Your Kids’ Facebook Activities Can Subject You to Liability (But See 47 U.S.C. § 230?)

As a general rule, parents are not liable for their childrens’ actions simply by virtue of the fact that they are the kid’s parents. (I wish it were different, as that might put a leash on our idiocracy devolution, but sigh).

That all aside, the Georgia Court of Appeals just held that parents can be liable for their children’s activities online, most specifically on Facebook. See Boston v. Athearn (Ga. Ct. App. 2014).

The facts are pretty standard fare. Some kids decided to bully another kid. They set up a fake Facebook account dedicated to that mission. The Facebook page was apparently racist and defamatory. (Op. at 3).

During the 11 months the unauthorized profile and page could be viewed, the Athearns [the Parents] made no attempt to view the unauthorized page, and they took no action to determine the content of the false, profane, and ethnically offensive information that Dustin [their son] was charged with electronically distributing. They did not attempt to learn to whom Dustin had distributed the false and offensive information or whether the distribution was ongoing. They did not tell Dustin to delete the page. Furthermore, they made no attempt to determine whether the false and offensive information Dustin was charged with distributing could be corrected, deleted, or retracted. (Op. at 5).

Georgia follows the general rule that parents are not automatically liable for the sins of their children. But, they “may be held directly liable, however, for their own negligence in failing to supervise or control their child with regard to conduct which poses an unreasonable risk of harming others. (Op. at 6-7).

The Georgia court found that the child used a computer and access to an Internet account “improperly, in a way likely to cause harm, and with malicious intent.” (Op. at 11). The parents argued that they could not have anticipated the child’s actions until after the child’s school brought it to their attention. But, the Georgia court brushed this off, stating “The Ahearns’ argument does not take into account that, as Dustin’s parents, they continued to be responsible for supervising Dustin’s use of the computer and Internet after learning that he had created the unauthorized Facebook profile.” (Op. at 11).

Logically, this all makes sense. Parents have a duty to control their kid. They breach the duty. The breach causes harm. They pay. Classic negligence theory.

But, it seems that nobody raised the issue of 47 U.S.C. § 230, which provides immunity from such claims.(1)

The Communications Decency Act (CDA) provides, “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” 47 U.S.C. § 230(c)(1). The CDA goes on, “No cause of action may be brought and no liability may be imposed under any State or local law that is inconsistent with this section.” Id. § 230(e)(3).

This decision holds the parents accountable as it would a publisher or speaker of the information in question, thus the claim should be barred by 47 U.S.C. § 230.

CDA immunity requires that “(1) the defendant be a provider or user of an interactive computer service; (2) the cause of action treat the defendant as a publisher or speaker of information; and (3) the information at issue be provided by another information content provider.” Gentry v. eBay, Inc., 99 Cal. App. 4th 816, 830 (2002)

This claim attempts to treat the parents as a liable participants in the tortious conduct. The CDA provides immunity when a plaintiff seeks to hold a defendant liable for tortious conduct based on the fact that the defendant provided the Internet instrumentalities used to commit the tort. See, e.g., Almeida v. Amazon, 456 F.3d 327 (11th Cir. 2006).

In Delfino v. Agilent Techns. Inc., 145 Cal. App. 4th 790, 806 (2006), the California court of appeals found that when an employee used the employer’s computer network to send threatening messages, the employer was not liable. In that case, the court held that although the defendant-employer merely acted as the provider of the computer system, the plaintiff’s tort claims in essence sought to hold the employer liable for the publication of the threatening messages. Id. Therefore, the employer was immune under § 230.

The Georgia Court of Appeals had its first § 230 case this summer. Internet Brands, Inc. v. Jape, 328 Ga. App. 272 (Ga. Ct. App.2014). “The CDA “precludes plaintiffs from holding interactive computer service providers liable for the publication of information created and developed by others.” Id. at 274-75. And, in that case, it recognized (like all other courts before it) that § 230 protection is broad. “[C]ourts have consistently … held that § 230 provides a ‘robust’ immunity, and that all doubts must be resolved in favor of immunity.” Id. at 276 (citations and quote marks omitted).

In this case, the plaintiff does not bring a direct claim of defamation against the parents for creating the content. But, the claims appear to have the same effect as treating them as the publisher of the information based solely upon their role as the provider of the account and hardware for the tortious communications. It is without dispute that the content was provided by another person, namely the son. The son, therefore, is the liable party – not the parents – and under the CDA, any claim to the contrary appears to be barred.

UPDATE: If CDA immunity applied, it would certainly be the first time it applied in precisely this kind of scenario. But see footnote 1, below.

