Justia Internet Law Opinion Summaries

Several major music copyright owners, including a leading entertainment company, sought to hold an Internet service provider responsible for copyright infringement committed by its subscribers. The service provider, which serves millions of customers, was notified by a monitoring company of over 160,000 instances where its subscribers’ IP addresses were linked to alleged copyright violations such as illegal music file sharing. Although the provider had policies prohibiting infringement and took steps such as issuing warnings and suspending service, the copyright holders argued these measures were inadequate and brought suit seeking to impose liability on the provider for continuing to serve known infringers.The case was tried in the United States District Court for the Eastern District of Virginia. There, the jury found in favor of the copyright owners on both contributory and vicarious liability, and determined the provider’s infringement was willful, awarding $1 billion in statutory damages. After the District Court denied the provider’s post-trial motion, the United States Court of Appeals for the Fourth Circuit affirmed the finding of contributory liability, reasoning that supplying a service with knowledge it would be used for infringement was sufficient. The Fourth Circuit, however, reversed as to vicarious liability and remanded for a new determination of damages.The Supreme Court of the United States reviewed the case concerning contributory liability. The Court held that a service provider is contributorily liable for a user’s infringement only if it either induced the infringement or provided a service tailored for infringement. Because the provider neither encouraged infringement nor offered a service primarily designed for infringement—since Internet access has substantial lawful uses—the provider was not contributorily liable. The Supreme Court reversed the Fourth Circuit’s judgment on contributory liability and remanded the case for further proceedings. View "Cox Communications, Inc. v. Sony Music Entertainment" on Justia Law

An 18-year-old high school senior from Texas was indicted by a federal grand jury for transmitting threats in interstate commerce, based on statements he made while using the online gaming platform Roblox. The statements, made in a virtual “Church” experience, referenced possessing firearms, preparing munitions, and intentions to commit violence at a Christian event. Other Roblox users, located in Pennsylvania and Nevada, reported these statements to the FBI, believing them to be serious threats rather than mere role-play or trolling. The government alleged the defendant's remarks corresponded to a real concert scheduled in Austin and supported its case with evidence from the defendant’s internet history and statements captured by a keylogger.The United States District Court for the Western District of Texas dismissed the indictment before trial, concluding no reasonable juror could find that the defendant’s statements constituted “true threats” outside the protection of the First Amendment. The court found the context—a role-playing video game environment filled with extreme and offensive avatars—undermined the seriousness of the statements, and excluded evidence of the defendant’s conduct outside Roblox as irrelevant. The district court released the defendant without conditions, later imposing some conditions after a government request.On appeal, the United States Court of Appeals for the Fifth Circuit held that the question of whether the statements were “true threats” is a factual issue that should ordinarily be decided by a jury at trial, not by the judge on a pretrial motion. The court found that disputed facts and contextual uncertainties required a trial on the merits, and that the district court erred by resolving these issues prematurely. The Fifth Circuit reversed the district court’s dismissal of the indictment and remanded for further proceedings. The appeal regarding the defendant’s release was dismissed as moot. View "United States v. Burger" on Justia Law

A national trade association representing large online businesses challenged a recently enacted California statute designed to protect minors’ privacy and well-being online. The law imposes specific requirements on businesses whose online services are likely to be accessed by children under eighteen, including obligations regarding data use, age estimation, and restrictions on certain user interface designs known as “dark patterns.” Before the law took effect, the association brought suit in the United States District Court for the Northern District of California, arguing that several provisions were unconstitutional on First Amendment and vagueness grounds, and sought a preliminary injunction to prevent enforcement.The district court initially enjoined the entire statute, finding the association was likely to succeed on its facial First Amendment challenge. On the State’s appeal, the United States Court of Appeals for the Ninth Circuit vacated most of the injunction, affirming only as to a specific requirement regarding Data Protection Impact Assessments and related inseverable provisions, and remanded for the district court to analyze the association’s other facial challenges and the issue of severability under the Supreme Court’s clarified standards in Moody v. NetChoice, LLC. On remand, the district court again enjoined the entire statute and, in the alternative, seven specific provisions.On further appeal, the United States Court of Appeals for the Ninth Circuit held that the association did not meet its burden for a facial challenge to the law’s coverage definition or its age estimation requirement, vacating the injunction as to those. However, the court affirmed the preliminary injunction as to the law’s data use and dark patterns restrictions on vagueness grounds, finding the provisions failed to clearly delineate prohibited conduct. The court vacated the injunction as to the statute’s remainder and remanded for further proceedings on severability. View "NETCHOICE, LLC V. BONTA" on Justia Law

