McGucken v. Shutterstock, Inc. - Copyright Infringement Appeal

23-7652 In the United States Court of Appeals for the Second Circuit August Term 2024 Argued: December 2, 2024 Decided: February 10, 2026 No. 23-7652 ELLIOT MCGUCKEN, Plaintiff-Appellant, v. SHUTTERSTOCK, INC., Defendant-Appellee, v. DOES 1–10, Defendant. * Appeal from the United States District Court for the Southern District of New York No. 22-cv-905, Jennifer H. Rearden, District Court Judge. Before: LYNCH, LEE, and PÉREZ, Circuit Judges. Elliott McGucken is a professional photographer. Between 2018 and 2022, hundreds of McGucken’s photographs began appearing on the platform of an online stock photo marketplace called Shutterstock, Inc. without his knowledge or * The Clerk of Court is respectfully directed to amend the caption accordingly.

23-7652 consent. McGucken sued Shutterstock for copyright infringement, in violation of 17 U.S.C. § 106, and false copyright management information (“CMI”), in violation of 17 U.S.C. § 1202. The District Court granted Shutterstock’s motion for summary judgment on all counts, concluding that Shutterstock could avoid liability for copyright infringement through a safe harbor provision of the Digital Millenium Copyright Act (“DMCA”), and that its removal of metadata from some of McGucken’s images did not violate § 1202. McGucken appeals. We affirm the District Court’s judgment in part and vacate in part. We conclude that Shutterstock’s actions removing or altering the CMI associated with McGucken’s photographs did not violate 17 U.S.C. § 1202, because nothing in the record suggests that Shutterstock possessed the requisite scienter to be liable under the statute. As to McGucken’s copyright infringement claims pursuant to 17 U.S.C. § 106, we conclude that Shutterstock satisfied most of the requirements to qualify for safe harbor immunity under the DMCA. However, there remain two issues of fact that preclude summary judgment: (1) whether the infringing activity alleged by McGucken occurred “by reason of the storage at the direction of a user of material that resides on” Shutterstock’s online marketplace; and (2) whether Shutterstock has the “right and ability to control” the infringing activity at issue here. Therefore, we AFFIRM IN PART and VACATE IN PART. We AFFIRM the District Court’s grant of summary judgment on McGucken’s false CMI claim. We VACATE the District Court’s grant of summary judgment on McGucken’s remaining copyright infringement claims and REMAND for further proceedings consistent with this opinion. SCOTT ALAN BURROUGHS, Doniger / Burroughs, for Plaintiff-Appellant. ELEANOR M. LACKMAN (Marissa B. Lewis, on the brief), Mitchell Silberberg & Knupp LLP, for Defendant-Appellee.

23-7652 MYRNA PÉREZ, Circuit Judge: Elliott McGucken is a professional photographer. Between 2018 and 2022, hundreds of McGucken’s photographs began appearing on the platform of an online stock photo marketplace called Shutterstock, Inc. without his knowledge or consent. Thereafter, McGucken sued Shutterstock for false copyright management information (“CMI”) under 17 U.S.C. § 1202 and copyright infringement under 17 U.S.C. § 106. After discovery, both parties moved for summary judgment. The District Court granted Shutterstock’s motion for summary judgment on all counts, concluding that Shutterstock could avoid liability for copyright infringement through a safe harbor provision of the Digital Millenium Copyright Act (“DMCA”), and that its removal of metadata from some of McGucken’s images did not violate § 1202. McGucken appeals. We affirm in part and vacate in part. First, McGucken failed to introduce any evidence that Shutterstock had the requisite scienter to be liable for false CMI under 17 U.S.C. § 1202. Thus, we affirm the District Court’s grant of summary judgment to Shutterstock on those claims. As to McGucken’s copyright infringement claims pursuant to 17 U.S.C. § 106, we conclude that Shutterstock satisfied most of the requirements to qualify for safe harbor immunity under the DMCA. However, there remain two issues of fact that

23-7652 preclude summary judgment: (1) whether the infringing activity alleged by McGucken occurred “by reason of the storage at the direction of a user of material that resides on” Shutterstock’s online marketplace; and (2) whether Shutterstock has the “right and ability to control” the infringing activity at issue here. Accordingly, we vacate the District Court’s ruling on McGucken’s copyright infringement claims and remand the case to the District Court for further proceedings consistent with this opinion. BACKGROUND I. Shutterstock’s Online Platform Shutterstock operates an online marketplace for photographs, video footage, music, and other digital content. The Shutterstock platform contains over 424 million images and 26 million video clips. Every day, Shutterstock adds approximately 200,000 images and an average of 75,000 video clips to the marketplace. Most of the images that appear in Shutterstock’s marketplace were submitted by approved third-party contributors. Once these contributors agree The District Court found that “[e]xcept for those who have been previously suspended from the platform, anyone who agrees to Shutterstock’s ‘Contributor Terms of Service’ and ‘Contributor Guidelines’ can become a ‘Contributor’ and upload their images to Shutterstock for licensing.” McGucken v.

23-7652 to Shutterstock’s “Contributor Terms of Service” and “Contributor Guidelines,” they can upload images to the website and receive a portion of any license fees paid by Shutterstock’s customers for their images. J. App’x at 238. Shutterstock reviews every image before it appears in the online marketplace. It claims that it does this to weed out images that contain “hallmarks of spamming,” “visible watermarks,” technical quality issues, or material like “pornography, hateful imagery, trademarks, copyrighted materials, [or] people’s names and likenesses without a model release.” Id. at 239–40. Technical quality issues that, according to Shutterstock, could prevent an image from appearing on the platform include poor focus, composition, lighting, and blurriness. Shutterstock’s reviewers examine each image for an average of 10 to 20 seconds and typically each image is reviewed by only one person. Prior to review, Shutterstock automatically removes all metadata associated with the file and allows users to supply their preferred display name and metadata. Shutterstock’s reviewers examine that new user-created metadata, which includes an image title, keywords, and a description. Shutterstock, Inc., No. 22-cv-00905, 2023 WL 6390530, at *2 (S.D.N.Y. Oct. 2, 2023). McGucken disputes this characterization of Shutterstock’s contributor approval process: “Shutterstock reviews and approves its contributors’ credentials before allowing them to contribute photography to be considered for inclusion in Shutterstock’s portfolio.” Appellant’s Br. at 5.

