Mobile App Platform Entitled to CDA Immunity over State Law Claims Related to In-App Purchases of Loot Boxes

By Jeffrey Neuburger and Frances P. Kelley, of Proskauer

Happy Silver Anniversary to Section 230 of Communications Decency Act (“CDA” or “Section 230”), which was signed into law by President Bill Clinton in February 1996. At that time, Congress enacted CDA Section 230 in response to case law that raised the specter of liability for any online service provider that attempted to moderate its platform, thus discouraging the screening out and blocking of offensive material. As has been extensively reported on this blog, the world of social media and user-generated content is supported by protections afforded by Section 230. Now, 25 years later, the CDA is at a crossroads of sorts and its protections have stoked some controversy. Yet, as it stands, Section 230 continues to provide robust immunity for online providers.

In a recent case, Google LLC (“Google”) successfully argued for the application of Section 230, resulting in a California district court dismissing, with leave to amend, a putative class action alleging consumer protection law claims against the Google Play App Store.  The claims concerned the offering for download of third party mobile video games that allow users to buy Loot Boxes, which are in-app purchases that contain a randomized assortment of items that can improve a player’s chances at advancing in a videogame.  The plaintiffs claimed these offerings constituted illegal “slot machines or devices” under California law.  (Coffee v. Google LLC, No. 20-03901 (N.D. Cal. Feb. 10, 2021)).

The plaintiffs are John Coffee, Mei-Ling Montanez, and Monteanez’s minor son S.M. (“Plaintiffs”). Coffee downloaded Final Fantasy Brave Exvius (“Final Fantasy”) from the Google Play store in 2018. Final Fantasy is a free fantasy role-playing game in which players control their characters as they move through the story of the game. The game at issue involves the use of virtual currency called “Lapis Crystals” to summon a randomized special character. Players may get Lapis Crystals either through game play or purchases using real money. The system of summoning characters is essentially the in-game “Loot Boxes,” the Plaintiffs allege, because the characters are summoned at random, and the best are the rarest and most difficult to summon. The Plaintiffs state that Coffee was induced to spend an excess of $500 on in-game Loot Boxes while playing Final Fantasy.

The plaintiff S.M. downloaded Dragon Ball Z Dokkan Battle (“Dragon Ball Z”) from the Google Play store in 2019. Dragon Ball Z is also a free-to-play mobile game based on the Dragon Ball anime brand. The game is similar to a board game, with players moving through the game to different spots which allow for different actions. Again, throughout the game, players are able to unlock new characters with summons, which the plaintiffs claim are this game’s Loot Boxes. The players must use “dragon stones,” the Dragon Ball virtual currency, to purchase the summons. Dragon stones can be earned through game play or purchased with real money. The Plaintiffs allege S.M spent more than $100 on in-game purchases including purchases of Loot Boxes.

Google operates the online Google Play app store. Despite the aforementioned game apps being free, the plaintiffs allege that Google nonetheless profits from the apps containing Loot Boxes because in-app payments are made using Google Play’s payment system and Google took 30% of payments for in-app purchases. In their complaint, Plaintiffs claim that Google entices consumers, including children, to engage in addictive gambling in violation of state consumer protection laws.

In response, Google moved to dismiss the claims, principally arguing that it was immune from potential state law claims, as it did not create the video games or Loot Boxes at issue and acted only as a passive host of an app platform, and that while Google might be an intermediary if a user purchases virtual currency for a particular game, it has no role in what users decide to purchase with it.

In declining to decide whether or not Loot Boxes constitute illegal slot machines or devices under California law, the district court examined the plaintiffs’ claims through the lens of CDA immunity. The court quickly determined that Google qualified as an “interactive service provider” under the CDA as Google creates and maintains a virtual online store available to multiple users to download various software applications created by other developers.

The court then noted that plaintiffs sought to impose liability on Google based on the content (specifically Loot Boxes) of those apps, which the court decided was an attempt by the Plaintiffs to treat Google as a publisher of such content.

The court lastly found that the content at issue – the video game apps containing Loot Boxes – were provided by another content provider.  The court declined Plaintiff’s attempt to frame Google as a co-developer of the apps merely because Google required the game developers to make certain disclosures regarding game ratings and Loot Boxes.

The court also rejected the Plaintiffs’ argument that Section 230 did not apply because the CDA only applies to publications of “speech,” ruling Section 230 does apply to published content in an app, not solely to claims of online speech. [Note: Interestingly, one CDA reform bill kicking around Congress, the SAFE TECH Act, includes an amendment to Section 230 (c)(1) that would attempt to narrow the publisher liability provision that covers “information provided by another information content provider” by changing the term to “speech.”]   Thus, the court had little trouble ruling that Section 230 applied and Google could not be held liable in this case for merely allowing video game developers to provide apps to users through the Google Play store.

One interesting theory articulated by the plaintiffs was that Section 230 did not apply because Google went beyond publishing when it allegedly facilitated illegal gambling.  However, the court stated that the complaint itself did not allege facts to support these claims, and therefore refused to consider such allegations on the merits. The court did note that even if it were to rule that the Loot Boxes at issue violated California law, Google would still be protected by the CDA because Google’s alleged involvement amounted to “passive acquiescence” or the mere provision of a neutral platform for app downloads: “[E]ven if a service provider knows that third parties are using such tools to create illegal content, the service provider’s failure to intervene is immunized.” Ultimately, the court dismissed the case with leave to amend, leaving the door open for the plaintiffs to amend their claims to show how Google’s conduct went beyond the passive publishing of third party content.  (One wonders whether such a claim would be successful anyway, as the CDA’s carve-out for violation of federal criminal laws, for instance, has been generally interpreted to apply only in the case of governmental enforcement of such laws. Regardless, to bypass CDA immunity, the plaintiffs would have to offer evidence of Google’s own actions, statements or behavior that would constitute illegal gambling under the state statute, beyond the allegations already presented about the video game developer’s Loot Box offerings).

The Coffee case is one of the most recent cases illustrating the broad immunity that the CDA offers online providers, including mobile platforms.  Until there is some amendment of the contours of the immunity in a future CDA reform bill, it is likely that courts will continue to extend wide protections to online providers. We will continue to follow the developments surrounding the push for CDA reform.

Please follow and like us: