The Consumer Financial Protection Bureau (CFPB), Federal Trade Commission (FTC), and North Carolina Department of Justice filed an amicus brief today with the U.S. Court of Appeals for the Fourth Circuit to urge the Court to overturn a problematic District Court decision that would undermine the Fair Credit Reporting Act (FCRA) by granting immunity to consumer reporting agencies under Section 230 of the Communications Decency Act. The case is Henderson v. The Source for Public Data, L.P.
Reporting has extensively documented how e-commerce marketplaces have become havens for counterfeit and unsafe goods, and that some platforms wipe their hands of responsibility by claiming Section 230 immunizes them from liability.1 The argument is not only wrong as a matter of law, but it also forces honest businesses, especially local brick-and-mortar stores, to compete with platforms operating under a different set of rules.
However, the risk of tech companies claiming sweeping immunity under Section 230 goes beyond e-commerce platforms. The facts in Henderson demonstrate that companies are similarly trying to use Section 230 to gain immunity from traditional banking and finance laws. We are concerned that if tech companies circumvent consumer and banking laws, using Section 230 and other tactics, it will give a free pass to some, undermining fair competition.
President Nixon signed the Fair Credit Reporting Act into law in 1970. The law arose from the legitimate fear that computer technology would result in “a nationwide data bank covering every citizen.”2 The statute has a number of important accuracy, dispute process, and anti-surveillance protections that are intended “to prevent consumers from being unjustly damaged because of inaccurate or arbitrary information,” and “to prevent an undue invasion of the individual’s right of privacy.”3
Henderson involves a background check company that obtains and assembles publicly available information including criminal records into background check reports that it sells to employers and others. Companies like these have long been considered consumer reporting agencies governed by the FCRA, and the fact that a company offers its products through a website or delivers data online does not change that. But the Defendant in Henderson successfully argued, at the District Court level, that it was an “interactive computer service” and that because inaccuracies in its consumer reports originated with state agencies and courthouses, it should be immune from all liability under the FCRA, including the provisions that only apply to consumer reporting agencies.
Lawyers at the CFPB, FTC, and NC DOJ have expertly rebutted these arguments in the amicus brief filed in court today. The brief is worth reading in full, but it is worth noting that the Defendant is trying to use Section 230 in a manner that is much broader than the typical understanding of that statute. Typically, Section 230 is used to immunize interactive computer services for illegal and tortious conduct of others who use the platform. But this case is different. The Plaintiff is not trying to hold the Defendant liable for the FCRA violations of someone using its platform. To the contrary, the FCRA provisions at issue in this case exclusively apply to consumer reporting agencies just like the Defendant. This case highlights a dangerous argument that could be used by market participants to sidestep laws expressly designed to cover them. Across the economy such a perspective would lead to a cascade of harmful consequences.
As tech companies expand into a range of markets, they will need to follow the same laws that apply to other market participants. The CFPB and FTC will be closely scrutinizing tech companies’ efforts to use Section 230 to sidestep applicable laws and will seek to ensure that this legal shield is not being used or abused to gain an undue competitive advantage over law-abiding businesses.