Top Internet Law Developments of 2018

My schedule tends to get busy around each new year, so my year-end recaps keep coming later and later. I hope it’s better late than never.

It’s been a rough year for Internet law. As I tweeted in June:

If you can’t read it:

When future historians write the Internet’s history, Spring 2018 will mark the turning point when regulators stopped giving a fuck about the Internet’s potential as a dynamic, open & innovative platform #FOSTA #GDPR #CCPA 😢😢😢

This broad dynamic in Internet law didn’t make my top 10 list explicitly (though FOSTA, GDPR and CCPA all rank highly), but it’s a sign of 2018’s historical significance.

#10: Politicians blocking constituents on social media. Politicians love the unfiltered broadcast capability of social media, but some of them hate getting unfiltered constituent feedback. So politicians keep blocking their constituents on social media, and courts keep declaring the blocks unconstitutional. If your job is to represent constituents that you don’t actually want to hear from, find a new line of work.

#9: Competitive keyword lawsuits are stupid…and possibly illegal. Each year I want to declare this topic dead, only to find it keeps cropping up again. Perhaps 2018 will drive the final nail in the coffin due to the FTC’s determination that 1-800 Contacts engaged in anti-competitive practices by systematically restricting its competitors’ ability to bid on its trademarks. Lawsuits over competitive keyword advertising have always been a bad business decision. Now, they are also legally ill-advised.

#8: Internet taxes. In the South Dakota v. Wayfair case, the Supreme Court opened up the door to states taxing online sales by non-residents. If Congress doesn’t intervene, expect a taxation tsunami.

#7: Failure of the lawsuits claiming that social media services support terrorism. Social media providers are not liable for the fact that terrorists use their tools. Nine different courts have confirmed that.

#6: EU Copyright Directive. The EU Copyright Directive has had more dramatic twists than a soap opera. You know the cliche: the good-looking but perpetually self-destructive character who consistently makes poor choices that prompts the audience to scream at the screen, “NOOOO…don’t do it!”

It’s a slight overstatement to say that the EU Copyright Directive’s mandatory filter and link tax would be the death of the Internet. More accurately, the directive would likely only cause the death of the European Internet. The mandatory filter requirement would likely eliminate most user-generated content in Europe. In its place, Europe will actualize the dystopian counterfactual vision of the Internet from the 1990s, when many people expected the Internet to replicate the 1990s cable system, with a few large content owners broadcasting paywalled content to passive viewers. The Internet has evolved into something greater than that, but can it stay that way? Has Europe already planted enough regulatory seeds that the European Internet will inevitably devolve in a cable-style collection of a few large walled gardens, even if the EU Copyright Directive is defeated?

#5: USMCA and Internet Immunity. Section 230 has always been an idiosyncratic American thing, a natural extension of our idiosyncratic First Amendment. So it was remarkable that NAFTA 2.0, the USMCA, embraced Section 230 and exported its pro-free speech policy to Mexico and Canada. Though we’re years away (at best) from Canada or Mexico actually doing anything different, it’s a small glimmer of hope that a user-powered Internet might survive a little longer, even if only in the North American region.

#4: GDPR. The passage of the California Consumer Privacy Act implicitly burnished the GDPR’s reputation as a privacy regulation. As bad as the GDPR is—and it’s bad—the GDPR sometimes looks attractive when compared to the even-more-terrible CCPA. But let’s not over-romanticize the GDPR. It is unquestionably an innovation-killer. It raises significant entry barriers and imposes significant ongoing compliance costs. It ossifies the business environment and privileges existing incumbents over stifled start-ups. I expect we’ll see a steady stream of empirical studies confirming that dynamic. The GDPR has also accelerated the splinternet phenomenon, as businesses outside the EU “opt out” of the GPDR by blocking EU-based users, creating geographically divergent Internets–and realities.

#3: FOSTA. FOSTA is heart-breaking policy because it doesn’t appear to benefit anyone. In ways that were entirely predictable—and predicted—to Congress in advance, FOSTA appears to hurt, rather than help, sex trafficking victims and commercial sex workers, and it shrunk the Internet and undermined free speech. A truly sad outcome for everyone.

#2: California Consumer Privacy Act. The CCPA is the first comprehensive privacy law in the US, but it was produced by a terrible process that resulted in a predictably terrible law that will hurt the California economy and much more. It never ceases to amaze me how many California privacy lawyers really hate the law—even though they should be the law’s natural allies because they already survived GDPR compliance, plus the CCPA will benefit them financially. The CCPA won’t be fixed because the legislature doesn’t have the capacity or appetite to give it the necessary attention, and some privacy advocates have embraced the law despite its many flaws. Instead, the only remaining way to “fix” the CCPA is with a preemptive federal law, which shouldn’t give you much optimism given Congress’ dysfunction.