23-7652 Once Shutterstock approves an image, its software then automatically creates multiple thumbnail copies of the image and adds Shutterstock’s own watermark to the image for display on the customer platform. Finally, images are uploaded to the customer platform and made available through Shutterstock’s application programming interface (“API”). Once an image is available on the customer platform, it can be licensed through any of Shutterstock’s different licensing models. Customers have the option to purchase a “subscription license” to the platform or to license individual photographs from Shutterstock on a per-image basis. Id. at 242. Shutterstock describes its licensing process as “entirely automated.” Id. at 241. II. McGucken’s Photography and This Lawsuit This case arose after 337 of McGucken’s original photographs were uploaded by three of Shutterstock’s contributors and were made available for license through the website. Shutterstock ultimately licensed 165 of McGucken’s images to its customers, generating $2,131.60 in revenue that was shared between Shutterstock and the contributors who uploaded the images. On December 30, 2020, McGucken’s attorney contacted Shutterstock to notify it that one of McGucken’s photographs was being sold on the platform

23-7652 without his permission. Shutterstock replied five days later requesting that McGucken provide a formal takedown notice. On January 15, 2021, McGucken sent a takedown notice that identified two URLs on Shutterstock’s platform containing the image. Shutterstock removed the image from those two URLs four days later. McGucken filed suit against Shutterstock on February 2, 2022, alleging copyright infringement concerning the noticed image and 324 additional images on the platform. He subsequently amended the lawsuit to identify twelve more photographs on Shutterstock’s website in which he claimed copyright. Shutterstock terminated the three contributor accounts responsible for uploading McGucken’s photographs and removed their images. McGucken’s lawsuit asserted three claims: (1) Shutterstock infringed his copyright by “copying, publishing, distributing, offering for license, licensing, and displaying the Subject Photography to the public,” J. App’x at 38; (2) Shutterstock committed vicarious and/or contributory infringement through the licensing of his photographs to third parties, id. at 39; and (3) Shutterstock unlawfully removed McGucken’s CMI from his images and replaced it with Shutterstock’s own CMI in violation of 17 U.S.C. § 1202(a) and (b), id. at 40–41.

23-7652 STANDARD OF REVIEW We review a district court’s decision to “grant [] summary judgment de novo, ‘construing the evidence in the light most favorable to the party against whom summary judgment was granted and drawing all reasonable inferences in that party’s favor.’” Capitol Records, LLC v. Vimeo, Inc. (“Vimeo II”), 125 F.4th 409, 418 (2d Cir. 2025) (quoting Bey v. City of New York, 999 F.3d 157, 164 (2d Cir. 2021)). Summary judgment is only appropriate where there is no “genuine dispute as to any material fact and the movant is entitled to judgment as a matter of law.” Fed. R. Civ. P. 56(a). Where, as here, both parties cross move for summary judgment, “each motion is analyzed separately, ‘in each case construing the evidence in the light most favorable to the non-moving party.’” Vimeo II, 125 F.4th at 418 (quoting Schwebel v. Crandall, 967 F.3d 96, 102 (2d Cir. 2020)). “‘The party seeking summary judgment bears the burden of establishing that no genuine issue of material fact exists,’ but ‘when the burden of proof at trial would fall on the nonmoving party, it ordinarily is sufficient for the movant to point to’ an absence of evidence ‘on an essential element of the nonmovant’s claim.’” Bustamante v. KIND, LLC, 100 F.4th 419, 432 (2d Cir. 2024) (quoting Souza v. Exotic Island Enters., Inc., 68 F.4th 99, 108 (2d Cir. 2023)). In other words, “[t]here

23-7652 must be more than a ‘scintilla of evidence’ in the non-movant’s favor; there must be evidence upon which a fact-finder could reasonably find for the non-movant.” Heublein, Inc. v. United States, 996 F.2d 1455, 1461 (2d Cir. 1993) (quoting Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 252 (1986)). DISCUSSION I. McGucken’s False CMI Claims Pursuant to 17 U.S.C. § 1202 We first consider McGucken’s two false CMI claims. The District Court granted summary judgment for Shutterstock on both claims, concluding that McGucken failed to satisfy his burden as to the required scienter elements. For the following reasons, we affirm. A. DMCA False Copyright Management Information Provisions Under 17 U.S.C. § 1202(a), it is unlawful to “(1) provide copyright management information that is false, or (2) distribute or import for distribution copyright management information that is false.” To be liable under § 1202(a), a party must engage in one of these two acts “knowingly and with the intent to induce, enable, facilitate, or conceal infringement.” In other words, § 1202(a) contains a pair of scienter elements: to be liable, a party must both have actual

23-7652 knowledge that the CMI at issue is false and have acted with the intent to induce, enable, facilitate, or conceal infringement. Under 17 U.S.C. § 1202(b), it can also be unlawful to modify or remove CMI without authorization. To establish a violation of § 1202(b), a plaintiff must prove “(1) the existence of CMI in connection with a copyrighted work; and (2) that a defendant ‘distribute[d] . . . works [or] copies of works’; (3) while ‘knowing that [CMI] has been removed or altered without authority of the copyright owner or the law’; and (4) while ‘knowing, or . . . having reasonable grounds to know’ that such distribution ‘will induce, enable, facilitate, or conceal an infringement.’” Mango v. BuzzFeed, Inc., 970 F.3d 167, 171 (2d Cir. 2020) (quoting 17 U.S.C. § 1202(b)). We have referred to the third and fourth prongs as a “double-scienter requirement,” Mango, 970 F.3d at 170–72, and they are similar to the pair of scienter elements applicable to § 1202(a) claims. However, under § 1202(b), a party can be liable despite having only had constructive knowledge that their distribution of “improperly attributed copyrighted material . . . ‘will induce, enable, facilitate, or conceal an infringement.’” Id. at 171 (quoting 17 U.S.C. § 1202(b)).

