INTERNET SERVICE PROVIDERS (ISPs)

Internet service providers (ISP): any person or entity providing an "information society service," which means any services provided for remuneration at a distance by electronic means (e.g., Internet services). ARTICLE 1.2 of EU DIRECTIVE 98/34/EC.

Therefore, a company providing individuals and other companies access to the Internet and other related services such as

-          web site building and

-          hosting,

-          internet access, 

-          internet transit, 

-          domain name registration,

-          web hosting,

Potential liability for storing and making available materials provided by others.

Which kind of liability?

•       Defamation, (search engine results linking to defamatory content)

•       Contract and fraud (misrapresentation, false information, etc)

•       Data protection

•       Illegal and harmful content (pornographic material, racist or terrorist)

•       Copyright infringement (Web sites with links to information about getting unauthorised access to pay TV, websites offering P2P download links, unauthorized reproduction of pictures)

•       Trademark infringement

The cross-border nature of internet and the massive global diffusion of messages, images, video and any other kind of communication that can be placed into the web by entities of by individuals, can create difficulties in identifying the individuals responsible for the offenses committed on the world wide web. The problem of the concrete identification of the offender arises.

How to identify the responsible?

The cross-border nature of internet and the massive global diffusion of messages, images, video and any other kind of communication that can be placed into the web by entities of by individuals, can create difficulties in identifying the individuals responsible for the offenses committed on the world wide web.

The problem of the concrete identification of the offender arises.

ISP liability
CompuServe case “the beginning”

Cubby, Inc. v CompuServe, Inc (US District Court for the Southern District of New York 1991)

Compuserve (ISP) was absolved from liability for content hosted on its servers.

Compuserve hosted allegedly defamatory content in one of its forums, a newsletter called "Rumorville" that provided news and gossip pieces about the journalism industry and individual reporters.

Cubby, Inc. developer of a competing news source called "Skuttlebut" claimed that Rumorville had published false and defamatory remarks about Skuttlebut and brought action against CompuServe itself, alleging that as a publisher, CompuServe was liable for the statements of its authors.

The Court dismissed all claims against CompuServe, ruling that the ISP was a distributor and, as distributor, it must have first-hand knowledge of the contents of a publication before liability is imposed. Compuserve had no knowledge and no opportunity to review Rumorville's contents before his author uploads it onto CompuServe's computer banks”,

Court ruled "CompuServe has no more editorial control over such a publication than does a public library, book store, or newsstand, and it would be no more feasible for CompuServe to examine every publication it carries for potentially defamatory statements than it would be for any other distributor to do so."

ISP liability
From Stratton to “CDA” and “DMCA”

•       A couple years later, a court in Stratton Oakmont v. Prodigy Services held that Prodigy, another ISP, was responsible for user-uploaded content because it exercised more editorial control over its articles than did CompuServe.

•       A break from the Cubby decision, representing an expansion of liability for ISPs.

•       After this case US Congress passed two legislations.

1)      The Communications Decency Act of 1996 (“CDA”) which provides immunity for most third-party content. The ISPs cannot be treated as the “publishers or speakers of any information” provided by a third party content provider, even when the service provider makes the information available to the public.

2)      Digital Millennium Copyright Act of 1998 (“DMCA”), introduced a regime of different degrees of liability for the internet service providers. In particular, the s.512 contains detailed rules for the limitation of intermediary liability in case of copyright infringements.

According to the Sixth Circuit Court of Appeals the CDA would protect TripAdvisor from liability for users’ potentially defamatory statements allowed to post comments on its site.

In Seaton v. TripAdvisor LLC, a hotel owner sued TripAdvisor after his hotel was ranked number one on TripAdvisor’s “2011 Dirtiest Hotels” list.

The Sixth Circuit said in a footnote that the website “cannot be held liable for its users’ statements” under the CDA.

EU LEGAL FRAMEWORK

The Directive 2000/31/EC of the EU Parliament and of the Council of 8 June 2000 “on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market” (known as the “E- Commerce Directive”) has been issued in order to resolve, among the others, the issues related to the ISPs liability.

