This is an important question that a lot of website owners have. The
short answer under U.S. law is that you are right, website owners
generally are not liable for comments on their site, even if they
moderate them. Here’s the longer answer:
First, one has to ask, “liable for what?” There are
essentially three categories of comment content any website owner
should worry about: (1) criminal content, (2) copyrighted content, (3)
For criminal content, once you are aware that it is criminal, you
should contact law enforcement immediately and they will tell you
whether you should take it down. Either way, they will likely ask you
to archive it. But you should definitely not ignore it. Criminal
content includes things like child pornography.
For copyrighted content, you should (as you suggest) follow the
outline of the DMCA safe harbors. This means registering a DMCA agent
with the copyright office, having a posted policy and active email or
snail mail address for takedown requests, and complying with valid
requests in a timely manner. If one does this, there is little to no
risk of being held liable, even if you moderate the comment with the
copyrighted content in it.
The only exception to this rule is copyrighted content that is
considered “red flag” content – content where it is so
obvious that it is infringing, you cannot turn a blind eye to it. How
obvious is still being debated in the courts, but one court has held
that even hosting or linking to image sites named
“www.stolencelebritypics.com” or “illegal.net”
was not sufficiently obvious to trigger the red flag requirement.
Finally, there is “everything else” which includes
defamatory comments, harassment, abuse, etc. Here, website providers
receive immense protection under Section 230 of the Communications
Decency Act. As long as the website owner does not herself write or add
text to the comment, she is pretty much exempt from any and all
liability for hosting it, whether or not it is moderated.
The only exceptions to this rule are where the website owner
encourages or suggests the offending language. So, for example, if you
were to provide pulldown menus for comments that said “This
person is a criminal” or “The above commenter has
HIV,” that could fall outside the protections of CDA 230.
However, short of something as blatant and directed as that, website
owners are generally safe from liability for any derogatory comments
posted by others.
Simply approving or denying comments does not make one liable.
There’s a lot of great information on subjects like this and others in EFF’s Blogger’s Legal Guide about Safe Harbor and Section 230 Protections.
Jason Schultz is an EFF Fellow specializing in intellectual property and Associate Director of the Samuelson Law, Technology & Public Policy Clinic at U.C. Berkeley Law School. Previously, he served as a Senior Staff Attorney at EFF, where he lead its Patent Busting Project
and represented creators, innovators, and consumers in a variety of
matters involving fair use, free speech, and reverse engineering. He
received his J.D. from Berkeley and his undergrad degrees in Public
Policy Studies and Women’s Studies from Duke University. He
maintains a personal blog at lawgeek.net.