Fourth Circuit Goes On The Attack Against Section 230 In A Lawsuit Over Publication Of Third Party Data

from the immunity-applies,-unless-the-judge-doesn't-like-Section-230 dept

Prior to the turn of the century, the Fourth Circuit Court of Appeals handed down a formative decision that helped craft the contours of Section 230 immunity. The case — Zeran v. America Online — dealt with a tricky question: whether or not a platform’s failure to moderate content (in this case, posts that contained Zeran’s phone number and oblique accusations he approved of the Oklahoma City federal building bombing) made the platform liable for the user-generated content.

The Appeals Court didn’t have much to work with at that point. Section 230 of the Communications Decency Act was less than a year old at the time Kenneth Zeran filed his lawsuit against AOL. Nevertheless, the court recognized AOL’s immunity from the suit. And it did this by applying the new CDA clause retroactively to apply to alleged wrongs against Zeran that were committed nearly a year before the CDA went into effect.

Flash-forward more than a quarter century, and the Fourth Circuit Court of Appeals has delivered another potentially groundbreaking decision [PDF], albeit one that goes the other direction to hold a website directly responsible for content posted by others.

In this case, the plaintiffs and their class action lawsuit sought to hold Public Data, LLC directly responsible for content it gathers from other sources and republishes on its own platforms. The data collected by Public Data (the name the court uses to collectively refer to the multiple parties collecting and disseminating this data) comes from public records. This includes civil and criminal court proceedings, voting records, driver data, professional licensing information, and anything else generated by government agencies Public Data can hoover up.

It then consolidates the data to make it more user-friendly, reformatting raw documents to deliver snapshots of people Public Data’s customers wish to obtain info about. The plaintiffs allege this process often removes exonerative data about criminal charges and reduces criminal background info to little more than a list of charges (with no data on whether these charges resulted in a conviction). Making things worse, Public Data’s summaries apparently include “glib statements” that misrepresent the entirety of the data collected from public sources. Public Data makes it clear to users that it is not responsible for any inaccuracies in the raw data it collects and collates. It also refuses to correct incorrect data or remove any inaccurate information it has scraped from public records databases.

The value of this information — no matter how inaccurate or incomplete — is undeniable. The plaintiffs note that Public Data has nearly 50 million customers. And presumably few of those customers take the repackaging of scraped data — with or without Public Data’s commentary — with a grain of salt, despite the cautionary statements issued by Public Data.

This all sounds like the collection and republication of data generated by third-parties. What is or isn’t passed onto users sounds pretty much like content moderation, something that’s not only protected by Section 230 immunity, but the First Amendment as well. Since those are the most obvious impediments to the lawsuit, the plaintiffs have chosen to frame this repackaging of data (and Public Data’s editorial decisions) as violations of the Fair Credit Reporting Act (FCRA).

The Appeals Court should have recognized this tactic for what it was. Instead, it decides the acts the lawsuit is predicated on are somehow exempt from Section 230 immunity. Eric Goldman, who has a long history of covering Section 230 cases and advocating for its continued existence, saw this disturbing decision coming a long time ago, back when the lower court decided Section 230 immunity applied but did so in a way that invited novel interpretations of this protection.

The plaintiff sued the defendant for violating four provisions of the Fair Credit Reporting Act (FCRA). At its core, the FCRA is in tension with Section 230 because it seemingly regulates the dissemination of third-party content (i.e., the credit data provided by vendors). However, many FCRA provisions are ministerial in nature about how to operate a credit reporting agency, and those provisions may not specifically base liability for credit report dissemination even if the overall statutory objective relates to that output. This makes the FCRA/230 interface ambiguous and confusing.

The district court dismissed the lawsuit on Section 230 grounds in a garbled and controversial opinion. As I predicted then, the district court’s “distorted Section 230 test makes this ruling vulnerable on appeal or in further proceedings.” And here we are.

And that’s what has happened here. Ignoring its own Zeran precedent, the court starts imposing new rules on Section 230 immunity, utilizing the plaintiff’s Fair Credit Reporting Act allegations as the baseline. The court says there’s a possible defamation claim here because it apparently believes liability attaches to publishers of third-party content when the republished content is “improper.”

That’s definitely wrong. And it sounds like the court wants to believe there’s a publisher/platform dichotomy that makes Section 230 irrelevant, even though the law itself makes no such distinction when it comes to content created by third parties.

To arrive at this tortured conclusion, the court says a whole lot about the Fair Credit Reporting Act, which does indeed pose penalties on reporting agencies that aren’t careful about ensuring the accuracy of the information they collect or disseminate. But that has little to do with Public Data’s business model, which simply collects public records from public sites to find relevant information about people its customers wish to know more about.

That isn’t the same thing and the court should know this. Instead, it seemingly decides that FCRA reporting requirements apply and Section 230 doesn’t. And then it says things about the commentary Public Data attaches to public record data, claiming that this goes beyond protected editorial functions and turns Public Data into a culpable partner in the dissemination of false information. Here’s Goldman, summarizing this particularly dangerous conclusion:

The court summarizes its legal standard as:

an interactive computer service is not responsible for developing the unlawful information unless they have gone beyond the exercise of traditional editorial functions and materially contributed to what made the content unlawful.

