One of the key elements of the e-Commerce Directive (2000/31/EC), and one that has underpinned the development of the internet in Europe, is the principle that intermediary service providers (ISP) are not liable for the content of “illegal” information that they transmit, cache or host, provided that they do not modify the information or have actual knowledge of its illegality and act expeditiously to remove or disable access on becoming aware of it. This exemption from liability is sometimes referred to as the “mere conduit” exemption.
The intermediaries’ exemption under the e-commerce Directive and the conditional liability regime are generally seen to have remained relevant despite technological and market developments since their adoption and as having provided the legal certainty needed to allow Internet-based services to evolve. However, the current procedural rules for dealing with illegal content by hosting providers are unclear, due to a highly diverse approach to implementation of the e-Commerce Directive rules, leading to a patchwork of different regimes across all 28 Member States. In the current situation, the removal of illegal content can be slow and complicated. There is also a lack of transparency on individual intermediaries’ procedures and practices when taking down content. At the same time there are also strong indications that the current uncertainty leads to a significant amount of unjustified take-downs which adversely affects the freedom of expression and the freedom to conduct business on-line.
The EU legal framework on the liability of online intermediaries is complemented by the legislative framework for civil IPR enforcement (Directive 2004/48) covering all on-line and off-line intermediaries including ISPs as well as the injunctive relief provisions provided in the copyright directive (Directive 2001/29) solely for on-line service providers. The differences in implementation of these provisions in the Member States, with their differing national jurisprudence on tort and unfair commercial practices have not allowed for effective enforcement on the internet across the borders of the internal market. This was recognised in the results of the public consultation on IPRED undertaken in July 2013 where the lack of clarity of the role of intermediaries in assisting in enforcement of IPR and the difficulties to get injunctive relief from intermediaries across the Union against on-line commercial scale infringers was highlighted. In particular, stakeholders have expressed the view that the current fragmentation and legal uncertainty have rendered the protection of property rights inefficient and are having a detrimental effect on the fight against online crime, including in areas such as the fight against hate-speech and child pornography.
There is also a question as to where the dividing line should be drawn between passive use of content by intermediaries, benefiting from the liability exemption, and activities which involve use of the content in such a way as to stray outside the scope of the exemption. Some players in the digital economy (platforms and aggregators) might be regarded as no longer having a genuinely neutral role in relation to the content they host because they run activities that are not limited to a “mere conduit” or storage of information. There are therefore calls from public authorities, law enforcement and the IPR / copyright community to re-balance the rights and obligations of online intermediaries and other actors as regards illegal or harmful content. The question is whether to enhance the overall level of protection from harmful material by requiring a more rigorous and harmonised implementation and enforcement of the conditions allowing online intermediaries to benefit from the liability exemption or whether also require intermediaries to exercise greater responsibility and due diligence in the way they manage their networks and systems, in a context of due process and legal oversight, so as to improve their resilience against the propagation of illegal content and increase transparency and thereby confidence in the online environment.
Article 15 of the e-Commerce Directive bans the imposition by Member States of a general obligation to monitor content. On the other hand, following its Recital 48, the e-Commerce Directive does not affect the possibility for Member States of requiring hosting service providers to apply duties of care, which can reasonably be expected from them and which are specified by national law, in order to detect and prevent certain types of illegal activities. Finally, Article 16 encourages the drawing up of codes of conduct at Community level (involving associations or organisations representing consumers) to contribute to the proper implementation of the Directive. At national level, some self-regulatory initiatives have taken place with diverging results, especially as regards protection of minors (hotlines), in the framework of Directive 2011/92/EU. Therefore, the Commission’s proposal for a Directive on Network and Information Security added an obligation on ISPs to report incidents having a significant impact on the security of the core services they provide. Ideally, there should even be an obligation for ISPs to report serious incidents of a suspected criminal nature to law enforcement authorities. However, the proposed provision in the NIC Directive has not made so far its way through the decision-making process.