A U.S. district court in San Jose, California, has dismissed a proposed class action alleging that Apple Inc. failed to stop the spread and storage of child sexual abuse material on its iCloud data storage service. The ruling, handed down by U.S. District Judge No l Wise late Monday, concluded that federal law broadly shields online service providers from liability for content created and uploaded by users.
The plaintiffs, identified in filings under the pseudonyms Amy and Jessica, sued Apple in 2024 on behalf of a class of 2,680 individuals who contend that images documenting their sexual abuse as children continued to be stored and shared through iCloud. In their court filings, the plaintiffs estimated compensatory damages as high as $32.8 billion and also sought injunctive relief that would require Apple to change how iCloud handles such material.
Judge Wise agreed with Apple's position that the claims fall within the protective scope of Section 230 of the Communications Decency Act, a 1996 federal law that immunizes providers of interactive computer services from most claims based on user-generated content. In the written decision, Wise said the plaintiffs were seeking to hold Apple responsible for not removing or blocking content that was created and posted by users - conduct Section 230 is intended to cover.
Addressing arguments about technological capabilities, the court noted that "nothing in federal law requires Apple to proactively utilize available technology or develop new technology to identify and report child sexual abuse material on its cloud platform." The opinion further observed that any change to those legal obligations would be a matter for lawmakers, writing, "Lawmakers can fix this problem that is contributing to the exploitation of children. This Court cannot."
The dismissal was entered with prejudice, meaning the same suit cannot be refiled. Plaintiffs' attorney James Marsh said his clients are considering an appeal and are evaluating whether other legal claims might be pursued. Marsh, while disagreeing with the judge's legal conclusion, said he and his clients agreed with the court's broader suggestion that Congress could take steps to better protect children online and address rising harms from online exploitation. A representative for Apple did not immediately respond to a request for comment.
Underlying the dispute are technical and policy disagreements described in the lawsuit. The plaintiffs allege Apple was aware of a problem with child sexual abuse material appearing on iCloud and chose not to adopt widely available technology that could identify and report such material. The complaint points to Apple s 2021 announcement of a program called NeuralHash intended to detect child sexual abuse material; according to the filings, Apple announced in 2022 that it would not implement NeuralHash.
The complaint also points out that Apple has made end-to-end encryption available for data stored on iCloud. The plaintiffs assert that end-to-end encryption effectively prevents Apple and law enforcement from identifying such material on iCloud, complicating efforts to detect and remove it.
Apple, in its filings defending its approach, has said it has worked to reduce the spread of child sexual abuse material across its systems. The company explained that it opted for methods other than NeuralHash to avoid creating additional security and privacy risks for users, a point reflected in its public filings cited by the court records.
This is not the first time Judge Wise has addressed this dispute. Court records indicate she had earlier dismissed a prior version of the complaint but gave the plaintiffs an opportunity to amend it. In the most recent ruling the court concluded the amended pleadings nevertheless fell within Section 230 protections.
Separately, Apple is facing a similar legal challenge brought by the West Virginia attorney general. The state described its own lawsuit as the first of its kind filed by a government agency over distribution of child sexual abuse material on Apple s data storage platform.
The case highlights ongoing tensions in courts and among policymakers over the liability of technology companies for harmful content that users create and share. While judges have been asked in multiple matters to consider whether product design or other company actions take claims outside Section 230 protections, this ruling treated the allegations here as claims about user-created content for which Section 230 provides immunity.
For plaintiffs, the court s dismissal represents a significant setback: the suit sought large compensatory damages and changes to Apple s iCloud practices. For Apple and other technology companies, the decision reaffirms a legal shield that has been central to litigation strategy in cases involving user-posted material. The ruling also underscores arguments by the court that any policy changes to require different industry practices are for Congress to make rather than the judiciary.