A federal district court recently dismissed an invasion of privacy and infliction of emotional distress action against Tumblr brought by a Connecticut woman whose ex-boyfriend had uploaded a series of nude photographs on social media and the revenge porn site myex.com. The court found that Section 230(c)(1) of the Communications Decency Act (CDA) expressly preempted the woman’s claims, which treated Tumblr like the “publisher” or “speaker” of the offensive postings.

Although the nude photographs of the plaintiff were taken down, they soon migrated to Tumblr, where users could view the photos, along with her name, links to her social media accounts, and other identifying personal information. The plaintiff repeatedly engaged Tumblr to remove the unauthorized intimate photographs, only to have the images reposted by third parties following removal. The plaintiff ultimately initiated a lawsuit against Tumblr, claiming it did not preemptively remove the photographs even after receiving repeated notice of unauthorized uploads.

Tumblr moved to dismiss the suit, claiming that Section 230(c)(1) of the CDA immunized its conduct, and asserting that the woman’s claims should be pursued against the actual alleged wrongdoers—her ex-boyfriend and other third parties who published the photographs. The plaintiff countered that Section 230(c)(1) immunity is not absolute, requires a showing of “good faith,” and cannot excuse Tumblr’s failure to preemptively remove the photographs even when it was aware of their electronic fingerprint. The plaintiff did not dispute that Tumblr stated a prima facie case for CDA immunity. The court also recognized that Tumblr met the three requirements for immunity under Section 230(c)(1), namely that Tumblr is a provider of an interactive computer service; that the plaintiff’s claims are based on information provided by another content provider; and that the plaintiff’s claims would treat Tumblr like a “publisher or speaker” of that information. The plaintiff instead opposed Tumblr’s demurrer on the ground that Section 230 contains a “good faith” requirement that prevented Tumblr’s use of the CDA as a shield.

The court found that Section 230(c)(1)’s immunity applies regardless of whether an interactive computer service provider acts in good faith. In reaching this conclusion, the court drew on the principle of statutory interpretation that recognizes that where Congress includes particular language in one section of a statute but omits it in another, it is generally presumed that Congress acts intentionally and purposely in the disparate inclusion. Applying this interpretation principle in the case of the CDA, the court held that Congress intended not to import a subjective intent/good faith limitation into Section 230(c)(1), because Section 230(c)(2) expressly provides for a good faith element, and such requirement is omitted from (c)(1).

The court further reasoned that adding a good faith requirement to Section 230(c)(1) would undermine the entire legislative purpose of the immunity for interactive computer service providers—to limit government interference with the Internet in order to maintain the robust nature of online communications. Holding Tumblr responsible for the conduct of third-party uploaders would, in the court’s view, defeat the CDA’s purpose of ensuring open Internet communications, as Tumblr would be treated as a “publisher” that performs traditional editorial functions and is subject to tort liability—and not as an intermediary, immune from liability for other parties’ potentially injurious messages.

The case is Poole v. Tumblr, Inc., No. 3:18CV00859(AVC), 2019 WL 4917553 (D. Conn. Mar. 7, 2019).