The Electronic Commerce Directive (00/31/EC), in the footsteps of the 2000 Lisbon European Council, aim was set to ensure the free movement of “Information Society Services” throughout the European Community. To encourage greater use of E-commerce by breaking down barriers across Europe and to boost consumer confidence and trust by clarifying the rights and obligations of businesses and consumers.
To develop secure transactions inside the Internal Market to be able to compete with the rest of the world – by creating the European Regulatory Framework similar to the US DCMA. the Directive came after a German case in which a managing director of an ISP was sentenced to prison for pornography unknowingly held on its servers. Although the decision was reversed on appeal, it drew attention to the need for clear guidelines on the liability of ISPs, especially when they do not have knowledge of the infringing material
The E-Commerce Directive has been since implemented in all EU countries establishing a protection from liability for internet intermediaries.
In principal, ISPs are secured as long as they remain passive in transmitting information and avoid liability for third party content.
Would they become active and start monitoring or judging the legality of the content, that they turn liable for this content as publisher or editor.
The Article 15 of the Directive has clearly removed any obligation on service providers to monitor content in order to qualify for these immunities.
Coming out of its passive role ISPs might consequently risk to undergo liability for content. The giant search Engine Google has always argued it could not act on its search results as his indexing were automated by its secret algorithm.
However, the E-commerce Regulations designed as a shield to protect ISPs, could turn to a stick with which, ISPs that monitor activities, may be beaten
ISPs compliance with notice and take down orders
ISPs are asked to respond ‘surreptitiously’ to a Notice of take down that they usually won’t have the opportunity to verify.
In this respect, the Dutch liberty organisation Bits of Freedom* SANE and its Director, Sjoera Nas, had directed a research studying the EU safe harbour :
An initial comparison with the procedure of notice and take down in the USA under Scetion 512 of the 1998 Digital Millennium Copyright Act. It is stipulated that all categories of service providers qualify for the safe harbour provisions, access, caching, hosting and service as search engines.
The legal safe harbour consists of 5 elements.
• a complaint must identify himself and the infringements exactly
• plaintiff and the customer must act ‘in good faith’, on penalty for perjury.
• the provider must block the material upon receipt of the complaint and inform the customer
• materials must be put-back in 10, maximum 14 business days after a counter notice
• identification data can only be obtained with a subpoena
In conclusions the study found that :
‘Compared with these Safe Harbour provisions, the European legislation leaves plenty of room for doubt and misguided judgement by providers. There are no criteria to validate complaints and counter notices and there are no arrangements for the hand-over of customer data, besides general privacy principles that do allow voluntary hand-over. More-over there is no obligation in Europe to inform the customer and there are no legal guarantees to protect the freedom of speech.
Though a put-back procedure is not the ideal solution, since it leaves room for fanatics like Scientology to shut-down website and instigate long legal procedures, at least it gives some kind of guarantee to internet users their counter claim is taken seriously.’
The case mentioned refers to an action where the sect of Scientology was opposed to the Dutch author Karin Spaink and 20 providers that hosted copies of the Fishman Affidavit on her home-page. The claim was rejected in the basis of freedom of expression prevailing upon copyrights. In 2003, the Court of Appeal in The Hague recognized the copyright of Scientology, but found that Spaink’s publication should be allowed on the basis of the article 10 ECHR (freedom of speech) due to its informative character.
The Multatuli project: http://www.bof.nl/docs/researchpaperSANE.pdf
Such Systematic take down results on breach of privacy and freedom of speech.
Regulation 22 provides a non-exhaustive list of factors which a court will consider in determining whether actual notice has been issued to the service provider. These include whether the service provider has received a notice through any means of contact that the service provider has made available in compliance with regulation 6(1)(c).
Regulation 6(1) requires the service provider to make certain information available to the user “in a form.which is easily, directly and permanently accessible”. Regulation 6(1)(c) refers to contact details of the service provider, including email addresses, which permit rapid and direct communication. This requirement can be easily fulfilled by placing an obvious link on an institution’s homepage which points to email, telephone and other contact details. A dedicated email address for dealing with complaints may be helpful, provided that it is checked at least daily for incoming mail.
Other factors which a court should consider under Regulation 22 are:
the extent to which any notice includes
– the full name and address of the sender of the notice;
– details of the location of the information in question; and
– details of the unlawful nature of the activity or information in question.”
