Justia Communications Law Opinion Summaries

The case concerns a man who sued several parties after negative posts about him appeared in a large Chicago-based Facebook group where women share experiences about local men. The posts, made in late 2023, included a woman he briefly dated recounting her unpleasant experiences, attaching a screenshot of a profane text message he sent her after their breakup. Other posts by unidentified users included supportive comments and, in one instance, a link to a news article about a criminal case involving someone with a different name and appearance. The plaintiff alleged these posts caused him reputational, economic, and emotional harm.In the United States District Court for the Northern District of Illinois, the defendants—including the former date, her parents (for allegedly allowing use of their internet connection), the group’s administrators, and Meta Platforms—moved to dismiss the complaint for failure to state a claim. The court granted the motions, finding the claims legally insufficient and dismissing the case with prejudice. The plaintiff appealed and voluntarily dismissed claims against unidentified “Jane Doe” defendants to preserve diversity jurisdiction.The United States Court of Appeals for the Seventh Circuit reviewed the district court’s dismissal. The appellate court affirmed, holding that the plaintiff failed to state plausible claims under the Illinois Right of Publicity Act because none of the defendants used his likeness for a commercial purpose. The court also found the “doxing” claim insufficient, as there were no plausible allegations of intent or recklessness regarding harm or stalking. Defamation and related claims failed because the allegedly defamatory material could be innocently interpreted or lacked special damages. The court also concluded that the appeal as to the woman and her parents was frivolous and ordered the plaintiff and his attorneys to show cause why sanctions should not be imposed for bringing a meritless appeal and for submitting briefs containing fictitious quotations and misstatements of law. The court awarded costs to other appellees and referred attorney conduct to state disciplinary authorities. View "D'Ambrosio v Meta Platforms, Inc." on Justia Law

An educational technology company was contracted by a county office of education to provide software and technology services to school districts, which involved collecting and storing various types of student data, including medical information. In 2022, the company experienced a data breach that resulted in unauthorized access to student medical records, including those of a minor plaintiff. The minor, through a guardian, filed a class action lawsuit alleging violations of both the Confidentiality of Medical Information Act (CMIA) and the Customer Records Act (CRA), claiming the company was negligent in protecting confidential medical information and failed to provide timely disclosure of the breach.The Superior Court of Ventura County granted the company’s demurrer and dismissed the case, concluding that the plaintiff failed to state a claim under either statute, as the company was not a covered entity under the CMIA or CRA and the plaintiff was not a “customer” under the CRA. The California Court of Appeal, Second Appellate District, Division Six, reversed, finding that the company fell within the scope of both statutes and that the plaintiff had alleged sufficient facts to support both claims. The appellate court also determined that the trial court erred by denying leave to amend the complaint.The Supreme Court of California reversed the appellate decision. The Court held that the plaintiff did not sufficiently allege the company was a “provider of health care” under the CMIA, nor that he was the company’s “customer” under the CRA, so no claim was stated under either statute. However, the Court clarified that under the CMIA, a breach of confidentiality occurs when medical information is exposed to a significant risk of unauthorized access or use, and actual viewing by an unauthorized party is not required. The judgment was reversed and remanded for further proceedings. View "J.M. v. Illuminate Education, Inc." on Justia Law