(1) I oughta know. A few years back, I raised the theory that if you provide an open wifi connection, you should be liable for torts committed over that open wifi. Since I raised it in a copyright context, the courts I raised it before dismissed it on a pre-emption claim. But, other courts have since ruled that even if that theory was not pre-empted, it would be barred by Section 230. See AF Holdings, LLC v. Doe, 104 U.S.P.Q.2D (BNA) 1182, 2012 U.S. Dist. LEXIS 125306, 2012 WL 3835102 (N.D. Cal.Sept. 4, 2012); AF Hodlings, LLC v. Doe, 2012 U.S. Dist. LEXIS 143484, 2012 WL 4747170 (N.D. Cal.Oct. 3, 2012).

8 Responses to Your Kids’ Facebook Activities Can Subject You to Liability (But See 47 U.S.C. § 230?)

  1. Marc — when I first read about this case, I had the same thought — shouldn’t the CDA apply here?

    After thinking about it, I realized that NO, the CDA doesn’t apply. Why not? Because — the first prong of any CDA analysis asks whether the defendant is a “provider or user” of an interactive computer service.

    In this case, were the parents providing an “interactive computer service”? I don’t think so. That term is specifically defined by 47 USC 230(f)(2) as meaning: “any information service, system, or access software provider that provides or enables computer access by multiple users to a computer server ….” Does giving your kid an iPad and a wifi connection make you a provider of an “interactive computer service”? My gut says no and I suppose you could argue both sides of that, but I am fairly sure I have read every CDA case in existence, and I am not aware of any authority that would support the parents on this point.

    Assuming the parents did not qualify as providers of an interactive computer service, I think that’s the end of the CDA analysis.

    Yes, it’s true that in addition to ICS providers the law also protects ICS USERS, and if the parents had their own Facebook accounts, then I guess they’d qualify as users. But still, liability here seemed to be premised on the fact that the parents did NOT take any steps to monitor what their kid was doing on the computer….i.e., the parents were not acting as users of an ICS (because they were not even bothering to look at their kid’s computer).

    Because I don’t really see how the plaintiff’s claims required treating the parents as either providers or users of an interactive computer service, I don’t think the CDA would apply.

    To be fair, I don’t actually disagree with most of your analysis, and I agree it’s appropriate to argue cases like Delfino where an employer was protected by the CDA for messages sent by an employee. This argument “feels” right. But those cases are different because in Delfino, the employer really was providing an interactive computer service, and liability arose directly from that fact.

    I don’t think the same is true here, thus I don’t entirely disagree with the outcome.

  2. I wish for you to be right.

    But, the holdings in two Northern District of California cases, I think, say otherwise. See AF Holdings, LLC v. Doe, 104 U.S.P.Q.2D (BNA) 1182, 2012 U.S. Dist. LEXIS 125306, 2012 WL 3835102 (N.D. Cal.Sept. 4, 2012); AF Hodlings, LLC v. Doe, 2012 U.S. Dist. LEXIS 143484, 2012 WL 4747170 (N.D. Cal.Oct. 3, 2012).

    Naturally, they’re not binding. But, mesh them with Delfino, and I think we have the “proper” result. By “proper” I mean “legally consistent.”

    I do not think that § 230 was intended to be this broad. Nevertheless, the case law has expanded it to be this broad. And, whether I like what the law is, or not, it is what it is.

  3. dan says:

    In AF Holdings the plaintiff got shut down on all three. More specifically on the negligence claim. The CDA analysis itself led to the conclusion that Botson was no foul. It seems to continue to limit s230 not expand it.

  4. TGM says:

    I’m wondering whether the Defendants’ lawyer failed to raise the CDA because he simply wasn’t aware of it. Even if there’s only a small chance that 47 USC 230 grants immunity here, I see no reason not to give it the old college try. It’s probably not legal malpractice since, as Marc mentioned, it would be the first time the CDA was applied to the circumstances of this particular case. But at the very least, it seems like a good example of how not knowing the law that governs your client’s case can potentially rob them of of a good result.

  5. andrews says:

    I’m not at all sure the CDA applies. You’d be stretching it in much the same way that the wireless access point cases were stretching it.

    However, this is not a case of holding the parents liable for the content the kid wrote. As I read the case, they are saying that the school told the parents that their kid was doing this bad thing (posting defamation) and then the parents waited for the better part of a year doing nothing while the kid continued to do the bad thing.

    Consider a kid writing bad things on the sidewalk in front of a store. Cops tell kid not to do it, tell parents kid is doing it. Parents do nothing, kid continues to write bad stuff on sidewalk.

    Whether it be chalk or bytes, the parents are continuing to place what they now know to be an instrumentality of harm in the hands of the kid. There could be negligent supervision. That’s all the GA appeals court appears to be saying.

  6. Don’t misunderstand me here. I think the AF Holdings decisions were bullshit. But, if the AF Holdings decisions stand, then the CDA should also apply here.

  7. Sheogorath says:

    Hi, Marc.
    Just to say, you present a good theory on the face of it, but it does fall down on a very important point. You see, Section 230 provides immunity to third party providers of computer equipment and services, and your immediate family is a second party at most.

%d bloggers like this: