Posted on June 23, 2009 by Andrew R. Boortz

Ninth Circuit Amends Barnes v. Yahoo Decision; Resolves Split as to Application of the Communications Decency Act

In the past two weeks, I’ve twice blogged about the Ninth Circuit’s opinion in Barnes v. Yahoo. This case split the Ninth Circuit from other circuits as to how the CDA should be applied – should it support a 12(b)(6) motion to dismiss, or should it be treated as an affirmative defense? In deciding that the CDA was an affirmative defense, the Ninth Circuit created for itself a few problems. If the CDA is treated as an affirmative defense, then a court could open discovery prior to ruling on whether a defendant’s actions were immunized or not. By putting discovery into play, the cost of defending a case on CDA grounds could skyrocket. Thus, the CDA-as-an-affirmative-defense theory would create an incentive for defendants to settle cases for which they ought to receive protection, and create an incentive for plaintiffs to bring cases in the Ninth Circuit strictly for this reason. 

On June 22 (roughly six weeks after the release of the initial Barnes opinion), the Ninth Circuit issued an amended opinion in which it deleted the entire discussion of the CDA as an affirmative defense. This marks the second time in two years that the Ninth Circuit has had to go back and correct a decision about the CDA. But by making this correction, the Ninth Circuit resolves the split among the circuits as to whether the CDA can be used to support a 12(b)(6) motion. Thus, in the Ninth Circuit, the CDA can support a 12(b)(6) motion – for the moment, anyway.

If you want to read the full opinion, it can be found here

Why This Matters: Notwithstanding a future departure from the norm, the CDA can form the basis for a 12(b)(6) motion in the Ninth Circuit. This means that it is still possible to resolve a case on CDA grounds prior to the opening of discovery.

Tags: , , , , ,
Posted on May 28, 2009 by Andrew R. Boortz

Ninth Circuit CDA Decision

In what is likely to be seen as a watershed moment for the application of the Communications Decency Act of 1996 (the "CDA"), the Ninth Circuit Court of Appeals has released an opinion in Barnes v. Yahoo that has the potential to dramatically increase the cost of defending social media and computer service providers.

The Barnes case centered around the posting of defamatory "fake" profiles on Yahoo's social networking pages. The profiles, which appeared to be from Ms. Barnes but were in fact created by her ex-boyfriend, included several pictures of her in the nude. Ms. Barnes asked Yahoo to remove the profiles, but Yahoo took no action until local media did a story on the events, wherein Yahoo promised to remove the fake profiles. Two months after that, the profiles still appeared on the Internet, and Ms. Barnes sued Yahoo.

Yahoo sought a motion to dismiss based on the immunity provided to it by the CDA. The dismissal was granted and Ms. Barnes appealed to the Ninth Circuit. In deciding to remand the case to the District Court, the Ninth Circuit did two things that can be problematic for the future of the CDA.

First, it held that a promissory estoppel-like claim can survive CDA immunity (at least at the motion to dismiss stage). At its core, a promissory estoppel claim requires someone to make a promise, and someone to rely upon that promise to his/her detriment. The court explained that Yahoo could be seen as having made a promise to Ms. Barnes, as part of its privacy policy and terms of service, and reiterated through local media, that it would take down profiles such as the one at issue. The making of a promise would be an activity that would fall outside of the CDA's scope. Thus, a promissory estoppel claim can survive a CDA-based motion to dismiss.

The second, and potentially more problematic, result of this decision is the treatment of the CDA as an affirmative defense, and the basis for lawsuit immunity. Although this may seem like a small detail, the proverbial devil is in the detail. If the CDA is a source of lawsuit immunity, then this supports a motion to dismiss for failure to state a claim (a 12(b)(6) motion). A 12(b)(6) motion must be dispensed with before the filing of answer, and before the opening of discovery. An affirmative defense, on the other hand, is dealt with by a motion for a judgment on the pleadings. For this type of motion, the defendant must file an answer along with the affirmative defense. The filing of an answer is where things go awry. Upon the filing of an answer, the court can open discovery. If the case was presided over by an overly cautious judge, discovery could be mandated prior to the issuance of a ruling on the summary judgment motion. Given that discovery can be expensive and time consuming, it is not difficult to imagine that the potential costs of exercising CDA immunity may have greatly increased.

