Important Section 230 Ruling from the Second Circuit–Herrick v. Grindr

This case involves an e-personation attack caused by fake Grindr postings from an ex-boyfriend. The victim claims to have contacted Grindr dozens of times seeking relief, to no avail. The victim sued Grindr for the attack, styling the case as a products liability claim to get around the obvious Section 230 immunity. Nevertheless, the lower court twice ruled for Grindr largely on Section 230 grounds, in a thoughtful and powerful opinion that earned the Technology & Marketing Law Blog’s Judge-of-the-Day award, followed by an even more thoughtful and powerful second opinion. In a non-precedential summary order, the Second Circuit affirms.

Section 23o. The court applies the traditional three-part test for the immunity:

  • ICS Provider/User. Citing the district court, the court says “courts have repeatedly concluded that the definition of an ICS includes ‘social networking sites like, and online matching services like and,’ which, like Grindr, provide subscribers with access to a common server.”
  • Third-Party Content. The plaintiff said he wasn’t suing for third-party content. Instead, he claimed the problem was Grindr’s “management of its users.” We’ve seen similar attempts to get around Section 230 in the Excolo/1800-LAWFIRM suits over social media services’ material support for terrorists, but those arguments have not worked. The argument similarly fails here. The court says the perpetrator’s “online speech is precisely the basis of his claims that Grindr is defective and dangerous. Those claims are based on information provided by another information content provider and therefore satisfy the second element of § 230 immunity.” The plaintiff also made an interesting argument about the app’s publication of geolocation information, but it goes nowhere. The court says “Herrick contends Grindr created its own content by way of the app’s ‘automated geolocation of users,’ but that argument is undermined by his admission that the geolocation function is ‘based on real‐time streaming of [a user’s] mobile phone’s longitude and latitude.’ It is uncontested that Herrick was no longer a user of the app at the time the harassment began; accordingly, any location information was necessarily provided by Herrick’s ex‐boyfriend.”
  • Publisher/Speaker Claims. “Herrick argues that his claims are premised on Grindr’s design and operation of the app rather than on its role as a publisher of third‐party content. However, as the district court observed, Grindr’s alleged lack of safety features ‘is only relevant to Herrick’s injury to the extent that such features would make it more difficult for his former boyfriend to post impersonating profiles or make it easier for Grindr to remove them.’ It follows that the manufacturing and design defect claims seek to hold Grindr liable for its failure to combat or remove offensive third‐party content, and are barred by § 230.” This is a powerful endorsement, and possible extension, of the First Circuit’s Doe v. Backpage ruling on liability for design.

Failure to Warn. The plaintiff argued that failure-to-warn claims aren’t covered by Section 230 per Doe 14 v. Internet Brands. The court says the Internet Brands case didn’t involve the defendant transmitting the harmful content. While this is technically true–the matchmaking in that case took place through offline contacts–it’s a bit misleading because the initial matchmaking in Internet Brands only took place due to the online content (which is why the Ninth Circuit screwed up that ruling). Here, the court says “Herrick’s failure to warn claim is inextricably linked to Grindr’s alleged failure to edit, monitor, or remove the offensive content provided by his ex‐boyfriend; accordingly, it is barred by § 230.” While I agree 100% with the Second Circuit, I suspect the plaintiff will claim this distinction constitutes a circuit split. If this language stands, it becomes a powerful retort to attempted failure-to-warn workarounds to Section 230.

The court adds that any failure-to-warn claim also lack causation because the plaintiff deactivated the Grindr account over a year before the e-personation attack.

Failure to Respond. “To the extent that the claims for negligence, intentional infliction of emotional distress, and negligent infliction of emotional distress are premised on Grindr’s allegedly inadequate response to Herrick’s complaints, they are barred because they seek to hold Grindr liable for its exercise of a publisher’s traditional editorial functions. To the extent that they are premised on Grindr’s matching and geolocation features, they are likewise barred, because under § 230 an ICS ‘will not be held responsible unless it assisted in the development of what made the content unlawful’ and cannot be held liable for providing ‘neutral assistance’ in the form of tools and functionality available equally to bad actors and the app’s intended users.”