23-7652 B. McGucken’s False CMI Claims Against Shutterstock McGucken brought two claims relating to CMI—one based on Shutterstock’s inclusion of false CMI on McGucken’s images under 17 U.S.C. § 1202(a) (Shutterstock’s name and logo on the watermark it affixed to the photographs), and one based on the removal of McGucken’s CMI from certain photographs under § 1202(b) (Shutterstock’s removal of the images’ metadata). These claims fail. To survive Shutterstock’s summary judgment motion, McGucken’s burden is not to prove that Shutterstock had the requisite scienter. But he still must adduce some “specific facts” sufficient to create a triable issue as to the scienter requirements applicable under § 1202(a) and (b). Shannon v. N.Y.C. Transit Auth., 332 F.3d 95, 99 (2d Cir. 2003). For McGucken’s § 1202(a) claim, that means creating a triable issue as to whether Shutterstock: (1) knew the CMI associated with McGucken’s images was false; and (2) acted with the intent to “induce, enable, McGucken insists that it would be “unfair” for him to bear the burden of proving scienter at summary judgment, since Shutterstock’s knowledge and intent are facts “‘particularly within’ Shutterstock’s knowledge.” Appellant’s Br. at 56 (citing Friedman v. Live Nation Merch., Inc., 833 F.3d 1180, 1189 (9th Cir. 2016)). However, the Ninth Circuit case on which McGucken relies explains that defendants can “‘persuad[e] the court that there is no genuine issue of material fact’” and thus meet their “‘ultimate burden’” on summary judgment “by providing some explanation” for the allegedly infringing activity. Friedman, 833 F.3d at 1189 (quoting Nissan Fire & Marine Ins. Co. v. Fritz Cos., Inc., 210 F.3d 1099, 1102 (9th Cir. 2000)). We agree.

23-7652 facilitate, or conceal infringement” of those images. 17 U.S.C. § 1202(a). And for his § 1202(b) claim, that means creating a triable issue as to whether Shutterstock: (1) knew the CMI associated with McGucken’s images was removed or altered without authorization and (2) distributed McGucken’s images knowing, or with “reasonable grounds to know,” that doing so would “induce, enable, facilitate, or conceal” infringement. 17 U.S.C. § 1202(b)(3). Relying on a sworn statement by a Shutterstock employee, the District Court found that Shutterstock automatically affixes its watermark to every image on its site “‘in order to prevent third parties from using the images without a license’ and that [the practice] ‘is intended and understood to identify Shutterstock as the source or distributor of the image, rather than as the author or copyright owner.’” McGucken v. Shutterstock, Inc., No. 22-cv-00905, 2023 WL 6390530, at *11 (S.D.N.Y. Oct. 2, 2023) (quoting J. App’x at 241). McGucken points to no evidence suggesting that Shutterstock affixed its watermark to his images—or, indeed, to any images— with knowledge that it constituted false CMI and for the purpose of concealing copyright infringement. Because there is no triable issue as to Shutterstock’s

23-7652 knowledge or intent, we affirm the District Court’s ruling as to McGucken’s § 1202(a) claim. McGucken’s § 1202(b) claim fails for much the same reason. While Shutterstock concededly knows that it removes CMI from every image ingested into its system, J. App’x at 241, Shutterstock explained—and McGucken failed to refute—that it removes metadata from all images primarily to avoid computer viruses and the dissemination of personally identifiable information, and not for any reasons related to infringement. Nothing in the record suggests that Shutterstock removed McGucken’s CMI or distributed his work knowing that the CMI had been removed without his consent. Nor is there evidence demonstrating that Shutterstock removed CMI from McGucken’s images “knowing, or, with respect to civil remedies under section 1203 [which are sought here], having reasonable grounds to know, that it will induce, enable, facilitate, or conceal an infringement of any right under this title [i.e., copyright].” 17 U.S.C. § 1202(b)(3); see also Mango, 970 F.3d at 171. Because we conclude that McGucken’s § 1202(a) claim fails on the intent elements, we do not opine on whether affixing a watermark to user-submitted images marketed to third parties could ever constitute false CMI.

23-7652 Because nothing in the record suggests that Shutterstock had the scienter necessary for liability, we affirm the District Court’s grant of summary judgment for Shutterstock on McGucken’s § 1202(b) claim. See Zuma Press, Inc. v. Getty Images (US), Inc., 349 F. Supp. 3d 369, 376 (S.D.N.Y. 2018) (concluding that Getty Images lacked requisite scienter under § 1202(b) where it “utilized an automated process” that modified “appended copyright management information”); cf. Mango, 970 F.3d at 172–73 (finding that Buzzfeed had knowledge that removing and altering CMI from one specific image “would conceal the fact that [it] did not have authority to use the Photo”). II. McGucken’s Copyright Infringement Claims Shutterstock’s principal defense to McGucken’s remaining claims of direct and secondary copyright infringement is that it qualifies for a safe harbor established by the DMCA pursuant to 17 U.S.C. § 512(c). By way of background, the Online Copyright Infringement Liability Limitation Act (“OCILLA”), Title II of the DMCA, established multiple “safe harbors that allow qualifying service providers to limit liability for certain claims of copyright infringement.” Vimeo II, 125 F.4th at 413. These safe harbors reflect a “‘compromise’ between protecting copyright owners and ‘insulat[ing] service