Why This Matters: This case should be of great interest to purveyors of social media and those who seek to tap into the power of social networks. Not only does this provide a wake-up call as to what the consequences are of the statements in privacy and terms-of-service policies, but it also defines a way to avoid future promissory estoppel-like claims. Promissory estoppel requires a promise and reasonable reliance – if it is unreasonable to rely on the promise, then the estoppel claim may fail. It is possible that an artful drafting of a terms-of-service document can make this kind of reliance unreasonable, and social media and other interactive website purveyors should think about whether their privacy policies need revision of this type.

Notwithstanding revisions to one's policies, the case is also noteworthy because of the shift in interpretation of the CDA. If the CDA is more properly an affirmative defense than the basis for lawsuit immunity, then the potential cost of tapping into the CDA's protections may rise significantly.

Tags: , , , , , ,
Posted on February 24, 2009 by Adam Snukal

Facebook Makes a U-Turn

On Feb. 4, 2009, Facebook decided to change (aka “update”) its Terms of Use Policy. The new policy provided, essentially, the right of Facebook to continue using a user’s data even once he/she left the service. The following is an excerpt from Facebook’s current Terms of Use Policy:

You hereby grant Facebook an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to (a) use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan, reformat, modify, edit, frame, translate, excerpt, adapt, create derivative works and distribute (through multiple tiers), any User Content you (i) Post on or in connection with the Facebook Service or the promotion thereof subject only to your privacy settings or (ii) enable a user to Post, including by offering a Share Link on your website and (b) to use your name, likeness and image for any purpose, including commercial or advertising, each of (a) and (b) on or in connection with the Facebook Service or the promotion thereof.

The change that caused the uproar, however, was the deletion of the following, which appeared at the end of the aforementioned section: “You may remove your User Content from the Site at any time. If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content.”

Interestingly, Facebook’s amended policy went largely unnoticed until the popular consumer rights advocacy site, Consumerist.com, brought these changes to light.

This has sparked a very interesting debate on data ownership, and one that Facebook for now has decided to avoid as it backed down last week and reverted to its previous Terms of Use. According to Mark Zuckerberg, founder and CEO of Facebook, “Going forward, we’ve decided to take a new approach towards developing our terms. We concluded that returning to our previous terms was the right thing for now.”

While the arguments supporting why a user should have the right to control his/her data and information are both persuasive and intuitive, one must also consider the “reality” of the situation. For example, Facebook currently boasts a user base of approximately 175 million users around the world. Without having first-hand knowledge of Facebook’s IT policies and protocol, presumably a user’s data is stored across multiple networks and servers that are backed up regularly. Is it even possible for Facebook to delete all of a user’s data when he/she leaves Facebook? It is reasonable to demand that Facebook undertake a search and destroy mission for each departing user by deleting his/her data from each and every server that ever touched such data (including each back-up server), and then scrub the same servers to ensure that the deleted data can never be recovered? Moreover, if a user elects to leave the service without deleting his/her information, should Facebook then be required to do so?

Furthermore, social networking sites like Facebook are designed for data sharing between users—hence the term “social network.” Is it reasonable to expect Facebook to comb through millions of user pages to hunt down data that must be deleted and purged when a user leaves the service? Perhaps the changes reflected above were merely intended to address rights-clearance issues and to protect and insulate Facebook against claims from old users.

Whichever position one wishes to take in this debate, two points are certain: one, the reaction to Facebook’s changes to its Terms of Use reflects a much wider issue about user data, who owns the personal information, and what should happen to it if a user decides to leave a service; and two, the industry will be keen to see what Facebook decides to do next.

Tags: , , , ,