The Georgia Court of Appeals ruled that the parents of a seventh-grade student may be negligent for failing to get their son to delete a fake Facebook profile that allegedly defamed a female classmate.
The trouble started in 2011 when, with the help of another student, the boy constructed a Facebook profile pretending to be the girl. He used a “Fat Face” app to make her look obese and posted profane and sexually explicit comments on the page depicting her as racist and promiscuous, according to court documents.
When the girl found out about it, she told her parents who then complained to the school’s principal. The school punished the boy with two days of in-school suspension and alerted his parents, who grounded him for a week.
But for the next 11 months, according to the appeals court opinion, the page stayed up. It wasn’t deleted until Facebook deactivated the account at the urging of the girl’s parents, the opinion said. The girl’s lawyer says the child’s parents didn’t immediately confront the boy’s parents because their school refused to identify the culprit for confidentiality reasons.The full opinion of the court is available here.
The court emphasized that the parents had been notified of their child's online conduct, and pointed out that the nature of online defamation created an ongoing harm to the plaintiffs. From the opinion:
In this case, it is undisputed that Dustin used a computer and access to an Internet account improperly, in a way likely to cause harm, and with malicious intent. The Ahearns contend that they had no reason to anticipate that Dustin would engage in that conduct until after he had done so, when they received notice from the school that he had been disciplined for creating the unauthorized Facebook profile. Based on this, they contend that they cannot be held liable for negligently supervising Dustin’s use of the computer and Internet account. The Ahearns’ argument does not take into account that, as Dustin’s parents, they continued to be responsible for supervising Dustin’s use of the computer and Internet after learning that he had created the unauthorized Facebook profile. While it may be true that Alex was harmed, and the tort of defamation had accrued, when even one person viewed the false and offensive postings, it does not follow that the Athearns’ parental duty of reasonable supervision ended with the first publication.Critics have spoken out against this ruling, arguing that it is undesirable or that the negligence lawsuit should have been barred by section 230 of the Communications Decency Act (CDA). I think that this ruling is far less problematic than the critics have argued, and I explain my reasoning after the break.
Given the nature of libel, the original tortious conduct may continue to unfold as the false and injurious communication is published to additional readers or the defamatory content persists in a public forum without public correction or retraction. With regard to the instant action, we conclude that a reasonable jury could find that, after learning on May 10, 2011, of Dustin’s recent misconduct in the use of the computer and Internet account, the Ahearns failed to exercise due care in supervising and controlling such activity going forward. Given that the false and offensive statements remained on display, and continued to reach readers, for an additional eleven months, we conclude that a jury could find that the Athearns’ negligence proximately caused some part of the injury Alex sustained from Dustin’s actions (and inactions). Accordingly, the trial court erred in granting the Athearns’ motion for summary judgment in part. (footnotes omitted).
At Techdirt, Mike Masnick argues that this ruling is "dangerous," noting that it held the parents "retroactively" liable for their son's prior online activity and that it encourages constant supervision of children's online activity. From Masnick's post:
The idea that they could retroactively be held liable because once they found out about it they only punished him and didn't go further to find and delete the page he created seems awfully troubling. And that's before even getting to the issue of why the liability should be put on the parents anyway. There's this myth out there that parents should supervise any and all computer/internet usage. Not only is that impossible, it's also a bad idea. Yes, parents should help kids learn to use the internet, including some early supervision, but part of learning to do something is learning to do it on your own. That means teaching them about risks and how to deal with them, and encouraging them to ask questions or raise concerns if they find them -- but it shouldn't mean watching over their shoulder every moment online.I think that Masnick's characterization of the parents' liability as "retroactive" is mistaken, or at the very least, misleading. As the Georgia court emphasized, online libel creates an ongoing harm. While a defendant may take a single action of posting something defamatory online, that post may then be viewed by more people which continues to bring the subject of the post into disrepute. The harm is therefore most accurately characterized as an ongoing harm, rather than one single harmful instance. That is why courts like the Texas Supreme Court have been willing to allow remedies that call for the removal of defamatory online content.
Moreover, I don't think that the Georgia case will require parents to constantly monitor their children's online conduct. The court noted that the parents had been notified by the school that their child had posted the defamatory Facebook page, but the parents did nothing to take down the page that they knew existed. This holding can therefore be limited to situations where parents have received explicit notice of their child's online conduct and does not necessarily create a duty of constant monitoring.