A defendant accessed the internet using a publicly available Wi-Fi network operated by a local business, A&W, located near his home. Access to the Wi-Fi required users to acknowledge terms of service that, among other things, stated A&W did not actively monitor the network but could cooperate with legal authorities and disclose users’ activities in response to lawful requests. After A&W’s owner and their consultant noticed suspicious activity flagged by their firewall, they informed law enforcement, which then directed A&W to monitor and log the defendant’s internet activity for approximately one year. This surveillance included tracking over 255,000 webpage visits and collecting packet capture data. Information obtained through this monitoring led to the defendant’s identification, arrest, and conviction on charges of encouraging child sexual abuse.The case was first heard in the Lane County Circuit Court, where the defendant moved to suppress evidence obtained from the year-long monitoring. The trial court found A&W’s owner and consultant acted as state agents but ruled that the defendant had no protected privacy interest in his use of the public Wi-Fi network, and denied the suppression motion. After a stipulated facts trial, the court convicted the defendant. On appeal, the Oregon Court of Appeals affirmed, holding that the defendant did not have a constitutionally protected privacy interest in his internet browsing activities on the public network under the circumstances.The Supreme Court of the State of Oregon reversed the decision of the Court of Appeals in part, and reversed the judgment of the circuit court, remanding the case for further proceedings. The Supreme Court held that under Article I, section 9, of the Oregon Constitution, a person retains a right to privacy in their internet browsing activities even when accessing the internet via a public network, and that acknowledging terms of service like those present did not eliminate that privacy right. The year-long warrantless monitoring constituted a “search,” and the State failed to justify the lack of a warrant. View "State v. Simons" on Justia Law

Several major music copyright owners, including a leading entertainment company, sought to hold an Internet service provider responsible for copyright infringement committed by its subscribers. The service provider, which serves millions of customers, was notified by a monitoring company of over 160,000 instances where its subscribers’ IP addresses were linked to alleged copyright violations such as illegal music file sharing. Although the provider had policies prohibiting infringement and took steps such as issuing warnings and suspending service, the copyright holders argued these measures were inadequate and brought suit seeking to impose liability on the provider for continuing to serve known infringers.The case was tried in the United States District Court for the Eastern District of Virginia. There, the jury found in favor of the copyright owners on both contributory and vicarious liability, and determined the provider’s infringement was willful, awarding $1 billion in statutory damages. After the District Court denied the provider’s post-trial motion, the United States Court of Appeals for the Fourth Circuit affirmed the finding of contributory liability, reasoning that supplying a service with knowledge it would be used for infringement was sufficient. The Fourth Circuit, however, reversed as to vicarious liability and remanded for a new determination of damages.The Supreme Court of the United States reviewed the case concerning contributory liability. The Court held that a service provider is contributorily liable for a user’s infringement only if it either induced the infringement or provided a service tailored for infringement. Because the provider neither encouraged infringement nor offered a service primarily designed for infringement—since Internet access has substantial lawful uses—the provider was not contributorily liable. The Supreme Court reversed the Fourth Circuit’s judgment on contributory liability and remanded the case for further proceedings. View "Cox Communications, Inc. v. Sony Music Entertainment" on Justia Law

An 18-year-old high school senior from Texas was indicted by a federal grand jury for transmitting threats in interstate commerce, based on statements he made while using the online gaming platform Roblox. The statements, made in a virtual “Church” experience, referenced possessing firearms, preparing munitions, and intentions to commit violence at a Christian event. Other Roblox users, located in Pennsylvania and Nevada, reported these statements to the FBI, believing them to be serious threats rather than mere role-play or trolling. The government alleged the defendant's remarks corresponded to a real concert scheduled in Austin and supported its case with evidence from the defendant’s internet history and statements captured by a keylogger.The United States District Court for the Western District of Texas dismissed the indictment before trial, concluding no reasonable juror could find that the defendant’s statements constituted “true threats” outside the protection of the First Amendment. The court found the context—a role-playing video game environment filled with extreme and offensive avatars—undermined the seriousness of the statements, and excluded evidence of the defendant’s conduct outside Roblox as irrelevant. The district court released the defendant without conditions, later imposing some conditions after a government request.On appeal, the United States Court of Appeals for the Fifth Circuit held that the question of whether the statements were “true threats” is a factual issue that should ordinarily be decided by a jury at trial, not by the judge on a pretrial motion. The court found that disputed facts and contextual uncertainties required a trial on the merits, and that the district court erred by resolving these issues prematurely. The Fifth Circuit reversed the district court’s dismissal of the indictment and remanded for further proceedings. The appeal regarding the defendant’s release was dismissed as moot. View "United States v. Burger" on Justia Law

