L11 – INTERNET SERVICE PROVIDERS: ROLE AND LEGAL REGIME

What are ISPs?

  • Internet intermediaries bring together or facilitate transactions between third parties on the Internet. They give access to, host, transmit and index content, products and services originated by third parties on the Internet or provide Internet-based services to third parties.

Service providers and content providers

  • ISP LIABILITY PROVISIONS AS FRE SPEECH RULES
  • ACCESS PROVIDERS
  • CACHING PROVIDERS
  • HOSTING PROVIDERS
  • CONTENT PROVIDERS
  • SERVICE PROVIDERS

The origins of ISP liability in the US

  • Pre-Section 230 CDA decisions
    • Cubby v. Compuserve - 776 F. Supp. 135 (S.D.N.Y. 1991)
      • CompuServe was an Internet Service Provider, which hosted an online news forum
      • Cubby alleged that CompuServe was the publisher of third-parties defamatory statements, therefore it should have been held liable
      • CompuServe did not dispute the defamatory nature of the content. However, during the trial no evidence was presented showing that CompuServe either was aware or should have been aware of the existence of such defamatory content.
      • The Court excluded CompuServe liability, stating that “CompuServe has no more editorial control over such a publication than does a public library, book store, or newsstand, and it would be no more feasible for CompuServe to examine every publication it carries for potentially defamatory statements than it would be for any other distributor to do so”.
      • “A computerized database is the functional equivalent of a more traditional news vendor, and the inconsistent application of a lower (i.e. stricter) standard of liability to an electronic news distributor than that which is applied to a public library, book store or newsstand would impose an undue burden on the free flow of information: the appropriate standard of liability to be applied is whether CompuServe knew or had reason to know of the allegedly defamatory statements”
    • Stratton Oakmont v. Prodigy Serv. 1995 WL 323710 (N.Y. Sup. Ct. 1995)
      • Stratton Oakmont argued that Prodigy should be considered a "publisher" of anonymous statements posted on its bulletin board.
      • Under the common law of defamation, if Prodigy were considered a publisher, it could be held liable for the statements of the unknown user. Conversely, if it were found to be merely a "distributor," it could not be held liable unless it knew or had reason to know about the allegedly defamatory statements.
      • The plaintiffs pointed to Prodigy's "content guidelines," which stated rules that users were expected to abide by, a software screening program which filtered out offensive language, and the employment of moderators for enforcing the content guidelines.
      • The Court found that such representations and policies were sufficient to treat Prodigy as a publisher
      • The Court distinguished the case from that involving CompuServe, which was found merely to be an "electronic for-profit library" or repository and thus a passive distributor.
      • In particular, the court pointed to Prodigy's creation of an "editorial staff of Board Leaders who have the ability to continually monitor incoming transmissions." The court noted, however, that bulletin boards should normally be considered distributors when they do not exercise significant editorial control, as Prodigy had done.

Interactive computer service:

  • Any information service, system, or access software provider that provides or enables computer access by multiple users to a computer server, including specifically a service or system that provides access to the Internet and such systems operated or services offered by libraries or educational institutions.

Information content provider:

  • Any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet or any other interactive computer service.

The Communications Decency Act (1996)

  • Section 230 CDA – 47 USC §230(c)(1)
    • “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider”.
    • In passing the Communications Decency Act of 1996 the House explicitly stated its intent to overturn the result reached in the Prodigy case. It precludes courts from claims that would place a computer service provider in a publisher's role.
    • Lawsuits seeking to hold a service provider liable for its exercise of a publisher's traditional editorial functions - such as deciding whether to publish, withdraw, postpone or alter content - are barred.
  • Section 230 CDA – 47 USC §230(c)(2)
    • No provider or user of an interactive computer service shall be held liable on account of
      • Aany action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or
      • B any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in paragraph (1)

After the CDA…

  • Zeran v. America Online, Inc. - 129 F.3d 327 (4th Cir. 1997)
    • Zeran brought an action against AOL, arguing that it unreasonably delayed in removing defamatory messages posted by an unidentified third party, refused to post retractions of those messages, and failed to screen for similar postings thereafter.
    • The district court granted judgment for AOL on the grounds that § 230 CDA bars Zeran's claims. Zeran appealed, arguing that § 230 leaves intact liability for interactive computer service providers who possess notice of defamatory material posted through their services.
    • § 230, however, plainly immunizes computer service providers like AOL from liability for information that originates with third parties.
    • Congress' purpose in providing the § 230 immunity was evident: The amount of information communicated via interactive computer services is staggering. The specter of tort liability in an area of such prolific speech would have an obvious chilling effect. It would be impossible for service providers to screen each of their millions of postings for possible problems. Faced with potential liability for each message republished by their services, interactive computer service providers might choose to severely restrict the number and type of messages posted. Congress considered the weight of the speech interests implicated and chose to immunize service providers to avoid any such restrictive effect.