23-7652 providers from liability for infringements of which they are unaware, contained in material posted to their sites by users, so as to make it commercially feasible for them to provide valuable Internet services to the public.’” Id. (alteration in original) (quoting Capitol Recs., LLC v. Vimeo, LLC, 826 F.3d 78, 82 (2d Cir. 2016)). The District Court granted summary judgment for Shutterstock, concluding that it met each of the safe harbor requirements. We agree with the District Court as to all but two of the requirements. Because Shutterstock must meet every requirement to qualify for safe harbor, we vacate the District Court’s grant of summary judgment on the copyright infringement claims and remand for further proceedings. A. Threshold Criteria for Safe Harbor Under § 512(c) We begin with the three threshold criteria that a party must meet to qualify for any of the safe harbors created by the DMCA. See Viacom Int'l, Inc. v. YouTube, Inc., 676 F.3d 19, 27 (2d Cir. 2012); Vimeo II, 125 F.4th at 413 n.2. First, it must establish that it is a “service provider” under 17 U.S.C. § 512(k)(1). Second, it must show that it “has adopted and reasonably implemented . . . a policy that provides for the termination in appropriate circumstances of subscribers and account holders of the service provider’s system or network who are repeat infringers.” Id.

23-7652 § 512(i)(1)(A). And third, it must “not interfere with standard technical measures . . . that are used by copyright owners to identify or protect copyrighted works.” Id. § 512(i)(1)(B), (i)(2). We conclude that Shutterstock satisfies these three requirements. 1. Shutterstock Is a Service Provider First, under § 512(k)(1), Shutterstock is clearly a “service provider.” As relevant here, a “service provider” refers to “a provider of online services or network access, or the operator of facilities therefor.” 17 U.S.C. § 512(k)(1)(B). This is a broad definition that covers any online platform designed to assist users in doing something that benefits those users (i.e., a service). Thus, unsurprisingly, courts have found that a wide variety of online platforms qualify as service providers, ranging from platforms that operate like bulletin boards where users can upload videos and photographs for others to view, see, e.g., Wolk v. Kodak Imaging Network, Inc., 840 F. Supp. 2d 724, 744 (S.D.N.Y. 2012), aff’d sub nom. Wolk v. Photobucket.com, Inc., 569 F. App’x 51 (2d Cir. 2014) (summary order), to platforms that directly facilitate the sale of goods to consumers, see, e.g., Corbis Corp. v. Amazon.com, Inc., 351 F. Supp. 2d 1090, 1100 (W.D. Wash. 2004); Hendrickson v. eBay, Inc., 165 F. Supp. 2d 1082, 1088 (C.D. Cal.

23-7652 2001). And in another case, a district court in our Circuit found Shutterstock to be a service provider. See Steinmetz v. Shutterstock, Inc., 629 F. Supp. 3d 74, 81–83 (S.D.N.Y. 2022). McGucken points us to a district court decision, Agence France Press v. Morel, which concluded that an entity that “licens[es] copyrighted material online” was not a service provider, because licensing “more closely resembles the mere sale of goods . . . than facilitating users’ activities online.” 934 F. Supp. 2d 547, 566 (S.D.N.Y. 2013). But that limitation has no basis in the broad statutory definition of “service provider.” Section 512(k)(1)(B) does not exclude online platforms that, like Shutterstock, act as the principal on a copyright license in order to facilitate the ability of third-party contributors to license the images they upload to members of the public. 2. Shutterstock Adopted and Implemented a Repeat Infringer Policy Second, Shutterstock “has adopted and reasonably implemented” a repeat infringer policy. 17 U.S.C. § 512(i)(1)(A). To be clear, McGucken does not contend that Shutterstock lacked such a policy but argues only that a factual dispute exists Of course, under certain circumstances, a service provider’s practice of licensing user-uploaded images may run afoul of other § 512(c) requirements. Here, we merely hold that Shutterstock’s licensing practice does not categorically take it outside the statutory definition of “service provider.”

23-7652 as to whether it has been reasonably implemented. While we have not previously offered a generalized definition of what constitutes “reasonable implementation” of a repeat infringer policy, the Ninth Circuit has formulated a standard, which we find persuasive and now adopt. “[A]n implementation is reasonable if, under ‘appropriate circumstances,’ the service provider terminates users who repeatedly or blatantly infringe copyright.” Perfect 10, Inc. v. CCBill LLC, 488 F.3d 1102, 1109 (9th Cir. 2007). That standard does not “require perfection”—“[e]ligibility for the safe harbor is not lost just because some repeat infringers may have slipped through the provider’s net for screening them out and terminating their access.” Ventura Content, Ltd. v. Motherless, Inc., 885 F.3d 597, 618 (9th Cir. 2018) (finding on summary judgment that the requirement was satisfied even though “nine alleged repeat infringers had slipped through” defendant’s screening and one infringer was not terminated until defendant “had received a fourth DMCA-compliant notice” related to the infringer’s activity). No reasonable factfinder could conclude that Shutterstock fails to meet this standard. As a general matter, a service provider can run afoul of § 512(i)(1)(A) if it fails to “connect known infringing activity of which it became aware through

23-7652 takedown notices to” specific users who have repeatedly posted infringing material. EMI Christian Music Grp., Inc. v. MP3tunes, LLC, 844 F.3d 79, 90 (2d Cir. 2016). But here, all McGucken has shown is that Shutterstock failed to terminate one repeat infringer. Considering that Shutterstock hosts hundreds of millions of images and videos, uploaded by millions of contributors, the failure to terminate one repeat infringer, standing alone, cannot establish unreasonable implementation. To hold otherwise would require a standard of perfection not contemplated by the statute. 3. Shutterstock Does Not Interfere with Standard Technical Measures Finally, there is no genuine dispute that Shutterstock “accommodates and does not interfere with standard technical measures . . . that are used by copyright owners to identify or protect copyrighted works.” 17 U.S.C. § 512(i). McGucken’s focus on the uncontested fact that Shutterstock removed metadata from some of his photographs is misplaced because he has not introduced any evidence that metadata constitutes “a standard technical measure.” See BWP Media USA Inc. v. Polyvore, Inc., 922 F.3d 42, 56 n.9 (2d Cir. McGucken’s assertion that Shutterstock has been sued by other alleged rights holders for copyright infringement, see Appellant’s Br. at 45, makes no claim that those cases involved repeat infringers or are meritorious.