A national trade association representing large online businesses challenged a recently enacted California statute designed to protect minors’ privacy and well-being online. The law imposes specific requirements on businesses whose online services are likely to be accessed by children under eighteen, including obligations regarding data use, age estimation, and restrictions on certain user interface designs known as “dark patterns.” Before the law took effect, the association brought suit in the United States District Court for the Northern District of California, arguing that several provisions were unconstitutional on First Amendment and vagueness grounds, and sought a preliminary injunction to prevent enforcement.The district court initially enjoined the entire statute, finding the association was likely to succeed on its facial First Amendment challenge. On the State’s appeal, the United States Court of Appeals for the Ninth Circuit vacated most of the injunction, affirming only as to a specific requirement regarding Data Protection Impact Assessments and related inseverable provisions, and remanded for the district court to analyze the association’s other facial challenges and the issue of severability under the Supreme Court’s clarified standards in Moody v. NetChoice, LLC. On remand, the district court again enjoined the entire statute and, in the alternative, seven specific provisions.On further appeal, the United States Court of Appeals for the Ninth Circuit held that the association did not meet its burden for a facial challenge to the law’s coverage definition or its age estimation requirement, vacating the injunction as to those. However, the court affirmed the preliminary injunction as to the law’s data use and dark patterns restrictions on vagueness grounds, finding the provisions failed to clearly delineate prohibited conduct. The court vacated the injunction as to the statute’s remainder and remanded for further proceedings on severability. View "NETCHOICE, LLC V. BONTA" on Justia Law

ARcare, Inc., a nonprofit community health center receiving federal funding, suffered a data breach in early 2022 when an unauthorized third party accessed confidential patient information, including names, social security numbers, and medical treatment details. After ARcare notified affected individuals, several patients filed lawsuits alleging that ARcare failed to adequately safeguard their information as required under federal law. Plaintiffs reported fraudulent invoices and that their information was found for sale on the dark web.The actions were removed to the United States District Court for the Eastern District of Arkansas, where six class actions were consolidated. ARcare sought to invoke absolute immunity under 42 U.S.C. § 233(a) of the Federally Supported Health Centers Assistance Act (FSHCAA), which provides immunity for damages resulting from the performance of “medical, surgical, dental, or related functions.” ARcare moved to substitute the United States as defendant under the Federal Tort Claims Act, arguing the data breach arose from a “related function.” The district court denied the motion, finding that protecting patient information from cyberattacks was not sufficiently linked to the provision of health care to qualify as a “related function” under the statute.On appeal, the United States Court of Appeals for the Eighth Circuit reviewed the statutory immunity issue de novo. The court affirmed the district court’s denial of immunity, holding that the FSHCAA’s language does not extend statutory immunity to claims arising from a health center’s data security practices. The court reasoned that “related functions” must be activities closely connected to the provision of health care, and data security is not such a function. Therefore, ARcare is not entitled to substitute the United States as defendant, and the denial of statutory immunity was affirmed. View "Hale v. ARcare, Inc" on Justia Law

