publish information posted by third parties from the liability that could arise if the website were treated as the publisher or speaker of the information. The district court granted the motion to dismiss.

The Ninth Circuit reversed on appeal and held that Doe could proceed with her negligence claim. The court distinguished Doe’s claim from those precluded by Section 230, reasoning that

Jane Doe’s failure to warn claim has nothing to do with Internet Brands’ efforts, or lack thereof, to edit or remove user generated content. The theory is that Internet Brands should be held liable, based on its knowledge of the rape scheme and its ‘special relationship’ with users like Jane Doe, for failing to generate its own warning.

The court noted that its decision was consistent with the policy behind Section 230:

[Although] imposing any tort liability on Internet Brands for its role as an interactive computer service could be said to have a ‘chilling effect’ on the internet, if only because such liability would make operating an internet business marginally more expensive . . . Congress has not provided an all purpose get-out-of-jail-free card for businesses that publish user content on the internet.

Although the court made clear that it “express[ed] no opinion on the viability of the failure to warn allegations on the merits,” it did note that Internet Brands could have satisfied a duty to warn by “posting a notice on the website or by informing users by email what it knew about the activities of Flanders and Callum.”

The Ninth Circuit’s ruling raises numerous questions for companies managing networking websites of all types. For example, the court did not explain when the duty to warn arises. Is it only when a website knows about a particular unlawful scheme (as Internet Brands did here), or does a website need to warn about unknown but imaginable dangers? Nor did the court explain how far such a duty would extend. If one individual is accused of a crime geographically limited to one city, is the website responsible for warning users all over the world? These questions will likely be left to future courts, a fact that provides little solace to companies trying to develop appropriate policies and procedures.

Feature Photo by Martin Abegglen from Flickr

About The Author

Roshni works with ZwillGen attorneys on data privacy and security matters, regulatory compliance, developing internal privacy policies and procedures, and product counselling. Prior to joining ZwillGen, Roshni was a Privacy Fellow at the Wikimedia Foundation where she worked on domestic and international privacy issues involving internet technologies.