Internet Playground: Liability of Intermediary Service Providers - Should There Be Any?
Updated: Feb 17
Source: Fintech Factory
Intermediary service providers (ISPs), for example online social networks, hosting providers and other online content providers play an overall positive social role: freedom of expression, economic freedoms, access to information, to education, freedom of association and political participation, etc. However, their liability for online information can arise with respect to trade marks, privacy, copyright, trade secrets, defamation and unfair competition.
There are different reasons for exempting intermediaries from liability. First, liability may negatively interfere with their capacity to maintain and develop their activity. Second, liability may be incompatible with their business model. Third, liability may induce ISPs to excessively constrain the behavior of their users. Therefore, the goal of EU regulation is to create a liability regime that strikes a balance between different interests at stake - particularly, between the interests of intermediary services and the societal interest that the information is taken down quickly in observance of the principle of freedom of expression.
Adopted in 2000, the European Union Directive 2000/31 EC on electronic commerce (the E-Commerce Directive) established a common regime of liability of service providers for all kinds of content published on the Internet. Intermediary Service Providers fall within a scope of Article 2 of the E-Commerce Directive, which considers a service provider as “any natural or legal person delivering any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services”. The Directive envisages limitations on civil and criminal liability within its sphere of application, however the liability of the primary infringer is not influenced and Member States are not prevented from introducing measures to stop the infringement.
The E-Commerce Directive removed the disparities that existed between Member States in the regime of intermediary service providers, which were presenting a burden to the smooth functioning of the Internal Market.
Article 14 of the E-Commerce Directive establishes a liability exemption for so-called “hosting activities”. Internet service providers (ISPs) must comply with two prerequisites in order to be eligible for the safe harbour provisions working against the interests of proprietors. The first condition is that the ISP has no actual knowledge, nor is aware of facts or circumstances that infringing activity is occurring. Where a service provider obtains such knowledge or awareness, it must expeditiously remove or disable access to such content. The second prerequisite is that intermediaries should act neutrally in relation to content uploaded by third parties.
Implementation in Slovenia
The provisions of the E-Commerce Directive on Liability of Information Society Services were implemented in the Slovenian legal system with the amendment of Zakon o elektronskem poslovanju in elektronskem podpisu - ZEPEP (Electronic Business and Electronic Signature Act). In 2006 the provisions were transposed to Zakon o elektronskem poslovanju na trgu - ZEPT (Electronic Commerce Market Act). Slovenia carried out a literal transposition of Article 14, which can be found in Article 11 of ZEPT. Among Member States there is a lack of clarity on the interpretation of the terms actual knowledge and expeditious, both of which are part of the liability exemption for hosting activities. As a result, these terms have given rise to diverging interpretations. The Slovenian legislator used the term “knowledge” instead of “actual knowledge”.
ZEPT provided a so-called notice and take down system, wherein an intermediary does not have to act unless they have (actual) knowledge of illegal activity or information, or if they were notified by a user. A provider can also obtain (actual) knowledge through a court order.
The act specifically provides the possibility that a court may require the service provider to terminate or prevent an infringement. This can only be ordered to prevent crimes, protect privacy, protect the classified information and maintain professional secrecy. Unlike ZEPT, the E-Commerce Directive does not provide a list of reasons for such requirement. This requirement can also be made by administrative authority in accordance with the law.
Although the Directive was aimed at being technologically neutral, innovations since the adoption of the Directive have rendered the interpretation of this provision extremely challenging. The case law at the national level on the application of the Directive is diverging and stakeholders face a high degree of regulatory uncertainty, which can also be seen in Slovenia.
Relevant case law
The E-Commerce safe harbour provisions were drafted during a time when online service providers, such as social media, had not yet been developed or scaled their activities to today's scope. Specific exemptions from liability for other services (such as search engines services, hyperlinking services, video-sharing sites, online selling platforms, blogs and social networks) have not been explicitly included in most of the national legislation. Therefore it may be difficult for Web 2.0 services (e.g. video-sharing, peer-2-peer platforms and social networks); to determine whether or not these liability exemptions are applicable. These services have either been classified as hosting services, or courts have excluded them from the scope of exemption.
In L’Oreal vs. eBay, the European Court of Justice (the ECJ) held that the Article 14 exemption should not apply where the host plays an "active role" in the presentation and promotion of offers for sale posted by its users so as to give it knowledge of, or control over the data. Furthermore, if a host has knowledge of facts that would alert a "diligent economic operator" to illegal activity, it must remove the offending data to benefit from the Article 14 exemption.
In 2015 an online news outlet was held liable for defamation based on comments posted underneath its articles. The European Court of Human Rights (the ECtHR) in the judgement Delfi vs. Estonia found that such an action does not violate the freedom of expression under Article 10 of the European Convention on Human Rights.
The European Court of Justice has provided more clarity on the scope of Article 14 in its preliminary rulings, however it seems that this is not enough to regulate the area. Since the ECJ can only provide interpretation through preliminary rulings, I believe that EU lawmakers should provide more specific provisions for services for which it is currently unclear whether they can fall under the scope of exemptions. Since the E-Commerce Directive was drafted at a time when internet auctions and social media were just fledgling phenomena, it is not surprising that its provisions do not meet the needs of intermediaries, proprietors, and internet users.