chevron-down Created with Sketch Beta.

The Business Lawyer

Winter 2021-2022 | Volume 77, Issue 1

Intermediary Liability and Section 230 Developments

Chase Jeremiah Edwards


  • The CDA provides an “interactive computer service” with immunity against lawsuits stemming from information provided by third parties. Known as Section 230, it covers virtually all third-party content published on any platform even if it is inaccurate, illegal, or deceptive.
  • After controversy surrounding content moderation by major platforms and an unprecedented groundswell of criticism of Section 230, its future is uncertain and there are several proposed and enacted legislative reforms discussed here.
  • Given the wide-ranging application of Section 230’s immunity clause to companies that constitute a significant portion of the economy, all business lawyers should monitor its current applications and potential future.
Intermediary Liability and Section 230 Developments

Jump to:

I. Introduction

The service provider immunity provision of the Communications Decency Act (“CDA”) is nothing less than a cornerstone of the modern Internet Age. The Act was passed in 1996 in an effort to stem the tide of lawsuits against early Internet platforms based on content created by third parties. It provides an “interactive computer service” (“ICS”) with immunity against lawsuits stemming from information provided by third parties. Colloquially known by its section number in Title 47 of the U.S. Code, Section 230 allowed the Internet to grow into its current form by shielding platforms from most federal claims and preempting conflicting state claims. Over the years, courts have confirmed that Section 230’s immunity clause covers virtually all forms of third-party content published by platforms of all types (e.g., social media, e-commerce, dating) even if the information is patently inaccurate, illegal, or intended to deceive others.

The developments included in this survey relate to a wide array of business law topics, including facial recognition software (Part II.B), product liability suits against Amazon (Part II.D), and cryptocurrency (Part II.E).

The future of Section 230 is uncertain due to controversy surrounding content moderation by major platforms including warning labels, user bans, and deplatforming. This survey concludes with a discussion of several proposed and enacted legislative reforms that resulted from an unprecedented groundswell of criticism of Section 230 (Part IV). Given the wide-ranging application of Section 230’s immunity clause to companies that constitute a significant portion of the economy, all business lawyers should monitor its current applications and potential future.

II. Applications of Section 230

A. Negligent Design

The past several years have seen several opinions regarding the liability of Snap, Inc. for the design of its popular app Snapchat. Two cases, Maynard v. Snapchat, Inc. and Lemmon v. Snap, Inc., were discussed in last year’s survey. Both cases resulted from young users attempting to drive at breakneck speeds while using Snapchat’s “speed filter.” Filters are designed by the company and added to Snapchat to overlay a variety of information onto a user’s pictures. In the case of the “speed filter,” the app used a phone’s GPS information to overlay the current speed of the person taking the photo. Surprising no one, several people were killed or grievously injured in crashes involving users posting pictures showing themselves driving at over 100 miles per hour.

In its initial decision in the Maynard case, the trial court ruled in favor of Snap on Section 230 grounds. On appeal, the Georgia Court of Appeals held that Snap was not entitled to Section 230 immunity because the claim was based on negligent design of Snap’s software and not on any third-party speech. On remand, the trial court held that Section 230 was not applicable and conducted a standard duty/breach analysis, finding that Snap did not have a duty to prevent this injury. The Georgia Court of Appeals affirmed.

In Lemmon, three young men were killed in an automobile accident caused by users’ attempts to log an entry in Snapchat at more than 100 miles per hour. Shortly before the car crashed into a tree at about 113 miles per hour, one of the passengers posted a Snapchat entry documenting the vehicle traveling at 123 miles per hour. The Ninth Circuit, reversing the trial court, held, like the Georgia court in Maynard, that Section 230 immunity was unavailable because the negligent-design claim was not based on any third-party speech.

B. Facial Recognition

The use of facial recognition software has proliferated in both government and private sectors. In an interesting case involving this emerging and controversial technology, Vermont’s Attorney General sued one of the leading companies in the industry, Clearview AI, for violating Vermont’s Consumer Protection Act and its Fraudulent Acquisition of Data law. Clearview AI attempted to use Section 230 as a shield, but the court denied Section 230 immunity because the state’s claims were not based on any third-party content. Instead, they were “based on the means by which Clearview acquired the photographs, its use of facial recognition technology to allow its users to easily identify random individuals from photographs, and its allegedly deceptive statements regarding its product.”

C. Soliciting Content for a Shared Document

Elliott v. Donegan provided an interesting look at the applicability of Section 230 to the web-based apps and tools that have become increasingly popular since the pandemic forced the world into remote working arrangements. The defendant in this case created a #MeToo-inspired, publicly available Google spreadsheet called “Shitty Media Men” and encouraged the anonymous reporting of misbehaving men in the media. The plaintiff sued for defamation after he found his name on the list with notations that multiple women had accused him of sexual violence.