23-7652 2019) (Walker, J., concurring) (explaining that plaintiff “as the party asserting that metadata is a standard technical measure, has the burden of proving it”). A “standard technical measure” must, among other requirements, “have been developed pursuant to a broad consensus of copyright owners and service providers in an open, fair, voluntary, multi-industry standards process.” 17 U.S.C. § 512(i)(2)(A). McGucken’s only record citation—a statement from his expert that defines metadata as a tool “[p]hotographers rely on . . . to organize, sort, and track their works both inside their studios and across the internet,” J. App’x at 1956—identifies no “consensus,” let alone any “multi-industry standards process” that would have reached such a consensus. B. Specific Criteria for Safe Harbor Pursuant to § 512(c) In addition to the foregoing three threshold criteria, which apply to all the safe harbors created by § 512, a defendant must establish its eligibility for the specific safe harbor it claims. Here, Shutterstock claims eligibility for the safe harbor created by § 512(c), “which protects the provider from liability for McGucken cites several articles in his brief to support this argument, but they were not part of the summary judgment record before the District Court. We will not consider them for the first time on appeal. See Amara v. Cigna Corp., 53 F.4th 241, 257 n.8 (2d Cir. 2022).

23-7652 infringement that would arise ‘by reason of the storage [of infringing materials] at the direction of a user.’” Vimeo II, 125 F.4th at 414 (quoting 17 U.S.C. § 512(c)(1)). To qualify for this safe harbor, the service provider must not possess “actual” or “red flag” knowledge of infringement. Viacom, 676 F.3d at 32; see also 17 U.S.C. § 512(c)(1)(A)(i)–(ii). A provider obtains “red flag” knowledge where it is “subjectively aware of facts that would have made the specific infringement ‘objectively’ obvious to a reasonable person.” Viacom, 676 F.3d at 31. On obtaining either form of knowledge, the provider must “act[] expeditiously to remove, or disable access to, the [infringing] material.” 17 U.S.C. § 512(c)(1)(A)(iii); see also id. § 512(c)(1)(C). Separately, the provider must have “designated an agent to receive notifications of claimed infringement.” Id. § 512(c)(2). The provider, of course, must also show that its “storage” of the infringing material was “at the direction of a user.” Id. § 512(c)(1). Finally, the provider must “not receive a financial benefit directly attributable to the infringing activity, in a case in which the service provider has the right and ability to control such activity.” Id. § 512(c)(1)(B). McGucken does not contest that Shutterstock satisfies this requirement, so we do not discuss it further.

23-7652 While we agree with the District Court that Shutterstock did not possess actual or red flag knowledge and that it acted expeditiously to remove infringing material, we conclude that triable issues of fact exists as to whether Shutterstock’s storage of McGucken’s photographs was “at the direction of a user” and whether Shutterstock “has the right and ability to control” the infringing activity at issue here. Id. § 512(c)(1). 1. Shutterstock Did Not Possess Actual or Red Flag Knowledge There is no genuine factual issue as to whether Shutterstock had “actual knowledge” of the alleged infringement of McGucken’s images. Contrary to McGucken’s assertion, Appellant’s Br. at 35, an earlier lawsuit over another artist’s work against Shutterstock concerning one of the contributors who uploaded some of McGucken’s photographs fails to establish “actual knowledge,” since § 512(c)(1)(A)(i) requires awareness of the “specific instances of infringement.” Viacom, 676 F.3d at 31 (emphasis added). Nor has McGucken adduced evidence that Shutterstock “was subjectively aware of facts that would have made the specific infringement ‘objectively’ obvious to a reasonable person.” Id. at 31. McGucken asserts that Shutterstock reviewed the metadata for his images, and that such metadata would have

23-7652 suggested that he was the author, or at least that the contributor who submitted the image was not the author. But McGucken cites nothing in the record suggesting that any Shutterstock employee ever reviewed the metadata (or lack thereof) associated with his images that were uploaded to the platform. To the contrary, the record indicates that Shutterstock employees do not interact with images’ original metadata. See J. App’x at 241 (Shutterstock employee attesting that “Shutterstock’s system automatically removes any and all metadata associated with the images uploaded by contributors,” that “Shutterstock’s employees are not involved in this process,” and that any original metadata “is removed by the time any Shutterstock employee or reviewer sees it”). Thus, the record does not support a finding of “red flag” knowledge. See Vimeo II, 125 F.4th at 419 (explaining that, while a defendant has the burden of proof to show “entitlement to the safe harbor,” the plaintiff has the burden when it comes to McGucken unpersuasively cites J. App’x at 1143–52 for the proposition that someone at Shutterstock reviewed the original metadata attached to his images that included his name. The cited exhibit does not indicate that anyone at Shutterstock actually reviewed the original metadata associated with McGucken’s images, but instead merely that Shutterstock received metadata with McGucken’s photographs. That is insufficient to establish Shutterstock’s subjective awareness of the metadata. See Viacom Int'l, Inc. v. YouTube, Inc., 676 F.3d 19, 31 (2d Cir. 2012) (explaining that red flag knowledge requires the provider to be “subjectively aware” of the relevant facts and circumstances).

