Public Consultation on the Future of Electronic Commerce in the Internal Market And

Public consultation on the future of electronic commerce in the internal market and the implementation of the Directive on Electronic commerce (2000/31/EC) –

52. Overall, have you had any difficulties with the interpretation of the provisions on the liability of the intermediary service providers? If so, which? BUS (ISPs), PUB SERV, INFOSOC LAW PUBLIC SERVICE

Everything Everywhere has not had major difficulties with the interpretation of the intermediary liability provisions. In some exceptional cases we have had difficulties with the exemption concerning Hosting (Article 14) and the interpretation of the concept of ‘actual knowledge’. This is despite the fact that in the UK, Regulation 22 of the Electronic Commerce (EC Directive) Regulations 2002 (the “E-commerce Regulations”) seeks to provide assistance to the courts in interpreting the concept of “actual knowledge” (please see our response to Question 53 below).
In this context, we have had to be cautious in our approach to moderation of hosted content in order to ensure that we do not inadvertently assume liability under Article 14, by acquiring “actual knowledge” about content being processed. For this reason, we would not be prepared to moderate the entire hosted service and would normally moderate only a part of that service.

53. Have you had any difficulties with the interpretation of the term "actual
knowledge" in Articles 13(1)(e) and 14(1)(a) with respect to the removal of
problematic information? Are you aware of any situations where this criterion has proved counter-productive for providers voluntarily making efforts to detect illegal activities? BUS (ISPs), PUB SERV, INFOSOC LAW PUBLIC SERVICE

Everything Everywhere believes that the approach of the Directive is useful in the prevention of active monitoring of illegal activities in compliance with the “no general monitoring obligation” of Article 15. However the interpretation of the term “actual knowledge”, a cornerstone of the safe-harbour for caching and hosting providers, has proved more problematic.
Under the Directive, the lack of a specific definition of “actual knowledge” allows room for interpretation and therefore triggers problems at a national level with regard to when a service provider might acquire “actual knowledge”. Furthermore, it is not clear whether confirmation of “illegality” is a matter to be confirmed by a court or if “actual knowledge” can be acquired earlier, for instance as soon as a customer makes a complaint and regardless of its level of detail. In the latter case, there may be additional problems concerning who can notify the “illegal activity or information” to the service provider.
In order to minimise the risks facing service providers concerning negligent ignorance (please also see below in relation to the position in English law), conscious disinformation or inadvertent acquisition of “actual knowledge”, the service provider has been generally deemed as having “actual knowledge” of the illegality of content or information once a competent authority has declared the “illegality” and has ordered the withdrawal of, or restriction of access to, the illegal content or information, or has awarded damages, and this decision has been notified to the service provider.
We agree with this approach. In our view, in order for a hosting service provider to have “actual knowledge” of the illegality of hosted content and, consequently, to be potentially liable for such content, it is necessary for a court of law to have first declared the content illegal. In our view, proposals to by-pass the courts and vest this power in service providers will be inappropriate and would result in legal uncertainty, because service providers clearly lack the legal expertise required to address sometimes complex issues, such as copyright, terrorism, hate speech or defamation.
In the UK, in particular, Regulation 22 of the E-commerce Regulations seeks to provide assistance to the courts in determining whether a provider of hosting or caching services has “actual knowledge”. Regulation 22 reads:

Notice for the purposes of actual knowledge

22.In determining whether a service provider has actual knowledge for the purposes of regulations 18(b)(v) and 19(a)(i), a court shall take into account all matters which appear to it in the particular circumstances to be relevant and, among other things, shall have regard to—

(a ) whether a service provider has received a notice through a means of contact made available in accordance with regulation 6(1)(c), and

(b) the extent to which any notice includes—

(i) the full name and address of the sender of the notice;
(ii ) details of the location of the information in question; and

(iii) details of the unlawful nature of the activity or information in question.

Regulation 22 directs the court to take into account whether the service provider has received notice by means of the contact details provided by the sender pursuant to Regulation 6(1)(c), and what was the content of that notice. There is nothing in the Directive to support a ‘narrow’ interpretation of Regulation 22, which would oblige the court to have regard in all cases to whether the service provider has received notice, by what means and containing what information and which would result in a narrow interpretation of ‘actual knowledge’, pursuant to which a service provider could only ever acquire actual knowledge by receiving a notice. Clearly, a service provider can acquire actual knowledge through means other than a notice.
It therefore seems more likely that notwithstanding its mandatory terms, Regulation 22 should be interpreted as only giving an indication of the factors that the court may wish to take into account in deciding whether the service provider has ‘actual knowledge’.
Regulation 22 was considered in the defamation case of Bunt v Tilley [2006] EWHC 407 (QB), where the Judge made some observations on Regulation 22(b)(iii) concerning the details of the unlawful nature of the activity or information that the notice should contain. The fact that this was a defamation case gave rise to the question whether in order to disapply the hosting exception, knowledge of the defamatory nature of the material suffices or whether the ISP has to have knowledge that is actionable. Eady J. preferred the latter view and stated that:

In order to be able to characterise something as ‘unlawful’ a person would need to know something of the strength or weakness of available defences.