Failure to react promptly
The Regulations’ expectation is for ISPs to react ‘Expeditiously’.
In the Mumsnet case, the ISP had failed to react ‘expeditiously’ to take down content. Based on this obligation, ‘Mumsnet’ was sued by the child-care author Gina Ford for defamatory comments made in their site forums and not taken down expeditiously. The case was settled out of court, Mumsnet consenting to present apologies and payment of damages. However, the question of speed of reaction remained. It is now generally expected a prompt reaction within two working days.
The actual knowledge
The ISP benefits from the immunity until it has no actual knowledge of the infringement. Once it has been notified, the content has to be removed.
In the case of Bunt v Tilley (2006), on the question of publication of defamatory allegations, the court held that : “an ISP which performs no more than a passive role in facilitating postings on the internet cannot be deemed to be a publisher at common law.”. However, the ISP is likely to be liable “if a person knowingly permits another to communicate information which is defamatory, when there would be an opportunity to prevent the publication, there would seem to be no reason in principle why liability should not accrue.”
The ISP is considered to have actual knowledge if he has acted as the actual publisher or, if having been noticed, did not took the appropriate measures to prevent the infringement.
In the UK, Regulation 19 stipulates (a)(i) (the ISP) ‘does not have actual knowledge of unlawful activity or information, where a claim for damages is made, is not aware of facts or circumstances from which it would have been apparent to the service provider that the activity or information was unlawful;’
The regulation 22 additionally gives a non-exhaustive list of factors which might constitute the “actual knowledge”.
Another interesting experiment was run in the summer 2003 by the Oxford Centre for Socio-Legal. A similar but wider experiment that was run by Bits of freedom. They created two mystery shoppers one in the US and one in the UK, with a section of John Stuart Mills ‘On Liberty’, published in 1869 and hence freely useable in the public domain clearly indicating “The text is freely available throughout the web.” They then sent bogus notice of take down. ‘The result was shocking’ reports Sjoera Nas, the UK provider removed the homepage, simply following procedure. http://pcmlp.socleg.ox.ac.uk/sites/pcmlp.socleg.ox.ac.uk/files/liberty.pdf
Overall, ISPs found it challenging to comply to the spirit of the regulation. By fear of responsibility, mostly, they tend to systematically remove without prior verification of the content or the seriousness of the complaint. In most cases. The Oxford study shows that ISPS often even failed to notify the customer about the complaint while the identity of the complainer was not even real or at least not complying with Regulation 22.
A slippery move back towards shooting the messenger rectified
The court positions are not harmonious within the European countries. However, a general move towards the liability of ISPs can be seen in countries of civil law.
The French HADOPI, anti-counterfeiting institution, has created an article L 326-2 on the Intellectual Property Code (IPC) allowing copyright holders to ask the Tribunal of Grande Instance to order necessary protective measures to put an end to copyright infringements. The French courts then slipped from the notice and take down measures to a creation of a notice a stay down obligation for ISPs.
ISPs were already uncomfortably asked to be judge and jury, as part of their obligations from the eCommerce Directive, to decide when to act upon a take down notice with no element of verification. The new obligation resulting of the article L 326-2 if ordered by the judge would ask them to monitor the activities of a counterfeiter. By doing so, they will become liable. ISP immunity being knowledge based. By monitoring or filtering the ISP is not anymore a mere conduit. A dangerous move towards a publisher or editor to therefore become liable. This goes exactly against the principals of the directive.
Since 2007, some French court d’Appel had self created a new rule imposing to intermediaries the obligation to monitor subsequent publications of materials previously notified as infringing.
The three decisions of the Court of Cassation on 12 July 2012, wisely reestablished the situation ruling that general monitoring obligation, would be contrary to applicable law. The obligation belongs to copyright holders to notify each new infringement linked to the same material as Eu does not have the single publication principal as in the DMCA. A big victory for Google search.
Google & Aufeminin.com v. Mr. X http://www.courdecassation.fr/jurisprudence_2/premiere_chambre_civile_568/827_12_23881.html
Since recently Twitter has started to hand pick tweets and notify its users by email. It would be interesting to see what the court position will be with regard to infringement of these selected tweets manually monitors and promoted by the ISP.