ARcare, Inc., a nonprofit community health center receiving federal funding, suffered a data breach in early 2022 when an unauthorized third party accessed confidential patient information, including names, social security numbers, and medical treatment details. After ARcare notified affected individuals, several patients filed lawsuits alleging that ARcare failed to adequately safeguard their information as required under federal law. Plaintiffs reported fraudulent invoices and that their information was found for sale on the dark web.The actions were removed to the United States District Court for the Eastern District of Arkansas, where six class actions were consolidated. ARcare sought to invoke absolute immunity under 42 U.S.C. § 233(a) of the Federally Supported Health Centers Assistance Act (FSHCAA), which provides immunity for damages resulting from the performance of “medical, surgical, dental, or related functions.” ARcare moved to substitute the United States as defendant under the Federal Tort Claims Act, arguing the data breach arose from a “related function.” The district court denied the motion, finding that protecting patient information from cyberattacks was not sufficiently linked to the provision of health care to qualify as a “related function” under the statute.On appeal, the United States Court of Appeals for the Eighth Circuit reviewed the statutory immunity issue de novo. The court affirmed the district court’s denial of immunity, holding that the FSHCAA’s language does not extend statutory immunity to claims arising from a health center’s data security practices. The court reasoned that “related functions” must be activities closely connected to the provision of health care, and data security is not such a function. Therefore, ARcare is not entitled to substitute the United States as defendant, and the denial of statutory immunity was affirmed. View "Hale v. ARcare, Inc" on Justia Law

A Texas-based company distributed files online that enabled the 3D printing of functional, untraceable firearms. After New Jersey’s Attorney General issued a cease-and-desist letter and the state legislature enacted a statute prohibiting the distribution of such files to unlicensed individuals, the company and an affiliated nonprofit restricted New Jersey residents from accessing these files. The plaintiffs challenged the actions, alleging violations of the First, Second, and Fourteenth Amendments.Initially, the plaintiffs filed suit in the Western District of Texas, which dismissed the case for lack of personal jurisdiction. Plaintiffs then filed a similar suit in the District of New Jersey, alleging the statute constituted criminal censorship. After complex procedural maneuvers—including appeals and transfers between Texas and New Jersey, and requests for retransfer—the litigation proceeded in the District of New Jersey, which consolidated the relevant cases.The United States Court of Appeals for the Third Circuit reviewed the District of New Jersey’s decision to dismiss the complaint with prejudice. The Third Circuit affirmed the lower court’s rulings. It held that the district court did not abuse its discretion in denying retransfer to Texas. The court further held that the plaintiffs lacked standing to bring a Second Amendment claim, as there were no allegations that any plaintiff or member was prevented from 3D-printing a firearm. The court also found the statute was not void for vagueness under the Due Process Clause, as it provided fair notice of prohibited conduct. Finally, the court held that plaintiffs failed to plead sufficient facts showing that the computer code at issue was expressive and entitled to First Amendment coverage, as the complaint did not detail the nature or expressive use of the files. The dismissal with prejudice was affirmed. View "Defense Distributed v. Attorney General New Jersey" on Justia Law

A Pennsylvania-based company operating an online marketplace for firearms was sued under New Hampshire law by a former Boston police officer and his wife. Their claims alleged that the company’s website facilitated the sale of a firearm in New Hampshire in 2015, which was later used to shoot the officer in Boston in 2016. The plaintiffs asserted causes of action including negligence, aiding and abetting tortious conduct, public nuisance, loss of consortium, and loss of support, based on the website’s alleged design and operation in encouraging illegal gun sales.Previously, the plaintiffs had filed a similar suit in the Massachusetts Superior Court against the company and other defendants, but that court dismissed the claims against the company based on Section 230 of the Communications Decency Act, without ruling on personal jurisdiction. After jurisdictional discovery, the Massachusetts Superior Court subsequently dismissed the claims for lack of personal jurisdiction. The plaintiffs then filed the present action in the United States District Court for the District of New Hampshire, which denied their request for jurisdictional discovery and dismissed their claims for lack of personal jurisdiction, finding the company had not purposefully availed itself of the protections of New Hampshire’s laws.On appeal, the United States Court of Appeals for the First Circuit affirmed the District Court’s ruling in part and vacated it in part. The First Circuit held that the plaintiffs failed to make a prima facie case of purposeful availment based on contacts up to 2016, but concluded that evidence of thousands of “New Hampshire” firearm listings on the website from 2018 onward, when considered with other evidence, sufficed for a prima facie showing of purposeful availment. The court remanded for consideration of relatedness and reasonableness and affirmed denial of jurisdictional discovery. View "Stokinger v. Armslist, LLC" on Justia Law

Two individuals brought a class action against Amazon, alleging that its Virtual Try-On (VTO) feature—used to preview makeup and eyewear products by rendering them on users’ faces via their mobile devices—violated the Illinois Biometric Information Privacy Act (BIPA). The VTO software, developed both in-house and by a third party, captured users’ facial geometry to overlay products for virtual preview. The plaintiffs claimed Amazon collected, stored, and used their facial data and that of many others in Illinois without proper notice, informed consent, or the creation of required data retention and destruction policies as mandated by BIPA.After removal from Illinois state court to the United States District Court for the Northern District of Illinois, the plaintiffs moved for class certification under Federal Rule of Civil Procedure 23(b)(3). The district court certified a class of all individuals who used Amazon’s VTO feature in Illinois after September 7, 2016. The district court found the class satisfied the requirements of numerosity, commonality, typicality, and adequacy, and that common questions—primarily concerning the VTO’s functionality and Amazon’s use of biometric data—predominated over individual questions such as location and damages. It also found a class action was superior due to the size and cost of potential individual litigation.On interlocutory appeal, the United States Court of Appeals for the Seventh Circuit reviewed only the class certification decision, focusing on predominance and superiority. The court affirmed the district court’s certification, holding that common questions about Amazon’s alleged statutory violations predominated and that individual questions regarding user location and damages were manageable. The court also agreed that a class action was superior to individual suits, given the complexity and cost of litigation, and affirmed the district court’s discretion. View "Svoboda v Amazon.com Inc." on Justia Law

