By Jeff Pietsch

On June 30, 2009, the Second District Court of Appeals in Los Angeles affirmed the judgment of a lower court and held that internet servers like MySpace cannot be held liable when minors are sexually assaulted by adults they meet through the website.   The plaintiffs representing the four minor “Julie Does” and their parents or guardians brought suit against MySpace for negligence, gross negligence, and strict product liability claims.  They contend that MySpace should have instituted “reasonable, basic safety precautions” such as using age-verification software or setting the default security on minor’s accounts to “private” to protect minors from sexual predators.  The court, however, found that Section 230 of the Communications Decency Act protects MySpace from liability, and ruled that what the plaintiffs want—to restrict or make available certain material—is expressly covered by Section 230 and provides immunity to MySpace.

The four Julie Does were between the ages of 13 and 15 at the time of their assaults. They met their assailants, men who ranged in age from 18 to 25, through the internet social networking site, (MySpace). Some of the men are already in prison for their assaults, while others are awaiting trial. The plaintiffs alleged that “MySpace has made a decision to not implement reasonable, basic safety precautions with regard to protecting young children from sexual predators.”   The plaintiffs were unsuccessful with this argument in the trial courts, and the lower court ruled that MySpace was protected by Section 230 of the Communications Decency Act, which provides immunity from liability for providers and users of an "interactive computer service" who publish information provided by others. Likewise, websites prone to lawsuits for sex-related ads such as and have been shielded from liability by this law. 

In order to obtain immunity offered by this provision, courts generally apply a three-prong test. MySpace must satisfy each of the three prongs to gain the benefit of the immunity:

  1. MySpace is an interactive computer services provider
  2. MySpace is not an information content provider with respect to the disputed activity, and
  3. Plaintiffs seek to hold MySpace liable for information originating with a third party user of its service.

To get around MySpace’s Section 230 immunity, the Julie Does tried to amend their complaint and took issue with the second and third elements. They stated that their claims were not based on the content posted by other members of the website, arguing that they view MySpace as an information content provider and do not hold it liable for the communications between the Julie Does and the assailants. Rather, the Julie Does focused their main argument on MySpace’s failure to institute reasonable security measures. The trial court found that the plaintiffs had failed to allege sufficient facts to plead around the immunity granted by Section 230, and entered judgments of dismissal in each case. The appeal in the Second District Court of Appeals in Los Angeles consolidates the four Julie Doe vs. MySpace cases and addresses the appellants’ attempts to circumvent the 230 immunity.


The Court of Appeal ruled that MySpace is not an information content provider and thus is immunized by Section 230. The appellants allege that MySpace acted as a content provider when it collaborated with the Does and their eventual attackers to create and then flesh out their MySpace profiles. MySpace urged users to follow on-screen prompts for profile creation such as name, email address, gender, postal code and date of birth, and also encouraged users to enter personal information about schools, interests, personality, background and lifestyle. However, the Court found that these profile questions were “neutral”—not discriminatory, illegal, or otherwise offensive because they were not designed to force subscribers to divulge protected characteristics and discriminatory preferences. Furthermore, MySpace does not require its members to answer the profile questions as a condition of using the site. Thus, because of the voluntariness of the profiles and the lack of illegality in the questions, the Court of Appeal found that MySpace was not a content provider for the profiles at issue and that the Communications Decency Act immunity would apply.


The plaintiffs’ central argument is that they do not “allege liability on account of MySpace’s exercise of a publisher’s traditional editorial functions, such as editing, altering, or deciding whether or not to publish certain material”. Thus, the plaintiffs try to evade the third element of Section 230 immunity by arguing that the harm was caused by the failure to adopt reasonable safety measures and the physical assaults, not from the defendant’s republication of inherently offensive or harmful material. The Court of Appeal found that at its core, the plaintiffs want MySpace “to ensure that sexual predators do not gain access to (i.e., communicate with) minors on its Web site”. The Court stated that this is precisely the type of activity—to restrict or make available certain material—covered by Section 230 of the Communication Decency Act, and held that since the plaintiffs seek to hold MySpace for failing to exercise a publisher’s editorial functions, namely deciding whether to publish certain material or not, Section 230 immunizes MySpace from liability.


Despite the unfortunate circumstances in which the assaults of the Julie Does took place, MySpace is shielded from liability. This decision is a victory for MySpace and other social networking websites susceptible to negligence claims based on a failure to protect their users from the conduct and words of other users.   Although this case may frustrate those who feel that MySpace should be held responsible for creating the circumstances that gave rise to the alleged crimes to occur, California courts seem to interpret Section 230 of the Communications Decency Act broadly to grant immunity in cases like this.