This adopts an obvious false dichotomy. Materially contributing to third-party content is a “traditional editorial function,” so this distinction is incoherent. This legal standard invites plaintiffs to define “traditional editorial functions” to exclude whatever defense behavior they are targeting. The chaos is palpable. (The scope of “traditional editorial functions” is a question presented in Gonzalez, so the Supreme Court will almost certainly make a worse hash of this term by June).

If you don’t see the problem here, Goldman explains further:

When a 230 defendant republishes third-party content verbatim and without redaction, this standard is fine. But 230 defendants routinely extract pieces of a third-party submission–sometimes as promotional previews, sometimes to fit publication constraints. 230(c)(1) has applied in so many cases fitting that paradigm (People v. Ferrer represents an outer extreme), yet future plaintiffs can argue that any piece excluded from the extract creates a deceptive omission and VOILA! Bye bye 230.

So, for example, Google’s search results descriptions republishes extracts from the source website. This has qualified for Section 230 (e.g., O’Kroley v. Fastcase). This court is saying that 230 would not apply if the plaintiff claims the search results description left behind contextualizing information, which will happen ALL THE TIME. Boom–all of Google search descriptions are now potentially outside Section 230.

That’s where the Fourth Circuit Appeals court leaves, practically daring Public Data to appeal the decision and place it in the hands of a Supreme Court that is far too willing these days to upend rights and protections recently appointed justices just don’t care for. Section 230 immunity is on the Supreme Court’s shit list at the moment, and this decision feeds into desire to cherry-pick cases that it can use to overturn decades of jurisprudence just because it no longer cares for its own precedent.

Filed Under: , , , , ,
Companies: public data

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Fourth Circuit Goes On The Attack Against Section 230 In A Lawsuit Over Publication Of Third Party Data”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Who Is Writing?

It seems to me that there ought to be a difference under section 230 between a platform that allows and moderates comments from third parties, and a platform that itself gathers up public information and publishes it.

In this case, the people being sued are the ones who did the writing. Isn’t that what 230 is supposed to allow?

Anonymous Coward says:


Yeah I’m not sure I agree with the thesis of this article. If I gather data, reformat it, selectively include and exclude certain pieces of it, and then publish it I don’t see how I can then claim no responsibility for it. Put another way could I scrape a quote from a third party site, “the suspect was found not guilty” change it to “the suspect was found […] guilty”, republish it on my site and then say that was third party content and I’m just exercising my right to moderate content?

Further, we do grant copyright for such reformatted collections of public data so also granting immunity seems like an eat a cake and have it too type situation. And I’d bet if someone tried to do exactly that, scrape the reformatted data from Public Data and republish it on their own site it would all of a sudden be their own copyrighted work and not just a collection of third party data. Finally, would the analysis with regard to who the speaker is, section 230, first amendment, etc. change if instead of a webpage the company doing this put out a weekly magazine with the same content and disclaimers?

TKnarr (profile) says:


Same thing I was thinking. When it’s Public Data actually writing and posting the articles it should be Public Data responsible for their content. It might be different if they were reposting verbatim copies of the public records, no alteration or editing, and linked to the originals. Here though Public Data is editing and altering the content before posting it so it ought to be them responsible for their alterations.

Michael Steven Fruchtman says:

Re: Re:

Another good example are the credit agencies.

Your credit history is a set of 3rd party reported data about your previous loans, revolving lines of credit, mortgages, etc. This is 3rd party facts. Perfect example of the credit agency protected by Section 230.

Your credit score on the other hand is an opinion derived from those facts by the credit agency. I don’t see how you could file a defamation claim over your credit score, but the credit bureau would not be protected by Section 230 over it. A credit score is not 3rd party data.

Anonymous Coward says:

I tried the “demo” mode at but wasn’t able to generate any useful results… This makes me question how it could possibly have 50 million customers, but setting that aside, it seems like a much more curated kind of website than beenverified or spokeo, one that seems much more like is the “writer” rather than simply the platform/publisher.

This comment has been flagged by the community. Click here to show it.

This comment has been flagged by the community. Click here to show it.

Decadre (profile) says:

Without Sec. 230….

I’ve been wondering lately, without 230… what “technologies” become potential hot potatoes?

A lot of the computing tools we use can either require with or without our knowledge the computational process to happen on “virtual machines” in the cloud as well as the storage of data on the same “virtual machines” in the cloud owned by the companies that we “bought”, I mean licensed these computing tools from.

So what happens if 230 goes away? Unless I am mistaken, the description of what applies under it would certainly include Quickbooks Online or Microsoft Office in a browser.

Quickbooks liable for drug dealer using their online version even when they used code words for their products ?

Systems that use machine learning AI if fed non public data or let’s say data from a data breach?

AWS liable for hacker who uses their cloud servers for aim bots?

Any photo editing service with online upload tools and cloud storage for well… must I really?

Can a simple TOS protect them? And if so, then why not a social media site?

Christenson says:

The issue here is the clash between our moral sense and our legal sense.

Gathering millions of records and publishing selected abstracts is what both Google and do. In google’s case, there’s also no real submission by the website, only an omitted “robots.txt” file sometimes telling google not to gather specific things.

The moral sense gets upset because arrests get listed but not the dropping of charges or other exonerations, so it seems you are a felon, with adverse, real-life consequences, even though we find out through other sources that the cop was fired for that arrest.

Unfortunately, arrests and prosecutions need to be public…the power is often abused, and publicity is a check on that.

I see no good way, except it becoming common knowledge that ACAB and public shaming of to balance the needs of open government and the harm publicdata is causing here.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...