ISP and free speech on the Internet in the US:

  • Internet as the new «free marketplace of ideas».
  • Social media as a «modern public square».
  • Section 230 CDA + First Amendment
  • ISPs’ editorial freedom of censoring Internet users
  • The dark side of the Internet:
  • Should private platforms be bound by the rules of the First Amendment or be free to censor users according to their terms of service?

The US perspective: a recap

  • The CDA (47 US Code 230§)
    • THE ‘SAFE HARBOR’ PROVISION (SECTION 230)
      • No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.
      • NO LIABILITY FOR THIRD-PARTY CONTENT
    • THE ‘GOOD SAMARITAN’ CLAUSE
      • No provider or user of an interactive computer service shall be held liable on account of any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected

Copyright enforcement and ISP liability in the US

  • The rise of the notice-and-take down regime
  • The Digital Millennium Copyright Act: 17 U.S.C. §512
    • A service provider shall not be liable for monetary relief, or for injunctive or other equitable relief, for infringement of copyright by reason of the storage at the direction of a user of material that resides on a system or network controlled or operated by or for the service provider, if the service provider:
      • (A)
        • (i) does not have actual knowledge that the material or an activity using the material on the system or network is infringing;
        • (ii) in the absence of such actual knowledge, is not aware of facts or circumstances from which infringing activity is apparent; or
        • (iii) upon obtaining such knowledge or awareness, acts expeditiously to remove, or disable access to, the material;
      • Bdoes not receive a financial benefit directly attributable to the infringing activity, in a case in which the servie provider has the right and ability to control such activity; and
      • Cupon notification of claimed infringement responds expeditiously to remove, or disable access to, the material that is claimed to be infringing or to be the subject of infringing activity.

The US perspective

  • The DMCA (17 US Code 512§)
    • THE RULES ON COPYRIGHT
      • With respect to copyright infringement, the ISP is not liable if it does not receive a financial benefit directly attributable to the infringing activity, in a case in which the service provider has the right and ability to control such activity
      • upon notification of claimed infringement, it responds expeditiously to remove, or disable access to, the material that is claimed to be infringing or to be the subject of infringing activity.
      • Notice and take down

The EU perspective

  • From the e-Commerce Directive to the DSA
    • E-Commerce Directive (Directive 2000/31/EC)
    • Judicial activism of the CJEU
    • New season for content regulation (including DSA)

The EU perspective

  • The e-Commerce Directive
    • FOLLOWING THE AMERICAN MODEL
      • Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’).
      • Introduction of policies inspired by the US framework with a view to enhancing freedom of expression.
      • Recognition that Internet intermediaries can facilitate communication; protect freedom of expression; provide avenues for democratic participation

The EU perspective

  • The e-Commerce Directive
    • MERE CONDUIT PROVIDERS (ART. 12)
      • The service provider consists of the mere transmission of information or the mere provision of access to a communications network
      • The ISP is not liable for the information transmitted if it does not initiate the transmission, does not select the receiver of the same and does not select or modify the information contained in the transmission.
    • CACHING PROVIDERS (ART. 13)
      • The service provided consists of the temporarily storage of information
      • Liability exemptions apply only if the acts of transmission and of provision of access include the automatic, intermediate and transient storage of the information transmitted in so far as this takes place for the sole purpose of carrying out the transmission in the communication network, and provided that the information is not stored for any period longer than is reasonably necessary for the transmission.
    • HOSTING PROVIDERS (ART. 14)
      • The service provided consists of the permanent storage of information (e.g., YouTube, Google Video, Facebook)
      • Liability exemption stands if the hosting provider:
        • has no actual knowledge of illegal activity or information and, as regards claim for damages, is not aware of facts or circumstances from which the illegal activity or information is apparent;
        • upon obtaining such knowledge or awareness, acts promptly to remove or to disable access to the concerned information.
          • Of course, liability exceptions do not apply if the author of the content is acting under the authority or the control of the hosting provider