Fraud and Negligent Misrepresentation. These claims are based on Grindr’s onsite disclosures. The court says these disclosures don’t “represent that Grindr will remove illicit content or take action against users who provide such content, and the Terms of Service specifically disclaim any obligation or responsibility to monitor user content.” Also, the court says there’s no causation: “Herrick therefore could have suffered the exact same harassment if he had never seen the Terms of Service or created a Grindr account; so his injury is not a ‘direct and proximate result of his reliance on [the alleged] misrepresentations.'”

Promissory Estoppel. This claim fails for lack of detrimental reliance.

False Advertising. A reasonable consumer would not be misled by Grindr’s onsite disclosures when they also said that “Grindr assumes no responsibility for actively monitoring User Content for inappropriate content,” and that “Grindr does not endorse and has no control over the content of User Content submitted by other Users.”


This Has Always Been an Easy Section 230 Case. The plaintiff’s lawyers structured the legal arguments to apply pressure to Section 230’s softest doctrinal spots; and everyone sympathizes with the victim. Despite these pro-plaintiff attributes, this has always been an easy Section 230 case. Indeed, it was so easy the Second Circuit resolved it via a per curiam summary order. At its core, this case has always been about Grindr’s publication of fake dating information by the ex-boyfriend. All of the sophistry and argumentation sought to mask that, but both the district court judge and the appellate judges had no problem clearly seeing this case for what it was.

The Ruling Strengthens Section 230. I believe the plaintiff lawyers hoped to undermine Section 230, but the resulting opinions actually strengthen Section 230. The net impact is unclear because the Second Circuit ruling is not precedential, but it’s still citable and surely will be cited by defendants. Among other things, the opinion provides yet another rejection of the efforts to work around Section 230 by arguing that a service is defectively designed (thus constituting another circuit falling in line behind the First Circuit’s Doe v. Backpage ruling). The court’s phrasing about “neutral tools” being tools equally available to both malefactors and good actors is helpful. Also, the opinion’s collapsing of failure-to-warn claims back into Section 230 will be interesting to defendants. While not a Section 230 issue, the causation conclusions also seem defense-friendly in distributed attacks like the one against the plaintiff.

I imagine the plaintiff will appeal to the Supreme Court, but the odds against cert are prohibitive, so I expect this ruling to stand.

FTC v. LeadClick Helps Section 230 Defendants. In 2016, the Second Circuit issued the FTC v. LeadClick opinion, basically giving the FTC a free pass from Section 230 defenses. It was a troubling Section 230 loss, especially after a nice Second Circuit Section 230 defense win in Ricci v. Teamsters that the LeadClick case virtually ignored. Because of the opinion’s breadth and depth, it raised the specter that the Second Circuit would become the plaintiff’s circuit of choice for Section 230 challenges. This opinion cites the LeadClick opinion four times, all in favor of the defense. While the LeadClick opinion is precedential and this opinion is not, the opinion suggests that LeadClick’s Section 230 ruling may have been an aberration.

Distributed Internet Attacks. The Internet can facilitate vicious online and offline attacks against a victim. These are virtually as old as the Internet; Zeran’s attack was from 1995, and I recently blogged about a modern attack in the Higgins v. Kentucky Sports Radio case. Their ubiquity is a sad reflection of the human condition. Perhaps ironically, Section 230 is more likely part of the solution to these distributed attacks than part of the problem. I’m not sure about Grindr’s efforts to protect Herrick, but most online services feel emboldened to aggressively fight back against attacks because Section 230 insulates those efforts from liability. Without such insulation, the services may be less helpful; or more likely they would  be driven out of the industry altogether.

Case citation: Herrick v. Grindr LLC, 2019 WL 1384092 (2d Cir. March 27, 2019)

(Note: I still have the Ninth Circuit’s terrible Airbnb v. Santa Monica ruling to blog. I needed some crying time before marshaling the energy to blog it).

Other Posts Involving Grindr:

Section 230 Doesn’t Provide a Basis To Remove Cases to Federal Court–A.R.K. v. Grindr
Recapping a Year’s Worth of Section 230 Cases That Got Stuck in My Blogging Queue
Section 230 Protects Grindr From Harrassed User’s Claims–Herrick v. Grindr
Online Dating Services Must Give California Users a “Cooling Off” Period–Howell v. Grindr
Online Dating App Grindr Isn’t Liable For Underage ‘Threesome’–Saponaro v. Grindr