CFPB, FTC, and North Carolina argue public records website does not qualify for Section 230 immunity
On October 14, the CFPB, FTC, and the North Carolina Department of Justice filed an amicus brief in support of the consumer plaintiffs in Henderson v. The Source for Public Data, L.P., arguing that a public records website, its founder, and two affiliated entities (collectively, “defendants”) cannot use Section 230 liability protections to shield themselves from credit reporting violations. The case is currently on appeal before the U.S. Court of Appeals for the Fourth Circuit after a district court determined that the immunity afforded by Section 230 of the Communication and Decency Act applied to the FCRA and that the defendants qualified for such immunity and could not be held liable for allegedly disseminating inaccurate information and failing to comply with the law’s disclosure requirements.
The plaintiffs alleged, among other things, that because the defendants’ website collects, sorts, summarizes, and assembles public record information into reports that are available for third parties to purchase, it qualifies as a consumer reporting agency under the FCRA. According to the amicus brief, the plaintiffs’ claims do not seek to hold the defendants liable on the basis of the inaccurate data but rather rest on the defendants’ alleged “failure to follow the process-oriented requirements that the FCRA imposes on consumer reporting agencies.” According to plaintiffs, the defendants, among other things, (i) failed to adopt procedures to assure maximum possible accuracy when preparing reports; (ii) refused to provide plaintiffs with copies of their reports upon request; (iii) failed to obtain required certifications from its customers; and (iv) failed to inform plaintiffs they were furnishing criminal information about them for background purposes. The defendants argued that they qualified for Section 230 immunity. The 4th Circuit is now reviewing whether a consumer lawsuit alleging FCRA violations seeking to hold a defendant liable as the publisher or speaker of information provided by a third party is preempted by Section 230.
In their amicus brief, the CFPB, FTC, and North Carolina urged the 4th Circuit to overturn the district court ruling, contending that the court misconstrued Section 230—which they assert is unrelated to the FCRA—by applying its immunity provision to “claims that do not seek to treat the defendant as the publisher or speaker of any third-party information.” According to the brief, liability turns on the defendants’ alleged failure to comply with FCRA obligations to use reasonable procedures when reports are prepared, to provide consumers with a copy of their files, and to obtain certifications and notify consumers when reports are furnished for employment purposes. “As the consumer reporting system evolves with the emergence of new technologies and business practices, FCRA enforcement remains a top priority for the commission, the Bureau, and the North Carolina Attorney General,” the brief stated. “The agencies’ efforts would be significantly hindered, however, if the district court’s decision  is allowed to stand.”
Newly sworn-in CFPB Director Rohit Chopra and FTC Chair Lina M. Khan issued a joint statement saying “[t]his case highlights a dangerous argument that could be used by market participants to sidestep laws expressly designed to cover them. Across the economy such a perspective would lead to a cascade of harmful consequences.” They further stressed that “[a]s tech companies expand into a range of markets, they will need to follow the same laws that apply to other market participants,” adding that the agencies “will be closely scrutinizing tech companies’ efforts to use Section 230 to sidestep applicable laws. . . .”