23-7652 knowledge). McGucken has failed to meet his burden to show that Shutterstock had “actual” or “red flag” knowledge of its infringement. 2. Shutterstock Acted Expeditiously to Remove Infringing Material Shutterstock’s removal of the noticed images within four days of McGucken’s DMCA compliant takedown notice was sufficient to fulfill its obligation to “respond[] expeditiously to remove, or disable access to,” infringing material. 17 U.S.C. § 512(c)(1)(C). 3. Shutterstock Has Not Established That Infringement Was “By Reason of the Storage at the Direction of a User” of User Uploaded Material To satisfy § 512(c)(1), Shutterstock’s burden is to establish that any infringing acts happened “by reason of the storage at the direction of a user of material that resides” on its platform. Id. McGucken’s principal theory is that his images did not appear on Shutterstock’s platform “at the direction of a user” within the meaning of § 512(c)(1) because Shutterstock curates its collection of images for display and McGucken contends that Shutterstock did not meet this obligation because thumbnails of his images remained on Shutterstock’s Application Programming Interface partners’ websites for several months, and because third-party licensees continued to use his images. Appellant’s Br. at 36–37. But all that Shutterstock was required to do under the plain text of § 512(c)(1)(C) was “remove” or “disable access” to the images on its platform, and McGucken does not contest that Shutterstock expeditiously disabled public access to the URLs on its own system that his DMCA compliant notice identified.

23-7652 sale, as opposed to operating an automated system that passively ingests and displays user-uploaded images. As a general matter, § 512(c) does not extend to material “that resides on the system or network operated by or for the service provider through its own acts or decisions and not at the direction of a user.” H.R. Rep. No. 105-551, pt. 2, at 53 (1998) (emphasis added). The task for courts applying § 512(c)(1) is to decide whether a given service provider plays a sufficiently active role in the process by which material appears on its platform such that, as a result, its storage and display of infringing material is no longer meaningfully at the user’s direction. To justify summary judgment in its favor on this issue, Shutterstock must show that, on the record before this Court, no reasonable factfinder could conclude that it played such a role. Much of our caselaw applying § 512(c)(1) has focused on what a service provider may permissibly do with a user’s content once it has been uploaded to the provider’s platform. For example, we have held that the “512(c) safe harbor extends to software functions performed ‘for the purpose of facilitating access to user-stored material.’” Viacom, 676 F.3d at 39 (quoting UMG Recordings, Inc. v. Veoh Networks, Inc., 620 F. Supp. 2d 1081, 1088 (C.D. Cal. 2008)). Accordingly, software

23-7652 functions like transcoding, copying, and playback of user-uploaded materials have fallen within the ambit of the safe harbor. See id.; Polyvore, 922 F.3d at 44. But our cases largely leave unanswered the key question before us here: what does it mean for materials to appear on a platform “at the direction of a user” in the first place? The Ninth Circuit’s approach to answering this question provides a helpful starting point. “Infringing material is stored at the direction of the user if the service provider played no role in making that infringing material accessible on its site or if the service provider carried out activities that were ‘narrowly directed’ towards enhancing the accessibility of the posts.” Ventura, 885 F.3d at 606 (quoting Mavrix Photographs, LLC v. LiveJournal, Inc., 873 F.3d 1045, 1056 (9th Cir. 2017)). Thus, providers may fall outside the ambit of § 512(c) where they “actively participate in or supervise file uploading,” UMG Recordings, Inc. v. Shelter Cap. Partners LLC, 718 F.3d 1006, 1020 (9th Cir. 2013), exercise editorial judgment in determining what to host, see Ventura, 885 F.3d at 607, or engage in a manual and substantive review of the content that appears on their platform that extends beyond a review “for infringement or other harmful material,” Mavrix, 873 F.3d 1056.

23-7652 For our part, although we have not previously formulated a general standard, we have suggested that when infringement is the result of “manual selection of copyrighted material,” it may not be covered by § 512(c). See Viacom, 676 F.3d at 40. Our caselaw also makes clear that under § 512(c), service providers can review and screen user content before they store it on their platform without becoming ineligible for safe harbor, particularly where the ability to exert control over the content that appears on the platform is necessarily limited by the sheer volume of uploaded user content. See Vimeo II, 125 F.4th at 425–26. Other Circuits have likewise held that § 512(c) permits service providers to review user submissions “for infringement or other harmful material like pornography.” Mavrix, 873 F.3d at 1056; see also CoStar Grp., Inc. v. LoopNet, Inc., 373 F.3d 544, 556 (4th Cir. 2004) (concluding that service providers can qualify for the § 512(c) safe harbor while engaging in “cursory” screening of user uploads to weed out irrelevant or infringing material); BWP Media USA, Inc. v. Clarity Digit. Grp., LLC, 820 F.3d 1175, 1181 (10th Cir. 2016) (reaching the same conclusion with respect to service providers that subject user content to “a screening or automated process”). Thus, determining the nature of the service provider’s review of user materials is central to analyzing the applicability of § 512(c)(1). A service provider

23-7652 may engage in rote and mechanical content screening, like excluding unlawful material, enforcing terms of service, or limiting uploads “to selected categories of consumer preferences,” Vimeo II, 125 F.4th at 425, without falling outside the ambit of § 512(c)(1). On the other hand, a service provider is likely to run afoul of § 512(c)(1) if it is applying its aesthetic, editorial, or marketing judgment to determine which user uploads it accepts. Certain facts can provide relevant indicia of the type of screening a service provider is engaged in. For instance, the duration of review—that is, how long each piece of user content is under review before it is approved or rejected—and the proportion of user uploads that the service provider accepts are relevant factors to resolving the inquiry. Likewise, the fact that a service provider conducts human review rather than screening images with software may indicate that its content review is more substantive than cursory. But none of these factors is dispositive, and they cannot substitute for the ultimate factual inquiry into the nature of the service provider’s screening of user uploads. See, e.g., CoStar Grp., 373 F.3d at 547 (finding that a service provider qualified for the 512(c) safe harbor despite having human agents “cursorily review[] user uploads to determine whether the photograph in fact depicts commercial real estate, and (2) to identify

