In a significant decision addressing personal jurisdiction in the digital age, the United States District Court for the District of Kansas dismissed claims against a Spanish-operated adult-content website, holding that the website’s use of content delivery networks (CDNs), cookies, geolocation technology, and advertising revenue did not establish sufficient contacts with Kansas to satisfy constitutional due process requirements.
The Case
In Q.R., a minor, by and through Jane Doe v. Pump Lab, SL, Case No. 6:25-cv-01095 (D. Kan. June 22, 2026), a Kansas plaintiff alleged that a foreign pornography website violated Kansas’s age-verification statute by allowing a minor to access adult content.
The defendant, Pump Lab, SL, is a Spanish company that operates a free, globally accessible website. The company has no employees, offices, property, servers, or business registrations in Kansas. Although Kansas residents could access the site, Kansas traffic represented less than one-tenth of one percent of total site visitors.
The Court’s Analysis
The central issue was whether the defendant had “purposefully directed” its activities toward Kansas, a prerequisite for specific personal jurisdiction under the Due Process Clause.
The plaintiff argued that jurisdiction existed because the website:
- Used CDNs that accelerated content delivery near Kansas;
- Employed geolocation technology;
- Generated advertising revenue from website traffic;
- Installed cookies and collected user data; and
- Knew Kansas residents were accessing the site.
The Court rejected each argument.
CDN Infrastructure Is Not Forum Targeting
The plaintiff relied heavily on the defendant’s use of sophisticated CDN technology to improve website performance.
The Court held that merely deploying CDNs to improve website speed and accessibility worldwide does not demonstrate an intent to target a particular state. The defendant’s CDN infrastructure was designed to optimize delivery everywhere, not specifically in Kansas.
The Court warned that treating ordinary internet infrastructure as a basis for jurisdiction would effectively create universal jurisdiction over website operators, contrary to longstanding constitutional limitations.
Geolocation and Blocking Technology Did Not Create Jurisdiction
The Court also found that the defendant’s ability to identify user locations and later block Kansas traffic did not establish purposeful direction toward Kansas.
Knowledge that users from a particular state access a website may be relevant, but it is not enough standing alone. The Court emphasized that personal jurisdiction requires intentional conduct directed at the forum, not merely awareness that users happen to reside there.
Importantly, the Court rejected the argument that because the website could have blocked Kansas users earlier, its failure to do so demonstrated purposeful targeting of Kansas.
Advertising Revenue Was Too Attenuated
The website generated revenue through a third-party advertising network.
The Court found that any Kansas-related advertising contacts resulted primarily from the actions of third-party advertisers rather than the defendant itself. Revenue was calculated on a country-by-country basis rather than a state-by-state basis, and the defendant did not control which advertisements were shown to Kansas users.
As a result, the advertising relationship did not establish the defendant’s purposeful contacts with Kansas.
Cookies and Data Collection Presented an Interesting But Unsuccessful Theory
The plaintiff also argued that the website’s installation of cookies and collection of user data created jurisdiction.
Although the Court acknowledged that data-collection cases may support jurisdiction under certain circumstances, it distinguished recent privacy-focused decisions because the plaintiff’s claims were not based on data collection or privacy injuries.
Instead, the claims arose from alleged access to adult content. Because the asserted injuries did not arise from the cookies or data collection practices themselves, those contacts could not support specific personal jurisdiction.
Jurisdictional Discovery Denied
The plaintiff sought broad jurisdictional discovery, including nineteen categories of requests and a Rule 30(b)(6) deposition.
The Court denied the request, finding that additional discovery would not alter the legal analysis. According to the Court, the problem was not a lack of jurisdictional facts — it was the absence of a viable jurisdictional theory.
Key Takeaways for Website Operators
This decision provides important guidance for internet-based businesses, particularly foreign operators facing litigation in U.S. courts:
- Globally accessible websites remain subject to constitutional jurisdictional limits. Mere accessibility from a state is insufficient.
- Standard internet technologies are generally not enough. CDNs, cookies, geolocation tools, and performance optimization features do not automatically constitute forum targeting.
- Knowledge of user location does not equal purposeful direction. Courts continue to require evidence that a defendant intentionally targeted the forum state.
- Claims must arise from the alleged forum contacts. Even if data collection could create jurisdiction in some circumstances, plaintiffs must show a connection between those contacts and the asserted injury.
- Foreign website operators remain protected by traditional due process principles. Courts continue to resist theories that would effectively subject globally accessible websites to suit everywhere they can be accessed.
Silverstein Legal Perspective
This decision reflects an increasingly important trend in internet-jurisdiction cases: courts are distinguishing between technologies that make a website universally accessible and conduct that intentionally targets a specific forum. As states continue adopting age-verification, privacy, and online-content regulations, plaintiffs will likely continue testing the limits of personal jurisdiction over foreign and out-of-state website operators.
Businesses operating online – particularly those serving users nationwide or globally – should regularly evaluate their content-delivery practices, advertising arrangements, user-targeting mechanisms, and compliance programs to understand where jurisdictional exposure may arise.
Related Articles
