It’s no secret to those in the technology industry that Section 230 of the Communications Decency Act is a foundational component to how cyberspace works. However, today it is important to note that this decades-old legislation has become the target of regulation, creating significant impact on the level of risk in the tech industry. 

Enacted in 1996, Section 230 of the Communications Decency Act helps protect online companies from liability arising from what is posted on their platforms. Many experts point to Section 230 as a foundational component to how the internet works today as it provides immunity to internet companies in two ways. First, a provider or user of an “interactive computer service” can’t be treated as the “publisher or speaker” of information provided by a third party. The law has a broad definition of “interactive computer service.” It includes almost any online platform that publishes third-party content. Second, providers and users of interactive computer services can’t be liable for voluntarily taking down content if the provider believes in good faith that the information is obscene or otherwise objectionable.

For Section 230 to protect a company from liability, the company that is being held accountable needs to be identified as providing or using an interactive computer service and therefore held liable as the publisher or speaker of the information. In addition, the company can be sued for fostering information provided by a third party. Without Section 230, online platforms would have to pay for settlements and judgments if they were sued for content that their users posted. 

The Limits of The Law 

Section 230 doesn’t provide immunity in every case though. Negligence and illegal behavior are some of the areas where Section 230 will not protect an online company. Therefore, it’s important that businesses understand how their platforms work and how they’re interacting with users.  

There are four especially significant limits of Section 230 that businesses should recognize as they provide or use interactive computer services. This includes negligently designing a website or service that causes harm to a user, as well as materially contributing to illegality of information or harmful nature of content. Failing to warn users of a known danger on the platform and statutory exceptions such as federal civil rights claims, antitrust claims, Fair Housing Act claims, electronic communications privacy law claims or intellectual property claims. 

Protecting E-Commerce and Gig Economy Businesses

E-commerce and gig economy platforms may have some protection under Section 230. However, immunity will come down to the type of claim and how a gig economy service operates. It’s not as easy as saying every kind of e-commerce or gig economy company would have immunity under Section 230, and varying laws and regulations add another layer of complexity. 

For example, an e-commerce business will likely have protection from claims based on representations or omissions in a product description or advertisement because the content usually comes from a third party. But in some states, the company may be viewed as a seller, so it can still be liable for defective products. Meanwhile, for gig economy services, businesses can be liable if the platform encourages unlawful, illegal or harmful conduct. 

The Future of Section 230 and Its Impact to the Tech Industry

Congress is considering 14 bills that could amend Section 230 to either repeal, limit the scope, impose new obligations, and alter the “Good Samaritan” portion of the law. For example, the “Disincentivizing Internet Service Censorship of Online Users and Restrictions on Speech and Expression Act,” or the DISCOURSE Act, aims to remove Section 230 protections for “market-dominant” computer services that manipulate algorithms to censor certain materials or viewpoints.

Another bill, the “21st Century Foundation for the Right to Express and Engage in Speech Act,” or 21st Century FREE Speech Act, aims to repeal Section 230 completely. It would also reclassify internet platforms as common carriers, requiring them to provide services to anyone without discriminating against individual users or classes of users based on political views, religious affiliation and region. 

Even though these bills are not signed into law, it is important for tech companies to be aware of them because it can change how Section 230 worked over the last two decades and can impact a business’ operations today. In addition, it is not just tech companies who operate online platforms that could be impacted by changes to Section 230. It is also the companies that help make up the internet’s infrastructure.

For example, The Internet Society, a nonprofit organization, told The Verge in 2021 that these kinds of companies would have to reduce privacy practices because they’d have to be able to see what kind of information they’re passing off to determine if it’s illegal. Businesses around the world are using cloud computing more for their operations. And the infrastructure to handle this type of internet traffic continues to get built out. Changes to Section 230 could have serious impacts on how businesses providing cloud services and server hosting work.

Stay Connected 

Section 230 is not a simple law or topic to understand. With the potential for future changes, it imperative for tech companies to have experienced risk management partners to help educate and mitigate changes to Section 230, the limits to its immunity and status updates on the current bills in Congress that can affect the law.

For example, courts and legislators are actively debating the proper scope of the law. Court decisions continue to evolve and often turn on factually specific questions such as the level of editorial control exercised by the company, the nature of the harms caused to a plaintiff. For example, were they injured by a statement on the website or by a product sold on the website – or the design of a particular website or service?  

Plaintiffs’ lawyers and some courts will also try to avoid Section 230 protection by basing claims on the defective design or manufacture of products sold on a company’s website, rather than a statement about the product. In addition, they will claim the design of an online platform or service contributed to or encouraged the harm to the plaintiff and/or the illegal or tortious nature of the information. These are just two exposures. Others may include basing claims on information or content provided by the company, rather than a third party, and/or past instances of the company editing content, as well as claiming the company had a duty to warn users of known dangers and identifying promises to users by the company that the company failed to uphold. 

It’s clear the scope of Section 230 will continue to evolve. Now is the time for tech companies to remain vigilant and actively respond to its impacts and potential risk exposures.