Ninth Circuit Deals Another Blow to Big Tech’s Campaign for Broad Immunity from Regulation, Allows Parts of California’s Design Code to Go into Effect

Earlier today, the Ninth Circuit issued its third rebuke of NetChoice’s overbroad litigation tactics by reversing, in large part, the preliminary injunction against California’s Age-Appropriate Design Code (the “CAADC”). Specifically, the three-judge Ninth Circuit panel chided NetChoice for repeatedly lodging broad First Amendment challenges to regulations without providing the legal analysis or evidentiary support required under the Supreme Court’s decision in Moody v. NetChoice:

The decision demonstrates yet again that the Supreme Court’s holding in Moody v. NetChoice was far from a punt. For years, NetChoice has sought to secure broad immunity from regulation for tech companies based largely on hypothetical (and often imagined) impacts those regulations would have on tech companies’ vaguely-defined speech interests. The Moody decision should have put a stop to that practice. But NetChoice has thus far refused to comply with the Court’s directive to make its constitutional challenges more concrete, instead cooking up ever more fantastic arguments for why tech regulation is broadly inconsistent with the First Amendment. This fourth appellate rebuke of NetChoice ought to be a clear signal that its quest for broad immunity rules for Big Tech has failed.

The Ninth Circuit concluded that:

• NetChoice did not convincingly show that the CAADC’s coverage definition, which includes online products and services “likely to be accessed by children,” was facially invalid under the First Amendment as a content-based restriction on speech (reversing the district court’s holding agreeing with NetChoice);
• NetChoice did not show that the CAADC’s age estimation provision facially violated the First Amendment because the provision “says nothing about restricting content on its face,” NetChoice did not even attempt to build a record showing any applications where the age estimation provision would block access to content, and applying heightened privacy protections to all users may, in fact, mitigate any potential access issues from age estimation (again reversing the district court’s assumption that the provision would impact access to content);
• The data protection and dark patterns provisions are unconstitutionally vague because the specific language used, like “best interest of children” and “materially detrimental to the physical health, mental health, or well-being of a child” do not “provide any guidance as to the breadth of conduct” the law may reach;
• NetChoice failed to establish that the remaining provisions are not severable from the data protection impact assessment requirement that the Court enjoined in its previous decision.

The injunction against the CAADC’s data protection and dark patterns provisions is but a small victory for NetChoice—and very far from the broad immunity rule the group has continuously sought in this litigation. The Ninth Circuit panel only found that certain terms in the data protection and dark patterns provisions were unconstitutionally vague, not that the provisions burdened companies’ speech interests. The California legislature could amend the law to remove the vague language while leaving the key substance of the provisions—data minimization, use limits, manipulation prohibitions—intact. The “best interest of children” language would be especially easy to extract, as it is only found in exceptions to the law’s requirements, not the substantive parts of the provisions themselves. What’s more, recent iterations of the age-appropriate design code—like in Vermont, Nebraska, and South Carolina—do not use these vague terms, and so NetChoice cannot easily use this ruling to argue against their constitutionality.

The Ninth Circuit’s decision today allows parts of the CAADC to go into effect, including important limits on companies’ collection, use, sale, and disclosure of minors’ geolocation data. The decision is also a good sign for the future enforceability of design codes more generally. And, perhaps, NetChoice will finally get the message that they cannot get away with broad, unsupported, hand wavy constitutional challenges anymore. 

EPIC routinely coordinates and files amicus briefs in important platform accountability cases (including four in this case) and advises legislators on constitutional means of regulating harmful platform design. EPIC recently published a model design code that takes into consideration lessons learned from litigation over the CAADC and other tech regulations.