It contains some provisions, specifically devoted to govern the matter of Internet Service Provider liability (articles 12-15) and it is inspired by the provisions set forth in the US Digital Millennium Copyright Act (DMCA).

Such Directive was differently transposed within the Member States legislations.

E-Commerce Directive

Key aims

-          To address the disparities in Member States’ legislation and case law with regard to the liability of information society service providers acting as intermediaries.

-          set forth a series of exemptions from liability with regards to specific activities included in Articles 12-15.

According to these exemptions (also known as “safe harbors”) ISPs providing those services cannot be deemed liable for the third-party content they transmit, cache or host, provided that they meet the requirements set forth in the relevant provisions

E-Commerce Directive (Art.12)
“Mere conduit”

“1. Where an information society service is provided that consists of the transmission in a communication network of information provided by a recipient of the service, or the provision of access to a communication network, Member States shall ensure that the service provider is not liable for the information transmitted, on condition that the provider:

(a) does not initiate the transmission;

(b) does not select the receiver of the transmission; and

(c) does not select or modify the information contained in the transmission.

2. The acts of transmission and of provision of access referred to in paragraph 1 include the automatic, intermediate and transient storage of the information transmitted in so far as this takes place for the sole purpose of carrying out the transmission in the communication network, and provided that the information is not stored for any period longer than is reasonably necessary for the transmission.

3. This Article shall not affect the possibility for a court or administrative authority, in accordance with Member States' legal systems, of requiring the service provider to terminate or prevent an infringement.

ISPs are exempted from liability concerning acts of transmission of information on the world wide web if they have a passive role as conduits of information for the service recipient.

Examples: access providers

Conditions to be meet:

a)      ISP may not decide to carry out the transmission;

b)      ISP may not select the transmission receivers;

c)       ISP may neither select nor modify the information contained in the transmission.

E-Commerce Directive (Art.13)
Caching

“1. Where an information society service is provided that consists of the transmission in a communication network of information provided by a recipient of the service, Member States shall ensure that the service provider is not liable for the automatic, intermediate and temporary storage of that information, performed for the sole purpose of making more efficient the information's onward transmission to other recipients of the service upon their request, on condition that:

(a) the provider does not modify the information;

(b) the provider complies with conditions on access to the information;

(c) the provider complies with rules regarding the updating of the information, specified in a manner widely recognised and used by industry;

(d) the provider does not interfere with the lawful use of technology, widely recognised and used by industry, to obtain data on the use of the information; and

(e) the provider acts expeditiously to remove or to disable access to the information it has stored upon obtaining actual knowledge of the fact that the information at the initial source of the transmission has been removed from the network, or access to it has been disabled, or that a court or an administrative authority has ordered such removal or disablement.

2. This Article shall not affect the possibility for a court or administrative authority, in accordance with Member States' legal systems, of requiring the service provider to terminate or prevent an infringement.”

In case of receiving notification in order to remove the cached material from the network, or to disable access to the material, the intermediary must act expeditiously to do so. 

Court order? Which kind of authority?

Search engines: The role of search engines must also be considered. Are they really neutral? Or do they create a sort of parallel reality for the average Internet user?

the process by which search engines produce snippets for web users might be classified as modification of the content, and thus prevent them from relying on the caching defence.

Number of decisions that confirm the responsibility of search engines: in the UK the judgement of the Royal Courts of Justice on 14 February 2013, in Australia in the case of Trkulja vs. Google on 12 November 2012 and finally in France, the judgement of the Grand Instance Court of Paris, which convicted Google of defamation with its judgement on 8 September 2010.

Cases law frequently seek interpretative solutions to overcome the provision of the law.

(Court of Milan, April 12, 2010, reformed by the Milan Court of Appeal on December 21, 2012) is emblematic.

Action against Google’s managers who were initially accused and charged by the Milan Court of First Instance with six months in prison for uploading a video where a disabled child was bullied by his classmates and sharing it via the website www.video.google.it. The ratio of the decision grounds on unlawful data protection punished by art. 167 of the Italian Privacy Code.

Court of Appeal reversed the decision of the Court of First Instance by declaring that the action could not constitute grounds of a charge of unlawful data processing and excluded the managers’ responsibility. 