#1: Perceived online service bias against “conservatives.” In a “normal” year, the GDPR, FOSTA, and CCPA all would have been strong contenders for #1 on this list. But they were upstaged this year by an even more pernicious regulatory dynamic. Many conservatives believe that Internet services are “biased” against them, and they are fighting back vigorously on multiple fronts, including the courts, legislatures, and Trump’s Twitter timeline. Lawsuits in this genre include Mezey v. Twitter, Dehen v. Doe, Prager U v. Google, Brittain v. Twitter, and Kimbrell v. Twitter. Legislation in this genre include Arkansas Bill HB1028 and a federal bill from Rep. Gohmert, plus numerous confidence-undermining legislative hearings. The perceptions of anti-conservative bias are usually based on a combination of cherry-picked anecdotes and paranoia, so they are dangerously afactual. Furthermore, the Internet services are routinely asked to make sometimes-fine distinctions between “legitimate” “conservative” views that add to the discourse from “illegitimate” discriminatory hate speech that corrode the entire community and should be squelched. Yet, the pity-me persecution complex has the capacity to destroy the Internet. Internet services are already overreacting by treading more cautiously with respect to content that conservatives might support. It’s also accelerating support for legally requiring “neutrality” or “must carry” obligations, which would take away the Internet services’ ability to manage the crazies and thereby destroy the Internet. The Internet needs curation and filtration, but those efforts inevitably lead to accusations of “bias” by someone. We can’t let those accusations win. 

Honorable mentions

* The Trump Administration’s terrible information security practices. Hillary Clinton’s alleged bad infosec practices were a signature and likely dispositive issue of the 2016 presidential elections. Yet, Trump and his affiliates have consistently appalling infosec practices, including the use of insecure email servers and insecure cellphones. It’s almost like Hillary was subjected to a double standard.

* End of Net Neutrality. Net Neutrality has had nearly as many dramatic twists as the EU Copyright Directive. I’m not sure what the future holds, but I do know that telcos will act like monopolistic pigs if given the chance.

* Daniel v. Armslist. A goofy Wisconsin appellate ruling indicated that Section 230 only applied to defamation cases. The case is now pending before the Wisconsin Supreme Court. I hope they get it right.

Spanski v TV Polska. One way of reading this case is that online publishers must use geoblocking if they want to avoid copyright liability in foreign countries. Another splinternets case.

* Fox v TVEyes. Copyright owners can shut down online archives if they don’t like being subject to critical scrutiny. A good example of how courts may underappreciate the value and complexity of content aggregation.

* ABS v. CBS. Remastering songs doesn’t reset copyright protection.

Eichenwald v. Rivello. Perhaps the most interesting case of the year. Can software code sent over the Internet cause a battery? Maybe.

* Music Modernization Act. Most of it was inside baseball, but the law contains an interesting if limited attempt to statutorily accommodate orphan works.

* Goldman v. Breitbart. If this case stands, in-line linking may be doomed.

* Hassell v. Bird. A good Section 230 result rendered inscrutable by Justice Kruger’s swing-vote opinion. 

My Writings This Year

I had a busy 2018, and I thought I’d share with you some of the results:

Academic Articles

Emojis and the Law, 93 Wash. L. Rev. 1227 (2018)

Advertising Law: Cases and Materials (4th edition 2018) (with Rebecca Tushnet)

Judicial Resolution of Nonconsensual Pornography Cases (with Angie Jin), 14 I/S: J.L. & Pol’y for the Info. Society 283 (2018)

Internet Law Cases and Materials (July 2018 edition)

Emojis and Intellectual Property, WIPO Magazine, June 2018, at 32 (with Gabriella Ziccarelli)

Of Course the First Amendment Protects Google and Facebook (and It’s Not a Close Question), a response to Heather Whitney’s paper, Search Engines, Social Media, and the Editorial Analogy, Knight First Amendment Institute’s Emerging Threats series, February 2018


A Look At One Law School’s Privacy Certificate Employment Outcomes, IAPP Privacy Advisor, Sept. 25, 2018

The California Consumer Privacy Act Should Be Condemned, Not Celebrated, IAPP Daily Dashboard, July 27, 2018

It’s Time to Talk About Internet Companies’ Content Moderation Operations, Techdirt, January 28, 2018


Letter to the Food & Drug Administration regarding the Use of the Names of Dairy Foods in the Labeling of Plant-Based Products (FDA-2018-N-3522), November 2018 (with Kim Boyle)

Letter to Florida Bar regarding proposed amendments to Rule 4-7.13 and lawyers’ use of competitive keyword advertising, November 2018 (with Lyrissa Lidsky)

Letter to Florida Bar regarding proposed amendments to Rule 4-7.13 and lawyers’ use of competitive keyword advertising, July 2018 (with Lyrissa Lidsky and Rebecca Tushnet)

Letter to NAFTA negotiators regarding NAFTA and Internet Immunity, January 2018

Lists from prior years

Previous top 10 lists from 20172016201520142013201220112010200920082007 and 2006. Before that, John Ottaviani and I put together a list of top Internet IP cases for 20052004 and 2003.