As in the non-Internet world, users of social media often do and say things that are not always appropriate - whether intentional or not. Examples include the posting of a piece of confidential or inappropriate information about oneself, one's company or an acquaintance (have you seen the latest Domino's video?). Such communication can take the form of a written comment, photo, video or other form of communication. These actions can result in claims of defamation, incorrect statements of fact, harassment, etc. And in Domino's case, a temporary loss of revenue and a ding on the company's brand.
Unfortunately for social media operators, including banks that host their own social media platforms (e.g., Bank of America's Small Business Online Community), those adversely affected tend to include social media operators (in the context of this article, banks that host a social media site). Fortunately for social media operators operating in the U.S., there exists some form of protection against these claims.
COMMUNICATIONS DECENCY ACT
Section 230 of the Communications Decency Act ("CDA") of 1996 is a landmark piece of Internet legislation. Section 230(c)(1) of the CDA provides immunity from liability to providers and users of an "interactive computer service" that publishes information provided by others (user-generated content). Courts generally apply the following three-prong test to determine whether a defendant is subject to the protections afforded by Section 230.
- The defendant must be a "provider or user" of an "interactive computer service;"
- The cause of action asserted by the plaintiff must treat the defendant as a "publisher or speaker" of the harmful information at issue; and,
- The information must be "provided by another information content provider," (i.e., the defendant must not be the information content provider of the harmful information at issue).
This section of the CDA was enacted to enhance free speech by making it unnecessary for Internet service providers and other service providers to unduly restrict customers' actions for fear of being found legally liable for customers' conduct. This law effectively protects social media operators since it covers computer services that involve user-generated content.
As a result of its effective protections, Section 230 is considered quite controversial because courts have interpreted Section 230 as providing complete immunity to Internet service providers and other service providers with regard to torts committed by their users. Critics of Section 230 are primarily concerned with its effectiveness at leaving victims with no hope of relief in instances where the true tortfeasors cannot be identified or are judgment proof.
Courts have upheld Section 230 in a variety of factual contexts and on numerous legal theories, including posting of:
- Defamatory information;
- Private information;
- False information;
- Pornographic information;
- Harassing commentary; and,
- Discriminatory and/or illegal advertising.
Section 230, however, is not absolute protection. For example, plaintiffs have successfully argued in a handful of cases that an "interactive computer service" was not entitled to Section 230 immunity because the person or entity in question was an "information content provider" with respect to the information at issue, thereby failing the third test noted above.
Notwithstanding certain plaintiff successes, generally the social media operator is protected against liability for postings made by others so long as the operator does not contribute in whole or in part, in the creation or development of the content and provides a mechanism for detecting objectionable content.
As such, in order for social media operators (e.g., banks) to obtain the maximum protection under Section 230 of the CDA, the operator should strictly adhere to the following:
- Do not alter any contribution of user-generated content. To the extent that user-generated content is repackaged - no matter how insignificantly, the social media operator potentially voids one of the three tests and risks exposure. Competent legal counsel should opine on the risk to the social media operator to the extent that any user-generated content is repackaged or reformatted.
With more and more banks considering the addition of social media capabilities, such as product review and ratings, banks need to ensure that they implement a set of policies and procedures that ensures ongoing compliance with the CDA. Compliance is not difficult but nonetheless, it must be addressed as part of any implementation process.
Be wary of social media consultants that are not able to connect the dots between the practical implementation and legal compliance with the CDA. Consultants, whether in-house or external, should provide a product that is compliant as well as a set of end user terms that maximize protection.
[This blog is not to be considered legal advice. ]