The Court specified that, considering the nature of the service offered, the host provider doesn’t have to supervise data uploaded by a third party, neither does it have to inform the third party about the personal data processing rules. Nevertheless the host provider has to immediately remove contingent unlawful contents in case the authority in charge orders to do so.

The Court declared that Google Italy and its administrators are merely Internet host providers: they simply provide an online platform where users can freely upload videos, of which content the users are exclusively in charge. the Court, quoting the General Advocate conclusions that were presented in front of the EU Court of Justice in case C-131/12, stated that the status of personal data processor, on the contrary, amounts to the host provider when it directly affects the research index structure, for instance, making it easier or more difficult to find a specific website.

E-Commerce Directive (Art.14)
Hosting

“1. Where an information society service is provided that consists of the storage of information provided by a recipient of the service, Member States shall ensure that the service provider is not liable for the information stored at the request of a recipient of the service, on condition that:

(a) the provider does not have actual knowledge of illegal activity or information and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or information is apparent; or

(b) the provider, upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information.

2. Paragraph 1 shall not apply when the recipient of the service is acting under the authority or the control of the provider.

3. This Article shall not affect the possibility for a court or administrative authority, in accordance with Member States' legal systems, of requiring the service provider to terminate or prevent an infringement, nor does it affect the possibility for Member States of establishing procedures governing the removal or disabling of access to information.”

Different levels of knowledge, depending on the type of claim asserted against the service provider.

Furthermore, service providers must expeditiously remove, or block access to, such information once they are aware of their unlawful nature.

1. Where an information society service is provided that consists of the storage of information provided by a recipient of the service, Member States shall ensure that the service provider is not liable for the information stored at the request of a recipient of the service, on condition that:

(a) the provider does not have actual knowledge of illegal activity or information and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or information is apparent; or

(b) the provider, upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information.

2. Paragraph 1 shall not apply when the recipient of the service is acting under the authority or the control of the provider.

3. This Article shall not affect the possibility for a court or administrative authority, in accordance with Member States' legal systems, of requiring the service provider to terminate or prevent an infringement, nor does it affect the possibility for Member States of establishing procedures governing the removal or disabling of access to information.”

Different levels of knowledge, depending on the type of claim asserted against the service provider.

Furthermore, service providers must expeditiously remove, or block access to, such information once they are aware of their unlawful nature.

E-Commerce Directive (Art.14)
Hosting (illegal activity)

The E-Commerce Directive does not define the notions of "illegal activity" or "illegal information".

Does the liability exemption of Article 14 applies to any content which is considered to be illegal according to EU or national legislation?

Web sites containing infringements of intellectual property rights (such as trademark or copyright infringements), but also sites containing child pornography, racist and xenophobic content, defamation, incitements to terrorism or violence in general, illegal gambling offers, illegal pharmaceutical offers, false or fraudolent banking services (phishing), data protection infringements, illicit tobacco or alcohol advertisements, unfair commercial practices or breaches of the EU consumer rights.

E-Commerce Directive (Art.14)
Hosting (act expeditiously)

Most Member States have transposed the condition of removing or disabling expeditiously literally, but some Member States have chosen a slightly different wording than the text of the E-Commerce Directive.

For instance:

• Some countries only requires that illegal information is disabled, but does not require the removal;

• others has implemented an obligation to remove information but not one to disable information or have introduced a general obligation "to prevent further dissemination" without specifying the means for doing this or exempt providers from contractual liability for blocking content if they have disabled information following an injunctive relief against the provider.

In Italy

E-Commerce Directive (Art.15)
No obligation to monitor

“1. Member States shall not impose a general obligation on providers, when providing the services covered by Articles 12, 13 and 14, to monitor the information which they transmit or store, nor a general obligation actively to seek facts or circumstances indicating illegal activity.

2. Member States may establish obligations for information society service providers promptly to inform the competent public authorities of alleged illegal activities undertaken or information provided by recipients of their service or obligations to communicate to the competent authorities, at their request, information enabling the identification of recipients of their service with whom they have storage agreements.

E-Commerce Directive

E-Commerce Directive v DMCA - Major differences

•       EU Directive does not focus exclusively on liability arising from copyright infringement, it covers intermediaries’ liability for any kind of unlawful content provided by their users.

