In early July, an appeals court ruled that Amazon should be considered a “seller” of goods under Pennsylvania products liability law and subject to strict liability for consumer injuries caused by the defective goods sold on its site by third-party vendors. (Oberdorf v. Amazon.com, No. 18-1041 (3rd Cir. July 3, 2019)). While the decision involved interpretation of Pennsylvania law – and Amazon has previously prevailed on the “seller” issue in various courts around the country in recent years – the ruling is still noteworthy as it was based upon § 402A Restatement (Second) of Torts (which other states may follow), and the ruling may signal a willingness to reinterpret the definition of “seller” in the modern era of online platforms. The decision also highlights the limits of immunity under Section 230 of the Communications Decency Act (CDA) for online marketplaces when it comes to products liability claims based on a site’s sales activity, as opposed to editorial decisions related to third-party product listings. Continue Reading
This week, the FTC entered into a proposed settlement with Unrollme Inc. (“Unrollme”), a free personal email management service that offers to assist consumers in managing the flood of subscription emails in their inboxes. The FTC alleged that Unrollme made certain deceptive statements to consumers, who may have had privacy concerns, to persuade them to grant the company access to their email accounts. (In re Unrolllme Inc., File No 172 3139 (FTC proposed settlement announced Aug. 8, 2019).
This settlement touches many relevant issues, including the delicate nature of online providers’ privacy practices relating to consumer data collection, the importance for consumers to comprehend the extent of data collection when signing up for and consenting to a new online service or app, and the need for downstream recipients of anonymized market data to understand how such data is collected and processed. (See also our prior post covering an enforcement action involving user geolocation data collected from a mobile weather app). Continue Reading
In an important opinion, the Ninth Circuit affirmed a lower court’s ruling that plaintiffs in the ongoing Facebook biometric privacy class action have alleged a concrete injury-in-fact to confer Article III standing and that the class was properly certified. (Patel v. Facebook, Inc., No. 18-15982 (9th Cir. Aug. 8, 2019)). Given the California district court’s prior rulings which denied Facebook’s numerous motions to dismiss on procedural and substantive grounds, and the Illinois Supreme Court’s January 2019 blockbuster ruling in Rosenbach, which held that a person “aggrieved” by a violation of the Illinois Biometric Information Privacy Act (“BIPA”) need not allege some actual injury or harm beyond a procedural violation to have standing to bring an action under the statute, the Ninth Circuit’s decision was not entirely surprising. Still, the ruling is significant as a federal appeals court has ruled on important procedural issues in a BIPA action and found standing. The case will be sent back to the lower court with the prospect of a trial looming, and given BIPA’s statutory damage provisions, Facebook may be looking at a potential staggering damage award or substantial settlement. Continue Reading
In recent years, there have been a number of suits filed in federal courts seeking to hold social media platforms responsible for providing material support to terrorists by allowing members of such groups to use social media accounts and failing to effectively block their content and terminate such accounts. As we’ve previously written about, such suits have generally not been successful at either the district court or circuit court level and have been dismissed on the merits or on the basis of immunity under Section 230 of the Communications Decency Act (CDA).
This past month, in a lengthy, important 2-1 decision, the Second Circuit affirmed dismissal of federal Anti-Terrorism Act (ATA) claims against Facebook on CDA grounds for allegedly providing “material support” to Hamas. The court also declined to exercise supplemental jurisdiction over plaintiff’s foreign law claims. (Force v. Facebook, Inc., No. 18-397 (2d Cir. July 31, 2019)). Despite the plaintiffs’ creative pleadings that sought to portray Facebook’s processing of third-party content as beyond the scope of CDA immunity, the court found that claims related to supplying a communication forum and failing to completely block or eliminate hateful terrorist content necessarily treated Facebook as the publisher of such content and were therefore barred under the CDA. Continue Reading
In early July, Ticketmaster reached a favorable settlement in its action against a ticket broker that was alleged to have used automated bots to purchase tickets in bulk, thus ending a dispute that produced notable court decisions examining the potential liabilities for unwanted scraping and website access. (Ticketmaster L.L.C. v. Prestige Entertainment West Inc., No. 17-07232 (C.D. Cal. Final Judgment July 8, 2019)).
Earlier this month, in The Andy Warhol Foundation for the Visual Arts, Inc. v. Goldsmith, No. 17-cv-2532 (S.D.N.Y. July 1, 2019), a New York district court granted the Andy Warhol Foundation for the Visual Arts’ (“AWF”) motion for summary judgment that Warhol’s series of screen prints and silkscreen paintings (the “Prince Series”) did not infringe Lynn Goldsmith’s (“Goldsmith”) original 1981 photograph of the musician Prince, ruling that the Warhol works were transformative and qualified as fair use. Continue Reading
Southwest’s website terms prohibited scraping or the use of any automated tools to access its fares or other content. Soon after the launch of SWMonkey, Southwest sent a cease and desist letter stating that Roundpipe was obtaining Southwest’s data in violation of the website terms, among other reasons, and demanded that the site be taken down. After negotiations and additional correspondence from Southwest, Roundpipe shut down the website and disabled its scraping and fare tracking functionality. Continue Reading
Three recent court decisions reaffirm the expansive immunity awarded to online providers that host third-party content under Section 230 of the Communications Decency Act (“CDA”), 47 U.S.C. § 230(c): California’s Superior Court decision in Murphy v. Twitter, Inc., No. CGC-19-573712 (Cal. Super. June 12, 2019), and the Northern District of California’s decisions Brittain v. Twitter, Inc., No. 19-00114 (N.D. Cal. June 10, 2019), and Fyk v. Facebook, Inc., No. 18-05159 (N.D. Cal. June 18, 2019). Continue Reading
In the past few months, there have been a number of notable decisions affirming broad immunity under the Communications Decency Act (CDA), 47 U.S.C. §230(c), for online providers that host third party content. The beat goes on, as in late May, a Utah district court ruled that the Tor Browser, which allows for anonymous communications and transactions on the internet, was protected by CDA Section 230 for a website’s sale of illegal substances to a minor on the dark web via the Tor Browser.
More recently, the D.C. Circuit affirmed the dismissal of claims brought by multiple locksmith companies (the “plaintiffs”) against the operators of the major search engines (the “defendants” or “providers”) for allegedly publishing the content of fraudulent locksmiths’ websites and translating street-address and area-code information on those websites into map pinpoints that were displayed in response to user search requests. (Marshall’s Locksmith Service v. Google LLC, No. 18-7018 (D.C. Cir. June 7, 2019)). According to the plaintiffs, by burying legitimate locksmiths listings (with actual, local physical locations) beneath so-called “scam” listings from locksmith call centers that act as lead generators for subcontractors, who may or may not be fully trained, plaintiffs’ legitimate businesses suffered market harm and were forced to pay for additional advertising. (Beyond this case, the issue of false local business listings appearing in Google Maps remains an ongoing concern, according to a report from the Wall Street Journal yesterday). Continue Reading
Last month, a California district court granted a web-based service’s motion to compel arbitration of a putative class action brought by a user whose personal information was allegedly accessed in a massive 2016 data breach that involved 339 million user accounts. (Gutierrez v. FriendFinder Networks Inc., No. 18-05918 (N.D. Cal. May 3, 2019)). While the opinion noted that courts in the Ninth Circuit are traditionally “reluctant to enforce browsewrap agreements against individual consumers,” the outcome of the case suggests that enforcement of website terms is not just a straight up-or-down analysis of the method used to present the terms to the user but may involve tangential, yet important interactions between the user and the site outside the initial registration process. Continue Reading