The EU perspective

  • The E-Commerce Directive
    • European and national trends: the evolving liability regime applicable to ISP
      • Which assumptions behind the E-Commerce Directive (and Section 230 CDA)?
        • Recital 42: «The exemptions from liability established in this Directive cover only cases where the activity of the information society service provider is limited to the technical process of operating and giving access to a communication network over which information made available by third parties is transmitted or temporarily stored, for the sole purpose of making the transmission more efficient; this activity is of a mere technical, automatic and passive nature, which implies that the information society service provider has neither knowledge of nor control over the information which is transmitted or stored»

The EU perspective

  • Judicial activism and the e-Commerce Directive
    • THE INTERPRETATION OF ARTICLE 14 DE JUNCTO WITH RECITAL 42
      • In Google France (C-236/08) the CJEU, based on Recital 42, held that the liability exemptions are only applicable to neutral hosting providers, that is to those providers whose services are provided in a merely technical, and passive way
      • This interpretation was confirmed repeatedly in many subsequent decisions, which also offered some indications as to the criteria to be looked upon to understand whether a hosting provider is acting in a neutral manner: e.g., L’Oréal (C-324/09)
      • This interpretation was subsequently welcomed by national jurisdictions: e.g., Italy, where the Supreme Court ultimately identified the criteria to distinguish active hosting providers from passive hosting providers in RTI v. Yahoo! (Cass. Civ., 7708/2019)

The EU perspective

  • Judicial activism and the e-Commerce Directive
    • ACTIVE AND PASSIVE HOSTING PROVIDERS
      • ACTIVE HOSTING PROVIDER
        • Managament of the information
        • Indexing of the information
        • Collection of revenues from advertisement
        • Service fees
        • Terms and Conditions & exercise of control over content
      • PASSIVE HOSTING PROVIDER
        • Mere storage service
        • Neutral, technical, automatic, passive

The EU perspective

  • The e-Commerce Directive
    • PROHIBITION OF MONITORING OBLIGATIONS (ART. 15)
      • 1. Member States shall not impose a general obligation on providers, when providing the services covered by Articles 12, 13 and 14, to monitor the information which they transmit or store, nor a general obligation actively to seek facts or circumstances indicating illegal activity.

The view of the EU Court of Justice

  • Ex ante monitoring obligations
    • Scarlet v. SABAM (C-70/10)
      • Sabam is the Belgian collecting society which had gone to court asking for the ISP, Scarlet, to monitor and block peer-to-peer transfers of music files
      • In 2007, a Belgian court ordered Scarlet, an ISP, to bring to an end the copyright infringements of content of which the applicant was the rightholder, by making it impossible for its customers to send or receive in any way files containing a musical work in SABAM’s repertoire by means of peer-to-peer software
  • Does EU law permit a national court to issue an injunction against intermediaries whose services are used by a third party to infringe copyright, to order an ISP to install, for all its customers, in abstracto and as a preventive measure, exclusively at the cost of that ISP and for an unlimited period, a system for filtering all electronic communications, both incoming and outgoing, passing via its services, in order to identify on its network the movement of electronic files containing a musical, cinematographic or audio-visual work in respect of which the applicant claims to hold rights, and subsequently to block the transfer of such files?

The view of the EU Court of Justice

  • Ex ante monitoring obligations
    • Scarlet v. SABAM (C-70/10)
      • Such an injunction imposed on the ISP to install the contested filtering system would oblige it to actively monitor all the data relating to each of its customers in order to prevent any future infringement of intellectual- property rights. It follows that that injunction would require the ISP to carry out general monitoring, something which is prohibited by Article 15(1) of Directive 2000/31
      • In adopting such injunction, the national court would not be respecting the requirement that a fair balance be struck between the right to intellectual property, on the one hand, and the freedom to conduct business, the right to protection of personal data and the freedom to receive or impart information, on the other.

The EU perspective

  • The e-Commerce Directive
    • ART. 15 AND THE CJEU
      • In Scarlet (C-70/10) and Netlog (C-360/10) the CJEU was called to determine whether imposing ISPs to install a filtering software to prevent copyright infringements did amount to an obligation to generally monitor data prohibited by Art. 15
      • According to the Court, a preventive monitoring of this kind would require ISPs to carry out an ‘active observation’ of all electronic communications transmitted and the contents stored.
      • This would be in contrast with Art. 15.

