4th Circuit: Section 230 Not a Shield Against FCRA Claims
Communications Decency Act Section 230 isn’t a “license to do whatever one wants online,” the 4th Circuit U.S. Court of Appeals ruled last week, reversing a district court decision and finding a website liable for selling misleading and incomplete information used in background checks.
The court ruled against PublicData.com in Henderson v. the Source for Public Data in docket 21-1678. Public Data gathers public information about individuals -- including criminal and civil records, voting records, driving information and professional licensing -- and shares it online for a fee. The plaintiffs alleged Public Datasells 50 million consumer searches and reports per year. Traffic includes people checking for creditworthiness and potential employers performing background checks.
The 4th Circuit said Public Data doesn’t look for or fix inaccuracies and disclaims responsibility for inaccurate information. The website doesn’t respond to requests to remove or edit the information on the database, the court said. Plaintiffs include Tyrone Henderson, George Harrison and Robert McBride, who represent a class of people in similar situations. They claimed various injuries, including Public Data’s illegal withholding of profile information and negative employment impacts from misleading and incomplete information on the website.
The plaintiffs argued Public Data is subject to the Financial Credit Reporting Act (FCRA) because it produces consumer reports and is a consumer reporting agency as defined by the act. They claimed Public Data violated FCRA by failing to provide copies of the records when requested. The company also violated FCRA when it failed to obtain certain certifications from employers who paid for the reports, and it failed to “maintain proper procedures to ensure accurate information,” the plaintiffs alleged. Public Data can appeal to the Supreme Court. The company and attorneys for the website didn’t comment. Judge Julius Richardson wrote the decision, joined by Judges Steven Agee and Marvin Quattlebaum.
The case was dismissed in May 2021 by the U.S. District Court for Eastern Virginia. The district court found that interactive computer services aren’t liable for content they don’t create. The district court noted Congress didn’t include FCRA as one of its five specific exceptions to Section 230 immunity. The plaintiffs didn’t allege that the website materially contributes information or creates content, so it’s not the publisher, the district court said.
The 4th Circuit disagreed, saying the plaintiffs alleged enough facts to “show that Public Data's own actions contributed in a material way to what made the content at issue in Counts Two and Four inaccurate and thus improper.” Those counts refer to FCRA violations for failing to ensure accurate information. The content provided to Public Data wasn’t inaccurate before it was posted on PublicData.com, meaning the website is responsible for creating the bad information, the court said: “That makes Public Data an information content provider, under the allegations, for the information relevant to Counts Two and Four, meaning that it is not entitled to § 230(c)(1) protection for those claims.”
Section 230 doesn’t “insulate a company from liability for all conduct that happens to be transmitted through the internet,” the court said: The district court “erred by finding that § 230(c)(1) barred all counts asserted against Public Data.”