Herrick v. Grindr, LLC, No. 18–396 concerns whether § 230 of the Communications Decency Act immunizes a dating app from liability for failing to regulate egregious and harassing conduct taking place on its platform. The New York Supreme Court entered a Temporary Restraining Order (TRO) compelling the dating app to disable impersonating profiles of the plaintiff. Afterwards, the case was moved to federal court. The Southern District of New York denied the plaintiff’s attempt to extend the New York Supreme Court’s TRO. The District Court held that § 230 of the Communications Decency Act shielded Grindr from liability on many of the charges. The Court then granted Grindr’s motion to dismiss the case. This case is now on appeal before the U.S. Court of Appeals for the Second Circuit.
This case arose when Plaintiff Matthew Herrick’s former partner repeatedly used Grindr, a dating app, to impersonate and harass Herrick. After Herrick ended his relationship with the partner in October 2016, the partner created fake profiles impersonating Herrick on Grindr. The profiles communicated with other men on the platform, falsely informing men of Herrick’s interest in hardcore rape fantasies and role play. The partner also directed potential suitors to Herrick’s home and workplace for sexual intercourse. Herrick alleged that some of these suitors physically assaulted and threatened Herrick and his friends and co-workers. Herrick had notified Grindr of the impersonating accounts and the resulting harassment approximately one hundred times. Grindr has done nothing in response, except return reports and complaints with automated responses.
New York Supreme Court
Herrick filed a pro se complaint for a Temporary Restraining Order against Grindr with the New York Supreme Court on January 27, 2017. On the same day, the Supreme Court entered a TRO compelling Grindr to “immediately disable all impersonating profiles created under Plaintiff’s name or with identifying information relating to Plaintiff, Plaintiff’s photograph, address, phone number, email account or place of work.” The original complaint also included claims of intentional and negligent infliction of emotional distress, failure to warn, as well as negligent misrepresentation and deceptive business practices and false advertising under the New York General Business Law § 349-50.
U.S. District Court for the Southern District of New York
On February 8, 2017, Grindr removed the action to the Southern District of New York based on diversity jurisdiction. Herrick subsequently moved to extend the Supreme Court’s TRO, which the District Court denied, holding that § 230 of the Communications Decency Act shielded Grindr from liability on the charges of negligence, failure to warn, and negligent infliction of emotional distress.
Herrick based his claims of negligent misrepresentation and deceptive business practices and false advertising on Grindr’s advertisements which represented Grindr as a “safe space,” arguing that he originally signed up for Grindr in 2011 because he believed these representations. The District Court denied these claims as the basis for a TRO, holding that the causal nexus between Herrick’s reliance on Grindr’s representations and his injury to be too attenuated and remote.
Herrick filed an amended complaint on March 31, 2017, alleging that Grindr is responsible for impersonating profiles because users can easily manipulate and misuse the app and because Grindr has not taken adequate steps to stop the impersonating profiles. The amended complaint alleged the claims of the original complaint, as well as additional causes of action for products liability, negligent design, promissory estoppel and fraud, and copyright infringement. Grindr moved to dismiss the case, and this motion was granted with prejudice (except as applied to the copyright claim, which Herrick was given leave to amend) on January 25, 2018.
Herrick filed an appeal to the U.S. Court of Appeals for the Second Circuit on February 9, 2018.
EPIC has a strong interest in protecting consumer privacy rights online, including social media information, and ensuring this data is not improperly disclosed to third parties. EPIC closely monitors the use of advanced tracking techniques that enable companies like Facebook and Google to track users browsing habits, collecting a wealth of personal data about users that the businesses use to develop and sell profiles or deliver targeted advertisements. EPIC has done extensive work in the areas of online tracking and behavioral profiling, including urging the FTC to limit the use of cross-device tracking, whereby companies track consumers across their smartphones, laptops, tablets, and other internet-connected devices. EPIC also supports proposals to impose technological limits on the tracking of third-party web browsing history.
EPIC has filed amicus curiae briefs in support of consumers alleging that their rights have been violated by third parties. In Smith v. Facebook, the Ninth Circuit considered whether Facebook’s tracking of users’ visits to medical websites violates California and Federal privacy laws. EPIC argued that generic notice is insufficient toe stablish meaningful consent to the detailed tracking of users’ web browsing history.
In In Re Nickelodeon, a case arising under the Video Privacy Protection Act, the plaintiffs alleged that — children who visited the website Nickolodeon.com – were subject to tracking by Viacom, the company managing the website, and Google, and that these companies collected their personal information in connection with online views of video content. EPIC argued in its brief that the definition of “Personally Identifiable Information” (of “PII”) in the VPPA is purposefully broad to protect against the very type of privacy abuses at issue in the case.
EPIC has also previously challenged Facebook’s privacy policies—in particular their requiring that users disclose certain personal information—in a complaint with the FTC. The FTC subsequently brought legal action against Facebook for unfair and deceptive business practices, and entered into a consent decree in 2011 following EPIC’s complaint.
U.S. Court of Appeals for the Second Circuit, No. 18-396