Masnick also cites this blog post by Marc Randazza, who argues that the plaintiff's lawsuit seems to be barred by section 230 of the CDA. The relevant provision of the law that would apply is section 230(c)(1), which states: "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." The law goes on to prohibit state tort actions that are inconsistent with section 230's provisions.
Randazza argues that the plaintiffs in the Georgia case were essentially treating the parents as publishers of the defamatory content and that they should therefore be immune from the lawsuit. From his post:
This claim attempts to treat the parents as a liable participants in the tortious conduct. The CDA provides immunity when a plaintiff seeks to hold a defendant liable for tortious conduct based on the fact that the defendant provided the Internet instrumentalities used to commit the tort. See, e.g., Almeida v. Amazon, 456 F.3d 327 (11th Cir. 2006).
In Delfino v. Agilent Techns. Inc., 145 Cal. App. 4th 790, 806 (2006), the California court of appeals found that when an employee used the employer’s computer network to send threatening messages, the employer was not liable. In that case, the court held that although the defendant-employer merely acted as the provider of the computer system, the plaintiff’s tort claims in essence sought to hold the employer liable for the publication of the threatening messages. Id. Therefore, the employer was immune under § 230.
The Georgia Court of Appeals had its first § 230 case this summer. Internet Brands, Inc. v. Jape, 328 Ga. App. 272 (Ga. Ct. App.2014). “The CDA “precludes plaintiffs from holding interactive computer service providers liable for the publication of information created and developed by others.” Id. at 274-75. And, in that case, it recognized (like all other courts before it) that § 230 protection is broad. “[C]ourts have consistently … held that § 230 provides a ‘robust’ immunity, and that all doubts must be resolved in favor of immunity.” Id. at 276 (citations and quote marks omitted).
In this case, the plaintiff does not bring a direct claim of defamation against the parents for creating the content. But, the claims appear to have the same effect as treating them as the publisher of the information based solely upon their role as the provider of the account and hardware for the tortious communications. It is without dispute that the content was provided by another person, namely the son. The son, therefore, is the liable party – not the parents – and under the CDA, any claim to the contrary appears to be barred.Randazza cites two other opinions to support his argument: AF Holdings, LLC v. Doe (Doe I), and a distinct case with the same name, AF Holdings, LLC v. Doe (Doe II). He argues that these two claims support the claim that section 230 would immunize from suit a party that simply provided internet access to a third party that engaged in tortious conduct.
The problem with the cases Randazza cites, and Randazza's argument in general, is that the Georgia lawsuit is a negligence lawsuit against the child's parents for their failure to supervise their child, rather than their negligence as providers of Internet access. Delfino and Doe I state that section 230 immunizes those who simply provides Internet access to third parties who then commit online torts. But Doe I and Doe II emphasize the potential importance that a "special relationship" may have on the liability of third parties that provide Internet access.
Doe II, in fact, reached no holding on CDA immunity because it found that no special relationship existed between the defendant and the third party who had carried out harmful online activity. The Doe II court noted that in cases where the inaction of a party is alleged to have led to harm caused by a third party, there must be some special relationship between the defendant and the third party for the lawsuit to succeed. Doe II held that there is no special relationship between an internet provider and a third party who accesses the internet through the internet provider.
But the Georgia lawsuit does not treat the parents as mere providers of online access. The lawsuit, instead, turns on the special relationship between parents and their children, and the liability that results from this relationship. The Georgia court points out early in its opinion that:
Under Georgia law, liability for the tort of a minor child is not imputed to the child’s parents merely on the basis of the parent-child relationship. Parents may be held directly liable, however, for their own negligence in failing to supervise or control their child with regard to conduct which poses an unreasonable risk of harming others. (footnotes omitted).Unlike the cases Randazza cites to support his argument for section 230 immunity, the Georgia case did not turn on the parents' role as providers of online content -- rather it turns on the parents' role as supervisors of their child. The court's emphasis that this case is one of negligent supervision rather than one of vicarious liability removes the parents from the immunity that section 230 would otherwise provide. Because the question in the Georgia case is one arising from the special parent-child relationship, and the supervisory role that relationship entails, rather than the parents' role of Internet access providers, the parents most likely would not have succeeded had they raised the issue of section 230 immunity.
While this opinion may be more defensible than its critics contend, Boston v. Athearn raises important questions as to how much parents should supervise the online activities of their children. While historic cases of parental liability may involve the limited harm children can cause in the physical world, children's ability to access the internet substantially increases the magnitude of mayhem they may cause. This, in turn, may create an increased burden on parents to supervise their children and prevent the online harm that children can cause.