As a general rule, a website is not held liable for the content its users post on its platform. The Communications Decency Act (CDA) immunizes websites from lawsuits by not treating the website as the publisher or speaker of content posted by its users. It also allows websites to edit and remove content that could be obscene, lewd and objectionable without the website incurring liability for failure to remove other similar content. Courts have even gone as far as not holding websites liable for defamatory, offensive or infringing posts by its users even when such websites invite visitors to post potentially defamatory statements, so long as the website did not materially contribute to the actual offensive content of the post. While courts have applied this protection broadly, a recent Ninth Circuit decision declined to do so.

In Jane Doe No. 14 v. Internet Brands, the Ninth Circuit concluded that due to the plaintiff’s unique factual allegations, the plaintiff Jane Doe was not barred under the CDA from bringing her claim and that Internet Brands, the owner of the website ModelMayhem.com, could be liable for the tortious acts of other third parties. Model Mayhem is a website for professional models and photographers to connect. Doe alleged that two men, Lavont Flanders and Emerson Callum, used the model website to lure her to a fake audition, drugged and raped her, and videotaped the rape for pornography. She also alleged her assailants had been using ModelMayhem.com to carry out their rape scheme since 2010 and that Internet Brands knew about this scheme. In fact, Internet Brands had sued ModelMayhem.com’s original developers (after it had purchased the company) for failing to disclose the potential for lawsuits arising from Flanders’ and Callum’s criminal activities. Doe then sued Internet Brands for failure to warn her about the criminal activity under California law. The district court dismissed the action based on the immunity provision of the CDA.

The Ninth Circuit’s reversal largely turned on the unique facts of Doe’s case. Usually, dismissed under the CDA, plaintiffs seek to hold websites liable for the content published on its website. Doe was not seeking to hold Internet Brands liable as the “publisher or speaker” of any content Flanders and Callum posted. Instead, Doe asserted that Internet Brands should be liable for failing to warn her after obtaining information from an outside source about how Flanders and Callum lured victims through its website. The appellate court reasoned that the core policy of Section 230(c) of the CDA provided protection for the Good Samaritan efforts of websites blocking and screening offensive material (i.e., a website should self-regulate offensive third-party content without fear of liability). The Ninth Circuit found Internet Brand’s alleged failure to warn had nothing to do with its failure to remove Flanders’ and Callum’s content, and therefore imposing liability would not run counter to the core policy of the CDA. The appellate court also dismissed the argument that imposition of liability on websites in this instance would create a “chilling effect upon Internet free speech.” Again, the Ninth Circuit pointed to the distinction that Doe was not seeking to impose intermediary liability on ModelMayhem.com in transmitting messages between Jane Doe and Flanders or Callum.

While the opinion does not appear to change the CDA’s protection for websites in regard to liability as the publisher or speaker of content posted by its users, it does highlight an uncommon scenario in which the CDA’s protection is unlikely. The decision in Internet Brands appears to provide a window for plaintiffs to proceed with their tort claims so long as the harm alleged is not the posted content itself and the defendant had knowledge of the potential harm. (The likelihood Doe would succeed on her failure to warn claim was not addressed by the court; however, Doe may have difficulty succeeding on this argument since she would have to establish a special relationship between herself and Internet Brands.)

The decision may suggest that websites cannot ignore warnings and notifications from users—or information obtained from other, external sources—and expect shelter from the CDA. For “smaller” websites like Model Mayhem, which had a user base of 600,000 members, this could be considered daunting enough of a prospect. For a website like Facebook, with 1.23 billion users and where even a small percentage of such complaints or tips could number in the hundreds of thousands, to investigate the merits of each of these claims would be a Herculean undertaking. (And even if a company could investigate each claim and issue warnings to its users, it would risk a defamation suit by the alleged perpetrators in doing so.)

What this decision ultimately means for the liability risks of user-interactive websites remains to be seen. After all, with its reliance on the unique facts of this particular case, Jane Doe No. 14 v. Internet Brands represents the smallest of tears in the protective fabric of the CDA. But small holes have a way of growing larger, which is all the more reason for companies to keep an eye on future references to and interpretations of this case.