Intermediaries play a vital role in ensuring Internet functionality. In several Internet governance areas, such as copyright infringement and spam, Internet Service Providers (ISPs) are considered key online intermediaries. In other areas, such as defamation and the so-called right to be forgotten, the responsibility extends to hosts of online content and search engines.
ISPs main involvement is at a national level in dealing with government and legal authorities, and they are often the most direct way for governments to enforce legal rules online. At a global level, some ISPs, particularly from the USA and Europe, have been active in the WSIS/WGIG/IGF processes individually and through national and regional or sector-specific business organisations such as the Information Technology Association of America (ITAA), and others. Various regional ISP associations have been set up worldwide.
Hosts of online content and search engines typically operate as conduits for content, or bridges between content and Internet users. Although headquartered in one country (some having regional headquarters), their reach and user-base is likely to be global, and as a consequence, intermediaries are often exposed to jurisdiction in multiple countries.
Intermediary liability is often discussed at IGF meetings and in other fora. The OECD includes the role of intermediaries among its 14 principles for Internet policy-making (‘Limit Internet intermediary liability’), whereas the extent of intermediary liability is often the subject of court judgments (such as the Delfi case).
The following will discuss the role and responsibility of ISPs and hosts with regards to various issues.
One of the main issues is intermediary liability for copyright infringement. The international enforcement mechanisms in the field of intellectual property have been further strengthened by making ISPs liable for hosting materials in breach of copyright, if the material is not removed upon notification of infringement. This has made the previously vague IPR regime directly enforceable in the field of the Internet.
The approach taken by the US Digital Millennium Copyright Act (DMCA) and the EU directives is to exempt the service provider from liability for the information merely transmitted or stored at the direction of the users, and demand that the service provider act upon a notice-and-take-down procedure. This solution provides some comfort to ISPs as they are safe from legal sanctions, but also potentially transforms them into content judges and only partially solves the problem, since the contested content may be posted on another website, hosted by another ISP.
Child online protection
As with all other stakeholders involved in protecting children online, ISPs and hosts are instrumental in filtering certain types of illegal content (most notably, child sexual abuse images) as soon as they become aware of it. There are generally two main processes leading to the removal of illegal content:
- Via notice-and-take-down measures, which are typically the first line of defence. As soon as providers, such as ISPs, domain registrars, and web hosts are alerted that their services being used to host such content, many go on to remove it or close down the user’s account, within a short period of time.
- Via hotline reporting, through which ISPs can be notified of illegal content by its customers, members of the public, law enforcement, or hotline organisations. ISPs generally work hand-in-hand with law enforcement to ensure that the content is verified, and that steps are taken to identify and locate the criminals.
Other technical options may help prevent illegal content from being accessed. For example, a number of intermediaries around the world, including ISPs and search engines, restrict access to lists of URLs confirmed to contain illegal content.
In the above cases, the extent of ISPs' and hosts' liabilities may vary from country to country. In some frameworks, a legal obligation is imposed; in many other cases, ISPs and hosts voluntarily develop and adopt processes to help protect children online.
ISPs are commonly seen as the primary entities involved with anti-spam initiatives. Usually, ISPs have their own initiatives for reducing spam, either through technical filtering or the introduction of anti-spam policy. The ITU’s report on spam states that ISPs should be liable for spam and proposes an anti-spam code of conduct, which should include two main provisions:
- An ISP must prohibit its users from spamming.
- An ISP must not peer with ISPs that do not accept a similar code of conduct.
Under growing official pressure, ISPs, hosts and search engines are gradually, albeit reluctantly, becoming involved with content policy. In doing so, they might have to follow two possible routes. The first is to enforce government regulation. The second, based on self-regulation, is for intermediaries to decide on what is appropriate content themselves. This runs the risk of privatising content control, with ISPs taking over governments’ responsibilities.
In recent months, the courts have also imposed rules on intermediaries, most notably with respect to the right to be forgotten, and in respect of comments posted on online portals.
Right to be forgotten
In 2014, following the decision of the Spanish data protection authority to uphold a Spanish citizen’s request for the removal of the links from Google search results, the Court of Justice of the European Union imposed upon search engines the obligation to consider all right-to-be-forgotten requests.
Although many argued that this right represents only a right to be de-listed, the obligation imposed upon search engines – and not only to Google, as claimant in the case Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González – triggered major debates.
Offensive comments posted on news portal
In 2013, the European Court of Human Rights confirmed a ruling by the Estonian courts which found the news portal Delfi liable for offensive comments posted on its website. In June 2015, the Grand Chamber of ECHR confirmed the 2013 judgment: the Estonian courts’ decision was justifiable and proportionate, as the comments were extreme and had been posted in reaction to an article published by Delfi on its professionally managed news portal run on a commercial basis. (The judgment does not however concern other online spaces where third-party comments can be disseminated, such as an Internet discussion forum, a bulletin board or a social media platform.)