If this view of Regulation 22 is followed, a service provider should not be deemed to have ‘actual knowledge’ of an unlawful activity under the E-commerce Regulations unless the person giving the notice explains why the potential defences would not apply.
Furthermore, in relation to criminal liability in particular, what is required to disapply the hosting defence under the Directive is “actual knowledge” of illegal activity or information. This appears to be a subjective test and presumably has an autonomous meaning under the Directive. However, in English law subjective knowledge includes the state of mind of someone who deliberately shuts his eyes to the obvious or refrains from inquiry because he suspects the truth but does not want to have the suspicion confirmed.

54. Have you had any difficulties with the interpretation of the term
"expeditious" in Articles 13(1)(e) and 14(1)(b) with respect to the removal of
problematic information? BUS(ISPs), PUB SERV, INFOSOC LAW PUBLIC
SERVICE
No.
55. Are you aware of any notice and take-down procedures, as mentioned in
Article 14.1(b) of the Directive, being defined by national law? BUS (ISPs), PUB
SERV, PRIV

Yes, in the UK there is a notice and take down procedure under the Terrorism Act 2006. There is also a possibility that a form of notice and take-down process may be introduced under the Digital Economy Act 2010.
It should be noted that in the UK, the E-commerce Regulations do not apply in relation to any Act passed on or after the date the E-commerce Regulations were made or in exercise of a power to legislate after that date. In relation to primary or secondary legislation made after the E-commerce Regulations, the requirements of the Directive need to be considered in each case and, if required, specific measures should be taken to ensure compliance with the Directive. In June 2007 the Electronic Commerce Directive (Terrorism Act 2006) Regulations 2007 amended the Regulations for the Terrorism Act 2006. Regulations 5, 6 and 7 incorporate Articles 12, 13 and 14 of the Directive and create exemptions from liability for the offences set out in Sections 1 and 2 of the Terrorism Act for intermediary providers of mere conduit, hosting and catching services.
Terrorism Act 2006
The Terrorism Act establishes a notice and take-down procedure for notices of public authorities to host providers for content which constitutes an offence under the Act. Under Sections 3 and 4 of the Act, a police constable can issue a notice requiring the removal from public view or the amendment of a statement, article or record which the constable considers to be unlawfully related to terrorism. The service provider must comply with the notice within 2 working days. The notice and take-down procedure is linked to the offences in Sections 1 and 2 of the Act in a way that a service provider could lose the benefit of the statutory defences of non-endorsement of the unlawful material under Sections 1(6) and 2(9), if it does not comply with a Section 3 notice. According to Section 3(2), service providers who fail to remove, without reasonable excuse, the material which is notified to be unlawfully terrorism-related within the specified period of 2 days are treated as endorsing the unlawful material. Although failure to comply is not itself an offence, it may lead to the service provider being charged with an offence under the Terrorism Act.
According to the ‘Guidance on notices issued under Section 3 of the Terrorism Act 2006’, a notice can be served on any person involved in the provision or use of electronic services used in the publication or dissemination of terrorism-related material, including for instance content providers, content aggregators, host providers, webmasters, forum moderators, bulletin board hosts, etc.
The Digital Economy Act 2010
We are concerned that the recent Digital Economy Act allows the possibility of introducing a process akin to a notice and take-down process for mere conduits.
The Act currently requires ISPs to process reports, compile lists and notify customers on receipt of a notice/report by the copyright owner. If these initial obligations do not result in a significant reduction of copyright infringement, the Secretary of State may direct the telecommunications regulator Ofcom to assess whether one or more technical obligations should be imposed on ISPs. These technical obligations include measures that:
limit the speed or other capacity of the service provided to a subscriber;
prevent a subscriber from using the service to gain access to particular material, or limit such use;
suspend the service provided to a subscriber; or
limit the service provided to a subscriber in another way.

We share the concerns voiced by other UK ISPs (including BT and Talk Talk in their recent application for a judicial review of the provisions for online copyright infringement of the Digital Economy Act) that the technical measures would require ISPs to remove or disable access to information, which essentially amounts to a notice and take-down process which, under the Directive, can only be imposed on hosting or caching services, and not against mere conduits such as ISPs.

