SEC’s Proposed Guidance on Hyperlinking Contravenes 47 USC 230

By Eric Goldman

In August, I blogged about the SEC’s most recent guidance regarding companies’ liability for linking to third party content. Today, I submitted comments to the SEC pointing out that their general position regarding linking contravenes 47 USC 230 with respect to civil lliability. (I believe the SEC guidance also pertains to SEC criminal enforcement actions, and those would not be preempted by 230). Unfortunately, I ran out of time to attack the overall illogic of trying to treat outlinks as the basis of liability in any circumstance. That will have to wait for another day. You can read my comments in PDF (that’s the best because of the formatting and footnotes). Or, you can read the comments below.


November 5, 2008


Securities and Exchange Commission

100 F Street, NE

Washington, DC 20549-1090

Re: File No. S7-23-08, Commission Guidance on the Use of Company Web Sites

I am an Associate Professor at Santa Clara University School of Law and Director of the school’s High Tech Law Institute.[FN1] My research focuses on Internet law, especially Internet marketing law and search engine law. I have taught an Internet law course every year since 1995-96, and I practiced as an Internet lawyer in the Silicon Valley for 8 years before becoming a full-time professor.

My comments pertain to Section II(B)(2) of Release No. 34-58288. I write to point out that 47 U.S.C. §230 preempts the SEC’s imposition of civil liability for hyperlinked material.

In 1996, Congress enacted 47 U.S.C. §230 to immunize websites and other online entities from liability for third party content. §230(c)(1) says:

No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

As the statute’s plain language indicates, the SEC cannot treat a company as the publisher or speaker of third party online content under any circumstance. As applied to the SEC’s proposed guidance, §230 means that the SEC cannot hold companies responsible for any content they hyperlink to.[FN2] Although I am not aware of a §230 case that specifically addressed hyperlinked content,[FN3] the case law has been virtually unanimous that websites are not responsible for third party content even when they exercise significant editorial control over the content. For example:

• In D’Alonzo v. Truscello, 2006 Phila. Ct. Com. Pl. LEXIS 244 (Phila. Ct. C.P. 2006), a blogger copied the entire contents of a newspaper article and republished those contents, apparently without authorization, on his blog. The newspaper article was allegedly defamatory (and the newspaper retracted it), but §230 immunized the blogger from any defamation liability even though the blogger affirmatively republished the article.

• In Barrett v. Rosenthal, 40 Cal. 4th 33 (2006), an email list operator made the editorial decision to forward a third party’s allegedly defamatory email to the entire email list. The California Supreme Court held that the email list operator was not liable for defamation for forwarding the email.

• In Blumenthal v. Drudge, 992 F. Supp. 44 (D.D.C. 1998), AOL was not liable for republishing a contractor’s allegedly defamatory content even though AOL had the express contractual right to exercise editorial control over the content.

Although these cases all involved defamation claims, the statute is not limited to those. Instead, §230 preempts all civil causes of action based on third party online content[FN4] —even causes of action enforced by the SEC—unless otherwise specified in §230(e).[FN5]

Further, the immunization applies even when a website explicitly or implicitly “adopts” the third party content. For example, in Global Royalties, Ltd. v. Xcentric Ventures, LLC, 2007 WL 2949002 (D. Ariz. 2007), a website was not liable for continuing to publish third party content that the author had asked the website to withdraw, even if the website had “adopted” the content as its own.;[FN6] Accordingly, the SEC’s standards for “adoption” of third party content may need some revamping for the online context.

Finally, §230 may protect websites’ self-authored characterizations when third parties cause those statements to become untrue. For example, in Doe v., 502 F. Supp. 2d 719 (N.D. Ohio 2007), §230 immunized a website’s marketing representation that all of its users were over 18 when a user rendered that statement false by lying about her age.[FN7]

Therefore, the SEC’s proposed guidance may contravene §230 to the extent that it tries to establish civil liability based on a company linking to third party content or for the company’s characterizations of that content. I encourage the SEC to consider revising Section II(B)(2) to reflect §230 and, as appropriate, acknowledge that companies do not face civil liability for hyperlinking to third party content.

I appreciate the opportunity to submit these comments, and I would be happy to elaborate on them further if that would be helpful. Thank you for your consideration.

Respectfully submitted,

Eric Goldman

Associate Professor, Santa Clara University School of Law

Director, High Tech Law Institute

500 El Camino Real

Santa Clara, CA 95053

(408) 554-4369


1. I am speaking only for myself. I provide my affiliation for identification purposes only.

2. See, e.g., Christopher J. Volkmer, HyperLinks to and from Commercial Websites, 7 COMP. L. REV. & TECH. J. 65, 67-68 (2002).

3. The most analogous precedent that came to mind is Smith v. Intercosmos Media Group, Inc., 2002 U.S. Dist. LEXIS 24251 (E.D. La. 2002), which held that a domain name registrar was not liable for an allegedly defamatory website hosted at a domain name registered by its customer. Also analogous is Doe v. MySpace Inc., 528 F.3d 413 (5th Cir. 2008), which held that MySpace was not liable for tortious conduct (sexual abuse) that took place beyond its “premises,” even though the parties had met each other and communicated via the website.

4. See, e.g., Ben Ezra Weinstein & Co. v. Am. Online Inc., 206 F.3d 980 (10th Cir. 2000) (AOL was not liable for publishing inaccurate stock information provided by third parties).

5. §230(e) excludes federal criminal law from the §230(c) immunizations, so §230 does not preempt the SEC’s criminal laws. However, civil claims based on those laws are preempted. See Doe v. Bates, 2006 WL 3813758 (E.D. Tex. 2006); cf. Voicenet Commc’ns, Inc. v. Corbett, 2006 WL 2506318 (E.D. Pa. 2006).

6. However, I should note that the recent en banc opinion, which addressed facts the SEC is unlikely to encounter, has some ambiguous but arguably contrary discussion regarding adoption of third party content. See Fair Hous. Council of San Fernando Valley v., LLC, 521 F.3d 1157 (9th Cir. 2008). Similarly, I am not addressing the application of 47 U.S.C. §230 to the SEC’s “entanglement” discussion.

7. See also Prickett v. infoUSA, Inc., 561 F. Supp. 2d 646 (E.D. Tex. 2006) (§230 immunized information syndicator for its representation that it had verified the syndicated information); Mazur v. eBay Inc., 2008 WL 618988 (N.D. Cal. 2008) (§230 immunized eBay for its representation that its live auction service vendors were screened). But see Anthony v. Yahoo! Inc., 421 F. Supp. 2d 1257 (N.D. Cal. 2006) (§230 does not immunize the dissemination of expired dating profiles with the implicit representation that they were still active); Mazur v. eBay Inc., 2008 WL 618988 (N.D. Cal. 2008) (§230 does not immunize marketing representations that live bidding is “safe,” is conducted against “floor bidders” and involves “international” auction houses).