•       EU Directive does not provide for a procedure to notify intermediaries of the presence of unlawful material, and to ask them to take it down (the “notice and take down” procedure,  a key element of the DMCA).

•       Left to the self-regulation system and the national law.

•       Differently from DMCA the EU Directive does not establish a safe harbor for information location tools.

DMCA: “a service that refers or links users to an online location on the World Wide Web. Such term includes directories, indices, references, pointers, and hypertext links.”

Every 2 years the EU Commission shall submit a report concerning the application of the Directive and the proposals for adapting it to the developments of the technology, law and economy.

No mention to information location tools is still available

HYPERLINKING

Therefore the exemptions provided by the EU Directive are not available for hyperlinking activity even if the hyperlink supplier dissociates himself from the linked web site’s (unlawful) content.

INTERNET SERVICE PROVIDERS (ISPs)

Both DMCA and E-commerce Directive state that a hosting service provider can be liable for third party content only if it has actual knowledge or sufficient awareness of the illicit character and did not act expeditiously to remove such content after obtaining such knowledge.

Problems

a)      Knowledge standards (huge discrepancy)

b)      Effect? No monitor obligation/yes specific injunctions (under national legislation)

Example of take down procedure under DMCA

A uploads a video with a file of singer B’s song on www.youtube.com

B finds A's file and through his lawyer, sends a letter to YouTube's designated agent including:

–      contact information

–      the name and address of the copied file

–      a statement that he has a good faith belief that use of the material in the manner complained of is not authorized

YouTube takes the video down.

YouTube tells A that they have taken the video down.

A has the option of sending a counter-notice to YouTube, if he feels the video was taken down unfairly.

If A does file a valid counter-notice, YouTube notifies B.

If B does not file a lawsuit, YouTube may put the material back up.

National case law

Divergent national case law has emerged particularly in regard to the application of liability exemptions to "new services", location tool services and hyperlinking services.

• "TV Links" (R v Rock and Overton), the UK Court ruled that a hyperlinking website was a mere conduit activity that could benefit from the liability exemption of Article 12 ECD;

• "Copiepresse" case (Copiepresse et al vs. Google Inc.) Belgian Court ruled that the ECD was not relevant for the liability of a news search service because that service would be actively editing content and could therefore not be considered an intermediary service provider;

• in "Thumbnails" case the Bundesgerichtshof (German Court) considered in an obiter dictum (the focus of the case being copyright) that an image search service could benefit from the liability exemption for hosting ex. Article 14 ECD.

With regards to video-sharing sites:

• In Magdane vs. Dailymotion the French Court confirmed that video-sharing sites can benefit from the liability exemption for being only an hosting provider. The fact that DailyMotion received advertisement revenues or that put in place a specific architecture allowing it to format and to encode certain content was irrelevant in determining whether it was a hosting service provider or not. It does not provide for a selection of content;

• In Peterson v Google Inc and others the German Court ruled that a video sharing site for videos uploaded by third parties cannot benefit from a liability exemption when it presents the uploaded content as its own content.

In particular, YouTube could not benefit from a liability exemption for hosting providers as,

-          it provides a specific layout of the website and YouTube's logo is shown in rather big letters above the playing video;

-          It provides links to related videos;

-          it displays commercial video clips and not only content that expresses a personal opinion.

-          the user cannot tell at first sight that the videos were uploaded by the user and not by YouTube;

-          The web site suggests that YouTube exercises editorial control as it suggests certain videos;

-          it actively connects advertisements to uploaded videos;

-          under YouTube's Terms and Conditions it can use the content uploaded on its site as its own content.

With regards to video-sharing sites:

In Italy the Civil Court of Rome (RTI and others vs. YouTube and others) also considered that a video-sharing site could not benefit from a liability exemption.

YouTube was not to be regarded as a hosting provider but as a "digital broadcaster" and was consequently considered fully responsible for the published content.

PirateBay (peer to peer file sharing services) has been differently considered by the Courts

The Italian Court of Cassation considered that it was not a hosting service provider.