A Texas-based company distributed files online that enabled the 3D printing of functional, untraceable firearms. After New Jersey’s Attorney General issued a cease-and-desist letter and the state legislature enacted a statute prohibiting the distribution of such files to unlicensed individuals, the company and an affiliated nonprofit restricted New Jersey residents from accessing these files. The plaintiffs challenged the actions, alleging violations of the First, Second, and Fourteenth Amendments.Initially, the plaintiffs filed suit in the Western District of Texas, which dismissed the case for lack of personal jurisdiction. Plaintiffs then filed a similar suit in the District of New Jersey, alleging the statute constituted criminal censorship. After complex procedural maneuvers—including appeals and transfers between Texas and New Jersey, and requests for retransfer—the litigation proceeded in the District of New Jersey, which consolidated the relevant cases.The United States Court of Appeals for the Third Circuit reviewed the District of New Jersey’s decision to dismiss the complaint with prejudice. The Third Circuit affirmed the lower court’s rulings. It held that the district court did not abuse its discretion in denying retransfer to Texas. The court further held that the plaintiffs lacked standing to bring a Second Amendment claim, as there were no allegations that any plaintiff or member was prevented from 3D-printing a firearm. The court also found the statute was not void for vagueness under the Due Process Clause, as it provided fair notice of prohibited conduct. Finally, the court held that plaintiffs failed to plead sufficient facts showing that the computer code at issue was expressive and entitled to First Amendment coverage, as the complaint did not detail the nature or expressive use of the files. The dismissal with prejudice was affirmed. View "Defense Distributed v. Attorney General New Jersey" on Justia Law

A Pennsylvania-based company operating an online marketplace for firearms was sued under New Hampshire law by a former Boston police officer and his wife. Their claims alleged that the company’s website facilitated the sale of a firearm in New Hampshire in 2015, which was later used to shoot the officer in Boston in 2016. The plaintiffs asserted causes of action including negligence, aiding and abetting tortious conduct, public nuisance, loss of consortium, and loss of support, based on the website’s alleged design and operation in encouraging illegal gun sales.Previously, the plaintiffs had filed a similar suit in the Massachusetts Superior Court against the company and other defendants, but that court dismissed the claims against the company based on Section 230 of the Communications Decency Act, without ruling on personal jurisdiction. After jurisdictional discovery, the Massachusetts Superior Court subsequently dismissed the claims for lack of personal jurisdiction. The plaintiffs then filed the present action in the United States District Court for the District of New Hampshire, which denied their request for jurisdictional discovery and dismissed their claims for lack of personal jurisdiction, finding the company had not purposefully availed itself of the protections of New Hampshire’s laws.On appeal, the United States Court of Appeals for the First Circuit affirmed the District Court’s ruling in part and vacated it in part. The First Circuit held that the plaintiffs failed to make a prima facie case of purposeful availment based on contacts up to 2016, but concluded that evidence of thousands of “New Hampshire” firearm listings on the website from 2018 onward, when considered with other evidence, sufficed for a prima facie showing of purposeful availment. The court remanded for consideration of relatedness and reasonableness and affirmed denial of jurisdictional discovery. View "Stokinger v. Armslist, LLC" on Justia Law

Two individuals brought a class action against Amazon, alleging that its Virtual Try-On (VTO) feature—used to preview makeup and eyewear products by rendering them on users’ faces via their mobile devices—violated the Illinois Biometric Information Privacy Act (BIPA). The VTO software, developed both in-house and by a third party, captured users’ facial geometry to overlay products for virtual preview. The plaintiffs claimed Amazon collected, stored, and used their facial data and that of many others in Illinois without proper notice, informed consent, or the creation of required data retention and destruction policies as mandated by BIPA.After removal from Illinois state court to the United States District Court for the Northern District of Illinois, the plaintiffs moved for class certification under Federal Rule of Civil Procedure 23(b)(3). The district court certified a class of all individuals who used Amazon’s VTO feature in Illinois after September 7, 2016. The district court found the class satisfied the requirements of numerosity, commonality, typicality, and adequacy, and that common questions—primarily concerning the VTO’s functionality and Amazon’s use of biometric data—predominated over individual questions such as location and damages. It also found a class action was superior due to the size and cost of potential individual litigation.On interlocutory appeal, the United States Court of Appeals for the Seventh Circuit reviewed only the class certification decision, focusing on predominance and superiority. The court affirmed the district court’s certification, holding that common questions about Amazon’s alleged statutory violations predominated and that individual questions regarding user location and damages were manageable. The court also agreed that a class action was superior to individual suits, given the complexity and cost of litigation, and affirmed the district court’s discretion. View "Svoboda v Amazon.com Inc." on Justia Law