The defendant sought to use Section 230 as a shield on the grounds that the spreadsheet operated like a message board. The court agreed that the creator of the spreadsheet qualified as an ICS, but did not dismiss the complaint because plaintiff alleged that defendant herself had created the allegedly defamatory content, making her an “information content provider.” However, the court’s analysis provides for Section 230 protection as long as all of the information contained in the spreadsheet was contributed by third parties.

D. Amazon and Product Liability Laws

When a product it sells causes injury, an intermediary like Amazon may seek to avoid liability by arguing that its role in the transaction places it outside the scope of the state product liability law. These laws generally impose liability on the “seller.” Courts have reached differing conclusions on whether Amazon has acted as a “seller” in a particular transaction.

For instance, in Bolger v, LLC, the court held that “Amazon’s own involvement in the distribution of an allegedly defective product supports strict liability.” The court distinguished products that are sold through the “fulfilled by Amazon” feature from those that are shipped from the supplier wherein Amazon serves solely as the marketplace platform. Likewise, in Loomis v. LLC, after an extensive evaluation of liability stemming from an exploding hoverboard incident, the court discussed the vertical integration of the Amazon supply chain and determined that in this case Amazon was subject to California’s strict liability law. The factors that the court found relevant included Amazon’s “1) interacting with the customer, 2) taking the order, 3) processing the order to the third party seller, 4) collecting the money, and 5) being paid a percentage of the sale.”

However, state tort laws vary. Another Amazon hoverboard case reached a different conclusion and held that Amazon was not a “seller” within the scope of the Illinois product liability law. In Great Northern Insurance Co. v., Inc., the court explained that “the Supreme Court of Illinois has consistently conveyed that the key criterion for being a seller is exercising control over the product, not over the purchasing process.”

In Oberdorf v. Inc., the Third Circuit held that Amazon was a “seller” under the Pennsylvania product liability law. But after rehearing the case en banc, the full court vacated the panel decision and certified the question of state law to the Pennsylvania Supreme Court. The Pennsylvania court agreed to consider the issue, which it phrased as: “Under Pennsylvania law, is an e-commerce business, like Amazon, strictly liable for a defective product that was purchased on its platform from a third-party vendor, which product was neither possessed nor owned by the e-commerce business?” The Pennsylvania Supreme Court’s determination should provide a definitive resolution of the issue under Pennsylvania law.

E. Hijacked YouTube Channels

The sheer number of cryptocurrencies available to investors has increased dramatically over the past few years despite many open questions about important issues such as taxation, jurisdiction, and remedies. Further complicating the matter is the manner in which the asset is held. While many major brokerages have expanded their offerings to include a few major cryptocurrencies, owners can choose to hold their “coins” or “tokens” in a “crypto wallet.”

Ripple Labs, the creator of a cryptocurrency called XRP, was the target of an online scam that used videos posted on hijacked YouTube channels to dupe users into transferring their XRP to an account that they believed belonged to Ripple. In Ripple Labs Inc. v. YouTube LLC, Ripple sued YouTube alleging that it failed to adequately respond to takedown notices, thus exacerbating the loss to both users and the company. The court threw out Ripple’s claims predicated on California’s right of publicity and unfair competition laws. It held that since YouTube did not upload the videos or materially contribute to the scam, YouTube could claim the protection of Section 230.


A federal law known as FOSTA was enacted to combat sex trafficking by rolling back Section 230 immunity for websites that intentionally or recklessly host user-generated advertisements promoting that practice. Its preamble states that Section 230 “does not prohibit the enforcement against providers and users of interactive computer services of Federal and State criminal and civil law relating to sexual exploitation of children or sex trafficking.” In the three years since its passage, neither federal law enforcement nor the state attorneys general have expanded prosecution under the FOSTA criminal provision and few, if any, victims of trafficking have successfully availed themselves of the federal remedies provided in the amendment.

In at least two cases, plaintiffs failed to recover because they pursued their claims under state laws that FOSTA did not exempt from Section 230. Both courts held that FOSTA does not include an exemption for state law civil claims.

IV. Legislative Efforts to Modify Section 230

Last year’s survey covered President Trump’s Executive Order entitled Preventing Online Censorship, which targeted Section 230 for major reform. President Biden revoked that order soon after taking office. Elsewhere in government, the push to modify Section 230 has never had more momentum. Eighteen bills were introduced in the 116th Congress and some were reintroduced in the 117th Congress along with others that aim to limit the scope, change the application of, or outright repeal Section 230.

However, the State of Florida is not waiting for Congress to act. In a move that brought about an immediate legal challenge, Governor Ron DeSantis signed Florida’s Transparency in Technology Act into law. The law purports to create a right of action for private citizens against “Big Tech” and imposes fines of up to $250,000 per day for deplatforming political candidates. As amicus briefs pile up and legal scholars pick apart the flaws in the legal arguments, the one thing that seems certain is that some sort of change is on the horizon for Section 230.