23-7652 any obvious evidence . . . that the photograph may have been copyrighted by another”). Taking all this together, we adopt the following general rule: if a service provider engages in manual, substantive, and discretionary review of user content—if, on a case-by-case basis, it imposes its own aesthetic, editorial, or marketing judgment on the content that appears on its platform—then its storage of infringing material is no longer “at the direction of a user.” In other words, “extensive, manual, and substantive” front-end screening of user content is not “accessibility-enhancing” and is not protected by the § 512(c) safe harbor. Mavrix, 873 F.3d at 1056. That is because, where service providers engage in their own discretionary screening of user content, they can no longer be said to be acting “solely to facilitate access by users.” Polyvore, 922 F.3d at 58 (Walker, J., concurring). Thus, here, whether Shutterstock satisfies § 512(c)(1) depends on a factual determination about the nature of its review: whether it is more aptly characterized as curating its own photo library or as imposing minimum policy standards to facilitate access to user content on its platform.

23-7652 There is evidence in the record that suggests Shutterstock’s review of user images is neither cursory nor automatic. To begin, when a user submits an image to Shutterstock, the image does not immediately appear on the website; rather, the contributor must wait, sometimes for hours, until they receive an email from Shutterstock letting them know which of their images were accepted. See J. App’x at 1293, 1302, 1316. That fact is not dispositive, but it suggests some intervention by Shutterstock between a user upload and the appearance of material on the platform. Moreover, Shutterstock’s website states that it “has high standards and only accepts a portion of the images submitted to be included in [its] collection.” Id. at 1071. Indeed, Shutterstock maintains a page on its website that explains why an image might be rejected and provides advice for successful submissions. Id. at 1071–88. There are “30-odd” reasons that an image might be rejected by a Shutterstock reviewer, id. at 1294–95, which include focus, exposure, lighting, and noise, id. at 1071–75. The record also contains evidence that Shutterstock’s reviewers exercise some subjective discretion even when applying seemingly rote and straightforward criteria. For instance, when considering an image’s focus, Shutterstock reviewers are “trained to know the difference between something

23-7652 that’s just out of focus and something that’s more intentional.” Id. at 1341–42. And according to Shutterstock, a reviewer may still accept an image that has focus issues if it is “a really unique shot” or a “hard shot to get.” Id. at 1297. That is because, as Shutterstock has explained, “there’s no way to predict what a customer is looking for,” so although “Shutterstock wants to have a high-quality library[,] . . . [t]here’s a lot of value in . . . shots that might not be perfect.” Id. at 1296–97; see also id. at 1366 (Shutterstock employee explaining that reviewers apply “a base guideline . . . but at the same time, it’s not a black-and-white standard”); id. at 1367 (“As our reviewers are humans, they obviously can think for [themselves]. We give them guidelines and we try to give them the best tools possible to review photos and to use their best judgment based on the guidelines we give them.”). In the end, as Shutterstock itself concedes, “photography is an art . . . you can’t just say, ‘This is yes, this is no.’” Id. at 1362. Together, these statements could lead a factfinder to conclude that Shutterstock’s reviewers exercise a considerable degree of case-by-case aesthetic or editorial judgment when determining which images to allow on the platform. Shutterstock counters that its front-end screening is rote and mechanical— that its reviewers consider only “apparent technical issues or policy violations.”

23-7652 Appellee’s Br. at 7. And indeed, there is evidence in the record that supports that characterization. For one, as Shutterstock emphasizes, a reviewer typically spends no more than 10 to 20 seconds examining an image. Further, there is evidence in the record that approximately 93 percent of submitted images are approved for the platform. J. App’x at 1312. A factfinder might conclude that such a high “success” rate supports an inference that it is the users, and not Shutterstock’s reviewers, who dictate the images that appear on the site. But those facts are not enough to determine, as a matter of law, that Shutterstock does not exert sufficient control over user activities to fall outside the § 512(c) safe harbor. See Clarity, 820 F.3d at 1181 (“Key to [§ 512(c)(1)] is control.”). Of course, approving a high rate of submitted images could indicate that Shutterstock’s image screening is limited and permissive. Alternatively, a high image acceptance rate could suggest that Shutterstock’s contributors know what types of images are likely to be approved and proactively curate their own submissions. Cf. Mavrix, 873 F.3d at 1058–59 (identifying “detailed instructions” for contributors as one way that a service provider can exercise control of user activities (quoting Perfect 10, Inc. v. Cybernet Ventures, Inc., 213 F. Supp. 2d 1146, 1173 (C.D. Cal. 2002))). Indeed, the record suggests that one reason Shutterstock

23-7652 gives its contributors guidance on the images to submit is to reduce the likelihood that an image will be rejected. See J. App’x at 1345–49, 1356. Similarly, a platform that successfully coaches its contributors on the types of images it prefers to display may generally have to spend less time reviewing each individual image. Therefore, while a low acceptance rate may indicate that a platform is selective in the content it accepts, a relatively high acceptance rate does not invariably establish the opposite. We conclude that Shutterstock has not met its burden to establish that, as a matter of law, images appear on its platform “at the direction of a user” as required by § 512(c)(1). On remand, the factfinder must determine whether Shutterstock’s review of user images imposes substantive and discretionary control over the material that appears on the platform. In particular, the factfinder should consider the degree to which Shutterstock’s aesthetic and editorial judgment, imposed There is also testimony suggesting that Shutterstock advises its contributors on the types of images that are more likely to be licensed by users, see J. App’x at 1352–53, though there is no evidence that Shutterstock uses marketability as an explicit criterion in its image review, id. at 1295. In any event, whether 10 to 20 seconds is a short time to review an image is a quintessential jury question.