Disney Platform Distribution, BAMTech, and Hulu, subsidiaries of the Walt Disney Company, provide video streaming services to subscribers in the City of Santa Barbara. In 2022, the City’s Tax Administrator notified these companies that they had failed to collect and remit video users’ taxes under Ordinance 5471 for the period January 1, 2018, through December 31, 2020, resulting in substantial assessments. The companies appealed to the City Administrator, and a retired Associate Justice served as hearing officer, ultimately upholding the Tax Administrator’s decision.Following the administrative appeal, the companies sought judicial review by filing a petition for a writ of administrative mandate in the Superior Court of Santa Barbara County. The trial court denied their petition, finding that the Ordinance does apply to video streaming services and rejecting arguments that the Ordinance violated the Internet Tax Freedom Act, the First Amendment, and Article XIII C of the California Constitution. The trial court also found there was no violation of Public Utilities Code section 799’s notice requirements, as the City’s actions did not constitute a change in the tax base or adoption of a new tax.On appeal, the California Court of Appeal, Second Appellate District, Division Six, affirmed the trial court’s judgment. The court held that the Ordinance applies to video streaming services, interpreting the term “channel” in its ordinary, non-technical sense and finding that the voters intended technological neutrality. The court further held that the Ordinance does not violate the Internet Tax Freedom Act because video streaming subscriptions and DVD sales/rentals are not “similar” under the Act. Additionally, the court concluded the tax is not a content-based regulation of speech under the First Amendment, and that delayed enforcement did not constitute a tax increase requiring additional voter approval or notice under the California Constitution or Public Utilities Code section 799. View "Disney Platform Distribution v. City of Santa Barbara" on Justia Law

A company operating movie theaters in several Midwestern states offered free movie trailers on its website to attract customers. After a website visitor viewed these trailers, she began to receive targeted advertisements on her Facebook page. She alleged that the company had installed a program, Meta Pixel, which tracked her activity and shared her personal information with Meta (Facebook’s parent company). She claimed that the company, as a “video tape service provider,” had a duty under the Video Privacy Protection Act not to disclose her personally identifiable information without consent.The United States District Court for the District of Minnesota dismissed the complaint. The district court found that the company was not a “video tape service provider” as defined by the statute, because it was not engaged in the business of renting, selling, or delivering prerecorded video cassette tapes or similar audio visual materials. As a result, the court concluded that the company had no statutory obligation to withhold the plaintiff’s personal information under the Act.On appeal, the United States Court of Appeals for the Eighth Circuit reviewed the district court’s dismissal de novo. The appellate court agreed with the district court, holding that movie theaters are not “engaged in the business” of renting, selling, or delivering prerecorded video cassette tapes or similar audio visual materials. The court reasoned that the statutory definition requires a physical medium similar to video cassette tapes, which does not include theatrical screenings or free online trailers. The court further determined that offering trailers online did not constitute a separate business of delivering audio visual materials for livelihood or gain. Accordingly, the Eighth Circuit affirmed the judgment of the district court. View "Christopherson v. Cinema Entertainment Corp." on Justia Law

California enacted a law aimed at addressing concerns about minors’ addiction to social media by regulating how internet platforms provide personalized content to users under 18. The law restricts minors’ access to algorithmic feeds without parental consent, imposes default settings such as hiding like counts and requiring private accounts, and mandates future age-verification procedures. NetChoice, a trade association representing major internet companies, challenged the law on First Amendment grounds, arguing it unconstitutionally restricts both platforms’ and users’ speech, and that some provisions are unconstitutionally vague.The United States District Court for the Northern District of California granted a preliminary injunction against two provisions not at issue in this appeal, but otherwise denied NetChoice’s request for broader injunctive relief. The district court found that NetChoice lacked associational standing to challenge the personalized-feed restrictions as applied to its members, that the age-verification requirements were not ripe for review, and that the default settings provisions (including the like-count and private-mode requirements) were constitutional. The court also rejected NetChoice’s vagueness arguments and found that any unconstitutional provisions could be severed from the Act.On appeal, the United States Court of Appeals for the Ninth Circuit affirmed most of the district court’s rulings. The Ninth Circuit agreed that NetChoice lacked associational standing for as-applied challenges to the personalized-feed provisions and that the age-verification requirements were unripe. The court held that the private-mode default setting survived intermediate scrutiny, but found that the like-count default setting was a content-based restriction on speech and failed strict scrutiny. The court determined that the like-count provision was severable and ordered the district court to enjoin its enforcement, while affirming the denial of injunctive relief as to the other challenged provisions. View "NETCHOICE, LLC V. BONTA" on Justia Law