56. What practical experience do you have regarding the procedures for notice
and take-down? Have they worked correctly? If not, why not, in your view? BUS
(ISPs), INFOSOC LAW PUBLIC SERVICE
The Terrorism Act provides for police to notify hosts of illegal content and we understand a formal notice would be preceded by a phone call from the relevant police service. Only if we failed to respond to the phone call would we receive a full notice. This has not been invoked in the past 5 years.
The Internet Watch Foundation in the UK was established by the internet industry to provide a hotline for reporting criminal online content. The self-regulatory partnership approach has been recognised as a model of good practice and the ‘notice and takedown’ service offered by the IWF has seen the content in question been virtually eradicated from UK networks.
Whilst industry may collaborate over the removal of child abuse and other illegal content it is unlikely to replicated in other areas such as third party commercial rights where the definition of what is and what is not illegal becomes more difficult and potentially carries financial and legal consequences should an ISP remove or block legitimate sites.
It is our opinion that it should remain the Courts or an independent body such as the IWF (with expertise in the subject area) and not the industry to decide what is and what is not illegal.

57. Do practices other than notice and take down appear to be more effective?
("notice and stay down"13, "notice and notice"14, etc) BUS (ISPs), INFOSOC LAW PUBLIC SERVICE
Moderation and abuse reporting mechanisms that allow users to make reports to the service providers are the most effective way to deal with ‘notice and takedown’ and ‘notice and stay down’ reports quickly, although ‘notice and stay down’ only applies to the Terrorism Act in the UK.
We use ‘notice and notice’ in some internal processes where the content that is removed comprises more than text comments on a forum for example. This notice includes advice to the customer on how to meet the T&Cs and if they do so we would reinstate the content. This is effective in that it raises the customer’s awareness of the T&Cs and they generally conform afterwards but it is time resource heavy.
‘Notice and take down’ is a more effective approach than blocking as it only impacts on the ISP hosting the offending material. There are development costs required for ISPs to block certain categories of content for all its customers and there are also significant costs involved with compiling, maintaining, delivering and regularly updating a blocking list. (The IWF list is updated twice daily to be effective as URLs change rapidly). The size of the blocking list may also give rise to network performance issues as all data traffic will need to be filtered.
58. Are you aware of cases where national authorities or legal bodies have
imposed general monitoring or filtering obligations? BUS(ISPs), INFOSOC LAW
PUBLIC SERVICE

Recital 47 of the Directive clearly explains that Article 15 of the Directive does not prevent public authorities in the Member States from imposing a monitoring obligation in a specific, clearly defined individual case. The Digital Economy Act, however, appears to be imposing a more general obligation. In this regard, we agree in principle with the arguments put forward by UK ISPs BT and Talk Talk that the DEA could give rise to real time monitoring.
In their application for a judicial review of the provisions for online copyright infringement in the Digital Economy Act 2010, UK ISPs BT and Talk Talk argue that the requirement to compile and maintain lists of Copyright Infringement Reports in respect of identified individuals together with the obligation to provide lists to copyright owners requires ISPs to actively seek facts or circumstances indicating illegal activity contrary to Article 15(1) of the Directive. Technical measures may also give rise to a de facto form of real time monitoring based on internet usage over a period of time. According to the Directive, such a monitoring obligation can only be imposed on a hosting service. The Directive only allows Member States to seek exemptions to the rules for caching and hosting services.The UK can derogate from the Directive but only for reasons of protecting public policy.It is also noteworthy that the European Data Protection Supervisor has recently expressed serious concern (opinion dated 22 February) about similar legislative responses considered in other Member States stating that “such practices are highly invasive in the individual’s private sphere. They entail the generalised monitoring of internet users’ activities, including perfectly lawful ones.” He also expressed concern that monitoring is being carried out by private parties not by law enforcement authorities.
Although not imposed by a national authority or legal body, it should also be mentioned for completeness that ISPs voluntarily take the IWF list to block illegal child abuse images.

59. From a technical and technological point of view, are you aware of effective
specific filtering methods? Do you think that it is possible to establish specific
filtering? BUS (ISPs), INFOSOC LAW PUBLIC SERVICE

We are able to block the IWF list of illegal child abuse images for all customers. The IWF list contains urls of the sites they have identified as containing child abuse images and we block the actual url not the whole domain which would cause collateral damage by over blocking. Key to the success of this solution is the provision of the list by an independent 3rd party; we do not have any part in deciding what should be in the list.
Filtering to evaluate the content of pages is more problematic and often results in under and over blocking which is acceptable when dealing with a parental control product but unacceptable when the provider is being asked to decide what is legal or not.