23-7652 manually and on a case-by-case basis, determines which images are accepted on the platform. 4. Shutterstock Has Not Established That It Lacks the “Right and Ability to Control” Infringing Activity Finally, on the current record, we cannot determine whether Shutterstock exerts the “right and ability to control” infringing content pursuant to § 512(c)(1)(B). As we recently explained, § 512(c)(1)(B) “appl[ies] in circumstances when the service provider has exercised ‘substantial influence’ over user activities.” Vimeo II, 125 F.4th at 423–26, 428. Thus, much like our inquiry under § 512(c)(1), determining whether Shutterstock satisfies § 512(c)(1)(B) turns on the degree of influence that it exerts over the content that appears on its platform. To begin, in Vimeo II, we said that the “coercive effect and frequency” of a service provider’s “intrusions into user autonomy over their posts” are two important factors in determining whether it has exercised “substantial influence” for purposes of § 512(c)(1)(B). Vimeo II, 125 F.4th at 425. We explained that where a service provider’s control over user activities is limited to promoting or demoting certain material within its platform, rather than deciding which material to allow on the platform at all, its influence is much less substantial. See id. at 424–

23-7652 25. We likewise distinguished between service providers that review only a subset of user material from those that review every post that users seek to upload. Id. Still, a service provider does not necessarily exercise substantial influence over user activities merely because it screens every upload before it appears on its platform. As we explained in Vimeo II, Congress likely did not intend “to deny eligibility for the safe harbor to entrepreneurs merely because they sought to exclude content that violates other laws or because they sought to design sites to make them appealing to selected categories of consumer preferences.” Id. at 425. Accordingly, we decided that a video-sharing platform could permissibly impose content gatekeeping criteria that “were in the nature of (i) avoiding illegality and the risk of offending viewers and (ii) designing a website that would be appealing to users with particular interests.” Id. On the other hand, substantial influence for purposes of § 512(c)(1)(B) can exist “where the service provider instituted a monitoring program by which user websites received ‘detailed instructions regard[ing] issues of layout, appearance, and content.’” Viacom, 676 F.3d at 38 (alteration in original) (quoting Cybernet, 213 F. Supp. 2d at 1173); see also Wolk, 840 F. Supp. 2d at 748 (“[S]uch a right and ability

23-7652 to control must take the form of prescreening content, rendering extensive advice to users regarding content and editing user content.”). Like our analysis of § 512(c)(1), the relevant inquiry here is whether the image pipeline Shutterstock has constructed—which begins with its lengthy guidelines for successful submissions and ends with manual image review— enables Shutterstock to exercise substantial control over the images that appear on its platform. There is evidence in the record suggesting “intrusions into user autonomy over their posts” that exceed the bounds set by Congress for the § 512(c) safe harbor. Vimeo II, 125 F.4th at 425. As an initial matter, Shutterstock screens every image before it appears on the platform—this screening determines whether an image ever gets on the platform. By way of contrast, in Vimeo II, “[c]alling attention to selected videos by giving them a sign of approval or displaying them on a Staff Picks channel . . . did not restrict the freedom of users to post whatever videos they wished.” Id. Also in contrast to Vimeo II, there is evidence here that Shutterstock’s image review goes beyond the limited purposes of restricting the site to “selected categories of consumer preferences” and excluding unlawful images. Id. Rather than engaging in categorical content screening—like accepting

23-7652 only holiday-themed images, or images that feature animals—Shutterstock appears to screen user images for their overall aesthetic quality. Curating a “collection,” J. App’x at 1071, of high-quality images is not the same as designing a website “that would be appealing to users with particular interests,” Vimeo II, 125 F.4th at 425. Further, as McGucken has argued, there is some evidence in the record that Shutterstock extensively advises potential contributors on the types of images it is likely to accept. See J. App’x at 1071–88. That is unlike the service provider in Vimeo II, which “encouraged users to create certain types of content,” but did not condition their ability to post material on whether they created the provider’s preferred types of content. Vimeo II, 125 F.4th at 416. Indeed, in Vimeo II, we cited a website’s practice of giving “its users extensive advice on content” as one fact that can distinguish a service provider that has the right and ability to control infringing activity from one that does not. Id. at 423 (citing Cybernet, 213 F. Supp. 2d at 1173). Accordingly, on the current record, a reasonable factfinder might conclude that the advice and instruction Shutterstock provides its contributors, coupled with its image screening process, are sufficiently coercive to constitute substantial influence.

23-7652 Finally, for the same reasons articulated above, the duration of Shutterstock’s image review and its 93 percent approval rate are relevant facts, but they are not dispositive. See supra Section II.B.3. Ultimately, it is the factfinder’s role to determine the degree and significance of Shutterstock’s solicitation and screening of user content. CONCLUSION For the foregoing reasons, the District Court’s ruling is AFFIRMED on McGucken’s false CMI claims brought under 17 U.S.C. § 1202(a)–(b) and VACATED on McGucken’s copyright infringement claims brought under 17 U.S.C. § 106. We REMAND to the District Court for further proceedings consistent with this opinion. As summarized above, § 512(c)(1)(B) requires, in full, that the service provider “does not receive a financial benefit directly attributable to the infringing activity, in a case in which the service provider has the right and ability to control such activity.” Because the District Court ruled in Shutterstock’s favor on § 512(c)(1)(B) based on its conclusion that Shutterstock lacked the “right and ability to control” the infringing activity at issue in this case, it did not reach a conclusion as to the second § 512(c)(1)(B) prong: whether Shutterstock receives “a financial benefit directly attributable to the infringing activity.” We note that this prong may be relevant to proceedings on remand. McGucken’s argument for injunctive relief is unavailing. None of the 337 images identified in this lawsuit remain on Shutterstock’s platform, and Shutterstock sent “kill notices” to the third parties who licensed the images. J. App’x at 254. We see no grounds for injunctive relief under these circumstances.