The Stockholm District Court, without providing details of its argumentation, stated that it should be considered a hosting service provider. However, PirateBay was not held to fulfil the requirements to benefit from a liability exemption for hosting activities since it had knowledge of the infringements committed through its service and did not act against it.

ACTUAL AND FUTURE DEVELOPMENTS

E-commerce directive issued to encourage the development of the e-commerce

NOW Huge pressure on ISPs

Google transparency report

https://www.google.com/transparencyreport/removals/government/?hl=en-GB

Rights Holders Pressure for Anti-Piracy Measures

Rights holders companies have lobbied the European Parliament and Member States for greater responsibility on the part of ISPs to police their networks and implement anti-file sharing technologies. In a memo sent to European policy-makers, such lobby called on regulators to pressure ISPs to adopt one or more technologies to reduce online piracy: such as content filtering, protocol blocking and blocking access to known infringing websites.

French ISP Anti-Piracy Accord

In November 2007 the French government reached an historic agreement between the film and music industries and that country's significant ISPs.  A special Commission, created by French president Nicolas Sarkozy announced the creation of an Administration Authority to receive complaints concerning piracy infringements  from the rights holders which will be forward to the appropriate ISP for action. 

ISP’s action is called "three strikes and you're out”:

-          by the first message to the illegal user is a warning to cease the infringing activity,

-          the second message threatens or can result in suspension of service,

-          in the event of a third infringement by the end-user - termination of service.

-          Problem of fair balancing between the rights at stake.

-          Freedom of expression

-          (a fundamental right as acknowledged by the European Convention  on Human Rights - art.10)

-          v

-          Rights of Copyright holders

-          It is not clear how the courts will deal with extending blocking techniques to all the illegal users without contrasting with the general prohibition of art.15 of the E-Commerce Directive (no general obligation to monitor)  and the neutral role of ISPs it wants to preserve.

“NOTICE AND ACTION”PROCEDURE

EU Commission announced an initiative on “notice-and-action” procedures in the “Communication on e-Commerce and other online services (January 2012).

The procedure begin when someone notifies a ISP (social network, an e-commerce platform or a company that hosts websites) about an illegal content on the internet (racist content, child abuse content or spam). The procedures are concluded when a hosting service provider acts against the alleged illegal content.

Time and modalities are not clear so a new public consultation has been launched:

•             What is the scope of the term ‘hosting’ and which types of new services should it cover?

•             Should there be rules to avoid abusive notices, and what should they entail?

•             Should hosting service providers consult the providers of alleged illegal content before taking action?

•             How should the hosting service provider act with regard to illegal content and should there be an established sequence of actions?

•             How can unjustified actions against legal content be best prevented?

The EC was expected to provide a response to the consultation and its results in the course of 2013. In April 2013, the Commission issued a Staff Working Document entitled ‘E-commerce Action plan 2012-2015 – State of play 2013’. No mention of any specific measures taken other than the consultation and several workshops.

Future steps ? ‘the Commission services are working on an impact assessment of the notice-and-action procedures’.

ACTUAL AND FUTURE DEVELOPMENTS

Problem of fair balancing between the rights at stake.

Also serious privacy matters arise when an administrative body requires surveillance over a citizen.

Art. 8 (2) of the Human Rights Act allows some limitations of the right to privacy one enjoys only for, amongst others, “the protection of the rights and freedoms of others”, which could be the case when enforcing copyright.

In the Spanish case Promusicae v. Telefonica  a copyright holder asked the ISP to communicate the personal data of users of Kazaa to allow suing them in civil trial for copyright infringement. The court decided that there was no obligation under UE law for Member States to impose a duty to disclose personal data to ensure copyright protection.

In Italy a recent regulation on online copyright issued by AGCOM (Autorità per le Garanzie nelle Comunicazioni) wants to protect copyright holders up to blocking access to offending sites after a summary hearing of the parts involved. it is under review at the moment by the Italian Constitutional Court because of some critical constitutional issues: the fact that orders to limit the freedom of expression (a fundamental right) in favour of a so-called “economic freedom” should not come from a regulation of an executive body, but from an act of parliament, and together with the chance of battling them in court, not before a mere administrative authority.