By Sarah Berent

Gone are the days of the travel agent. The Internet has enabled all of us to plan a multi-destination vacation in our pajamas. Also gone are the days of relying on professionals for hotel reviews. Now countless Internet sites invite ordinary people to post reviews regarding their hotel stay. Instead of relying on reviewer’s one opinion, we have hundreds, even thousands! How wonderful, right?

Not according to the subjects of bad reviews posted on travel websites.

A recent article posted on MSNBC.com claims that over 700 hoteliers and vacation agencies have teamed up with British company KwikChex to initiate a lawsuit in the United States against popular travel review website, TripAdvisor, for publishing defamatory reviews. KwikChex, whose clients include companies in the travel and hospitality industries, is in the business of protecting its clients’ online reputation and has led the offense against TripAdvisor, posting notice of a Group Defamation Action against the website back in August. KwikChex is arguing that the travel website is responsible for the postings of false and malicious reviews and is insisting it remove the negative reviews and implement screening procedures to catch clearly erroneous reviews.

No official legal action has been taken as of yet, and the likely reason for this is the almighty Communications Decency Act of 1996 (CDA), which offers immunity to websites that host third party content against any legal claims stemming from the actual content of the third party posts.

News outlets have picked up this story, and even cite the CDA, but fail to explore how the Act has been applied in similar situations. They also fail to ask: Are these hotels crybabies for complaining about their bad reviews or do they have valid grounds to sue?

Well, the portion at issue of the Communications Decency Act of 1996 is Section 230(c): Protection of “Good Samaritan” Blocking and Screening of Offensive Material. The Act distinguishes between “interactive computer services”, websites that host outside content, and “information content providers”, websites that actually create and develop original content. An interactive computer service is not considered a “publisher” of any hosted information, and so is granted immunity from any civil liability attributed to editorial functions. No such immunity exists for information content providers, who are responsible for the content they create.

TripAdvisor is a website most known for its user reviews of hotels throughout the world. The operative term here is “user” meaning that all the content generated about the different hotels are created and developed by users, third parties – probably people like you and me – who are reviewing hotels we frequent. Therefore TripAdvisor would be considered an “interactive computer service” immune from liability.

A 1997 case, Zeran v. AOL, decided right after the CDA’s enactment, found Internet provider America Online (AOL) immune from liability after anonymous users repeatedly posted the plaintiff’s phone number as the contact for an offensive business on one of AOL’s message boards. The court found AOL to be an “interactive computer service” and held that there is no liability for the exercise of editorial control over third party content such as “deciding whether to publish, withdraw, postpone or alter content.”

It would be impossible to have interactive computer services monitoring every single post on their sites without restricting free speech, as many have millions of subscribers. Another reason for the blanket immunity for interactive computer services: Congress did not want to create disincentives to self-regulate. Before the CDA’s enactment, a previous case Stratton Oakmont v. Prodigy, found an Internet site strictly liable for defamatory third party postings because the website acted like a publisher when it screened and edited other postings. Congress explicitly repudiated this decision in the CDA’s legislative history by encouraging websites to screen offensive third party postings without fear of being held liable for their sites’ contents.

A 2010 case interpreting Section 230 of the CDA, Black v. Google, went even further.

Here, the court refused to extend liability over an alleged harmful and defamatory review regarding the plaintiffs’ business on the defendant’s site. The court explained that regardless whether or not Google’s programming aided in the posting of the defamatory comment –or whether Google was proven to have endorsed the comment –Google would still be protected under Section 230 because the plaintiff was effectively trying “to hold Google liable for content generated by a third party.” The court also rejected the plaintiff’s claim that Google must institute a “dispute resolution” system designed to handle these type of concerns, stating that immunity is not lost because a website failed to take remedial action.

On the issue of the defamatory posts, well-established case law interpreting the CDA pretty much prevents a successful lawsuit against TripAdvisor.

But a 2009 ruling, Barnes v. Yahoo!, allowed a plaintiff to sue Internet company Yahoo! for publishing a fake and defamatory user profile bearing the plaintiff’s name despite the protections of Section 230.

The Barnes case relied on the theory of promissory estoppel.

In this case, the plaintiff’s ex-boyfriend created an unauthorized profile complete with the plaintiff’s real name, contact information and (real) nude pictures. He then posted messages, through this profile, on Yahoo’s chat rooms soliciting sex. The plaintiff, inundated both at work and home with calls for sex, contacted Yahoo approximately four times in attempt to dismantle the profile without success until a local news show decided to report a story about her ordeal.

The day before the program was set to air, the plaintiff received a call from Yahoo’s Director of Communications who promised that Yahoo would take down the profile. The plaintiff relied on this promise and did not take any legal action. (It is unclear whether the news program ever aired or not). But two months passed without the profile being taken down and the plaintiff subsequently brought suit.

The court found that Section 230 of the CDA would not prevent the plaintiff from suing Yahoo under promissory estoppel. This theory of contract law is invoked when there is a promise made which foreseeably induces conduct and results in reliance on the promise, inducing someone to substantially change his position. The court reasoned that Yahoo’s Director of Communication made a promise to the plaintiff, which she relied on, resulting in her decision to forego taking legal action.

With regard to TripAdvisor, if any of the hotels can prove that TripAdvisor reneged on an explicit promise to remove any offending reviews, and that they relied on this promise and changed their course of action in the expectation of the promise’s fulfillment, then the hotel might have a case under promissory estoppel. This is a highly fact specific course of action and a seemingly unlikely scenario. If anything, it might signal that courts are willing to sidestep the CDA’s broad grant of immunity if the facts indicate a high showing of inequity.

Interestingly, there were reports that TripAdvisor had gone beyond the CDA’s sphere of immunity by sending out “hotel horror stories” emails to its users. Whether or not this is of legal import will depend on the actual content of those emails- whether or not TripAdvisor independently added anything new or just rehashed a bunch of bad reviews from its users.

Consider a 2005 case involving a website, ripoffreport.com, which collects various complaints posted or filed by consumers against businesses in a variety of categories. The website encourages users to become “Rip Off Reporters” by investigating evil businesses, with possible compensation for such investigations by the website. The plaintiffs, owners of a business targeted on the website, sued the website for defamation claiming that Rip Off Reports is an “information content provider” (instead of merely a computer service provider) because it creates content: choosing titles for the reports, posting editorial comments on the reports and compensating some of the Rip Off Reporters. The court denied the defendant-website’s motion to dismiss the case, ruling that the site was not entitled to immunity at this stage because there were sufficient allegations that the defendants created and developed the wrongful content at issue. The parties reportedly agreed to an undisclosed settlement.

If the “hotel horror stories” emails contain original material directly attributable to TripAdvisor, then there might be an argument to disallow the Section 230 immunity. But if TripAdvisor just aggregated bad reviews and made minor alterations to the reviews like formatting, then its immunity status will likely continue.

Our verdict: KwikChex’s proclamation of its Group Defamation Action is probably meant to publicly pressure TripAdvisor into cooperating with a barrage of bad publicity, and not as a serious threat of actual legal action.