The view of the EU Court of Justice

  • Ex ante monitoring obligations
    • Facebook Austria v. Eva Glawischnig-Piesczek (C-18/18)
      • Ruling: a Member State is not precluded from stopping and preventing an illegal activity, which a Member State’s court ruling has considered as such and the prohibition of monitoring obligations does not apply to a specific case.
      • Such a specific case may be found in a particular piece of information stored by a social network provider at the request of a certain user, the content of which was examined and assessed by a court having jurisdiction in the Member State, which, following its assessment, declared it to be illegal. Given that a social network facilitates the swift flow of information stored between its different users, there is a genuine risk that information which was held to be illegal is subsequently reproduced and shared by another user of that network
  • In those circumstances, it is legitimate for the court having jurisdiction to require a host provider to block access to the information stored, the content of which is identical to the content previously declared to be illegal, or to remove that information, irrespective of who requested the storage of that information.
  • In particular, in view of the identical content of the information concerned, the injunction granted for that purpose cannot be regarded as imposing on the host provider an obligation to monitor generally the information which it stores, or a general obligation actively to seek facts or circumstances indicating illegal activity, as provided for in Article 15(1) of Directive 2000/31.
  • In order for an injunction which is intended to bring an end to an illegal act and to prevent it being repeated, to be capable of achieving those objectives effectively, that injunction must be able to extend to information, the content of which, whilst essentially conveying the same message, is worded slightly differently, because of the words used or their combination, compared with the information whose content was declared to be illegal.
  • Otherwise, the effects of such an injunction could easily be circumvented by the storing of messages which are scarcely different from those which were previously declared to be illegal, which could result in the person concerned having to initiate multiple proceedings in order to bring an end to the conduct of which he/she is a victim.
  • Article 15(1) of Directive 2000/31 implies that the objective of an injunction consisting, inter alia, of effectively protecting a person’s reputation and honour, may not be pursued by imposing an excessive obligation on the host provider.
  • Therefore, it is important that the equivalent information contains specific elements which are properly identified in the injunction, such as the name of the person concerned by the infringement determined previously, the circumstances in which that infringement was determined and equivalent content to that which was declared to be illegal. Differences in the wording of that equivalent content, compared with the content which was declared to be illegal, must not, in any event, be such as to require the host provider concerned to carry out an independent assessment of that content.
  • In the view of the CJEU, automated technologies could then seek this information, which does not require further analysis and falls within the specific characteristics of the injunction.
  • Directive 2000/31 does not make provision for any limitation, including a territorial limitation, on the scope of the measures which Member States are entitled to adopt in accordance with that directive: accordingly, it does not preclude those injunction measures from producing effects worldwide.

ISP liability in Europe: a recap

  • The E-Commerce Directive
  • Policy: to enhance freedom of expression
  • Two pillars:
    • Absence of a general obligation to monitor
    • Liability exemptions

The CoE perspective

  • ISP liability and the ECtHR
    • DELFI AS V. ESTONIA (2015)
      • Imposing an online news portal to pay damages for having failed to promptly remove defamatory comments posted by anonymous users does not amount to a violation of right to freedom of expression entrusted to Art. 10 of the ECHR
      • How would have the CJEU decided the case?
    • MTE AND INDEX.HU ZRT V. HUNGARY (2016)
      • MTE and Index.hu Zrt: two Internet news portals in Hungary
      • They published the same article, just with different titles, criticizing two real-estate websites managed by a unique company
      • Users wrote vulgar comments against the real- estate company, which sued both portals alleging that they were offending their reputation
      • Although upholding Delfi, the ECtHR came to a different conclusion
  • MTE AND INDEX.HU ZRT V. HUNGARY (2016)
    • DELFI
      • The comments were considered to be violent enough to amount to hate speech
      • Delfi AS is run on a commercial basis
      • UNCORRECT BALANCE
    • MTE and INDEX.HU
      • The comments were not considered to be violent enough to amount to hate speech
      • MTE (although not Index.hu) was not run on a commercial basis
      • CORRECT BALANCE
  • In MTE and Index.hu Zrt v. Hungary, the ECtHR identified some criteria based on which Contracting States may decide whether to hold ISPs liable or not:
    • Context of the comments
    • Efforts made by the ISP to remove promptly the defamatory comments
    • The consequences of the comments
    • Subsequent case law:
      • Pihl v. Sweden (2017)
      • Høiness v. Norway (2019)
      • Jezior v. Poland (2020)s