Digital Media and Data Privacy Law Blog

In a seemingly simple little case that has turned out to have all kinds of interesting and important twists, the United States Court of Appeals for the Ninth Circuit last month held that Section 230 of the Communications Decency Act did not preclude a plaintiff from stating a valid claim for promissory estoppel against an Internet service provider.

The case, Barnes v. Yahoo!, Inc., arose in 2004 when Cecilia Barnes broke up with her long-term boyfriend, who responded by creating in Barnes’s name several Yahoo profiles that contained nude pictures of Barnes and various open solicitations for sex.  When Barnes was flooded with calls, personal visits, and emails, she followed Yahoo’s policy for getting a fraudulent profile removed by mailing in a request.  Two months later, the profiles remained, so Barnes contacted a local news program who began to report the story.  The day before the story was to run, a Yahoo representative contacted Barnes, asked her to fax in another removal request, and said she would “personally walk the statement over” to the group responsible for taking down a profile and see that it got done.

It did not, and Barnes sued for negligent undertaking, as described in Section 323 of the Restatement (Second) of Torts, and for promissory estoppel.

Barnes claimed that by promising to take down her profile and then failing to do so, Yahoo had undertaken a task that it subsequently completed negligently.  Moreover, Barnes asserted, Yahoo's promise constituted a contract that, once Barnes had relied upon it, the company could not later repudiate.

In response to the complaint, Yahoo moved to dismiss, arguing that Section 230 of the CDA provides Yahoo with immunity from Barnes's claims.  Section 230(c) reads, in part: 

No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

Yahoo is clearly an “interactive computer service” provider, and it did not create or develop the profiles at issue in whole or in part, so Yahoo should not have liability on any claim that would treat it as the "publisher" of those profiles.

On appeal, the Ninth Circuit held that Barnes’s negligent undertaking claim was barred by the Section 230 because, in the final analysis, what Barnes was alleging that Yahoo failed to do with due care was to remove a profile from its Web site.  That, the court said, is the essence of publishing -- deciding what gets published and what does not -- and Section 230 precludes Yahoo from liability for its actions as a publisher.

However, the court came to a different conclusion with respect to Barnes's promissory estoppel claim.  That claim, the court said, is a contract claim, not a tort claim, and Yahoo’s alleged breach had nothing to do with its role as a publisher.  Rather, Yahoo's potential liability was based on its promise to do something that it later failed to do.

To be clear, in addressing the negligent undertaking claim, the court said that the task that Yahoo had failed to complete constituted publishing and was covered by Section 230, and yet that very same conduct in the context of a contract claim was actionable.

While the court was careful to say that a simple monitoring policy or even “an attempt to help a particular person” will not always give rise to a contract claim, where the facts suggest that the company intended to be bound by its words, a claim might arise.  The court said that the solution for companies like Yahoo is easy -- “disclaim any intention to be bound” in the language of any monitoring policy or when agreeing to help a particular customer.

Leaving aside the particular claims, the court also made an interesting procedural ruling that may actually have more far-reaching impact than the rulings on the particular claims. The case had reached the court on a motion to dismiss in which Yahoo cited Section 230 as the reason Barnes failed to state a claim. The Ninth Circuit made clear that a Section 230 defense is an affirmative defense that is not appropriately asserted as a motion to dismiss, but rather as part of an answer.

For an interesting discussion of the implications of this part of the ruling, see this post on the Technology and Marketing Law Blog, which has posted extensively on this case.