Intermediaries

Updates

Currently, Facebook users outside the United States and Canada fall under the terms of services agreed with the company’s international headquarters in Ireland. This means that around 1.9 billion Facebook Inc. users around the world would be protected by the European Union’s General Data Protection Regulation (GDPR), once it takes effect on 25 May 2018. However, Facebook is about to make changes which will decrease this number. Facebook confirmed to the Reuters its intentions to reduce its exposure to the GDPR, which allows European regulators to fine companies for collecting or using personal data without consent. These changes will directly affect Facebook users in Africa, Asia, Australia, and Latin America, who will not fall under the DGPR protection. According to Reuters, this will remove potential liability for Facebook, since the new EU law allows fines of up to 4 percent of global annual revenue for infractions. Regarding these changes, the company said: ‘We apply the same privacy protections everywhere, regardless of whether your agreement is with Facebook Inc or Facebook Ireland.’. Earlier this month, Facebook’s CEO, Mark Zuckerberg, stated the company would apply the EU law globally ‘in spirit’, but did not commit to it as the standard for Facebook across the world. Technology policy researcher at University College London, Michael Veale, said that in practice this means: ‘The 1.5 billion affected users will not be able to file complaints with Ireland’s Data Protection Commissioner or in Irish courts. Instead they will be governed by more lenient U.S. privacy laws.’.

Amnesty International has released its The State of the World’s Human Rights 2017/18, which covers 159 countries. Amnesty's announcement reports that 'In 2017, the world witnessed a rollback of human rights', and that, among many other points, 'Internet controls were strengthened'. Among Internet issues in particular, the report notes (excerpts): 

  • Cameroon and Togo blocked the internet to prevent journalists from doing their jobs and closed media outlets.
  • In Afghanistan, where internet penetration is among the lowest in the Asia-Pacific region, a new Cyber Crime Law was passed criminalizing freedom of expression.
  • In Kazakhstan, journalists and activists faced politically motivated prosecutions and attacks. Having all but strangled independent media already, the authorities used increasingly elaborate and aggressive methods to stamp out dissenting voices on the internet and social media.
  • Vague laws punishing 'glorification' or 'apology' of terrorism were used to prosecute activists and civil society groups for opinions expressed on the internet and social media, including in France, Spain and the UK.
  • The State of Palestine adopted the Electronic Crimes Law in July, permitting the arbitrary detention of journalists, whistle-blowers and others who criticize the authorities online. The law allowed for prison sentences and up to 25 years’ hard labour for anyone deemed to have disturbed 'public order', 'national unity' or 'social peace'.
  • [In Azerbaijan] On 12 January, Afgan Sadygov, a journalist and blogger from Jalilabad District, was sentenced to two and a half years in prison. He was prosecuted under hooliganism charges, after writing about government
  • corruption and refusing to remove his articles from the internet.
  • [In Cameroon] Between January and April, and in early October, telephone and internet services were cut in the English-speaking regions, with no official explanation.
  • [In China] Controls on the internet were strengthened. [...] On 1 June, the Cybersecurity Law came into effect, making it obligatory for internet companies operating in China to censor users’ content [among many other examples].
  • [In Equatorial Guinea] Internet access was severely disrupted for at least five days.
  • [In Gabon] On 27 August, security forces arrested Hervé Mombo Kinga, an activist and prominent supporter of Jean Ping. He had publicly projected videos next to his internet café, and was charged with “instigating violence” and “insulting the Head of State”, and spent one and a half months in solitary confinement. He remained in detention at the end of the year.
  • [Indonesia] On 9 May, Jakarta Governor Basuki Tjahaja Purnama, an ethnic Chinese Christian known as Ahok, was sentenced to two years’ imprisonment for “insulting Islam” in a video posted on the internet.
  • In April, the Seoul Administrative Court ruled as unlawful the decision by the Korea Communications Standards Commission, which censors internet content, to ban a blog entitled “North Korea Tech” covering IT development in North Korea.
  • [In Togo] The authorities shut down the internet for nine days in September amid opposition-led protests, disrupting the organization of the protest and impeding the work of human rights defenders and journalists who were monitoring the protests.

 

 

 

The right to be forgotten has come before UK Courts, highlighting methods needed to 'avoid an own goal' when cases are reviewed, according to Rosalind English in the UK Human Rights Blog. English reports on the need to maintain anonymity during the court proceedings, which, if made public, would revive the information a plaintiff is attempting to have de-listed. English states that 'Clearly these proceedings would be self-defeating if the claimants were obliged, as the price of bringing their claims before the court, to submit every detail of the information they seek to protect to public scrutiny.' In this example, the judge suggested a compromise using a system such as the international phonetic alphabet (alpha, bravo, etc.) to assign pseudonyms to the parties, rather than the 'alphabet soup' of Mr A, Mr B, and so on.

Pages

Intermediaries play a vital role in ensuring Internet functionality. In several Internet governance areas, such as copyright infringement and spam, Internet Service Providers (ISPs) are considered key online intermediaries. In other areas, such as defamation and the so-called right to be forgotten, the responsibility extends to hosts of online content and search engines.

ISPs main involvement is at a national level in dealing with government and legal authorities, and they are often the most direct way for governments to enforce legal rules online. At a global level, some ISPs, particularly from the USA and Europe, have been active in the WSIS/WGIG/IGF processes individually and through national and regional or sector-specific business organisations such as the Information Technology Association of America (ITAA), and others. Various regional ISP associations have been set up worldwide.

Hosts of online content and search engines typically operate as conduits for content, or bridges between content and Internet users. Although headquartered in one country (some having regional headquarters), their reach and user-base is likely to be global, and as a consequence, intermediaries are often exposed to jurisdiction in multiple countries.

 

 

Intermediary liability is often discussed at IGF meetings and in other fora. The OECD includes the role of intermediaries among its 14 principles for Internet policy-making (‘Limit Internet intermediary liability’), whereas the extent of intermediary liability is often the subject of court judgments (such as the Delfi case).

The following will discuss the role and responsibility of ISPs and hosts with regards to various issues.

Copyright infringement

One of the main issues is intermediary liability for copyright infringement. The international enforcement mechanisms in the field of intellectual property have been further strengthened by making ISPs liable for hosting materials in breach of copyright, if the material is not removed upon notification of infringement. This has made the previously vague IPR regime directly enforceable in the field of the Internet.

The approach taken by the US Digital Millennium Copyright Act (DMCA) and the EU directives is to exempt the service provider from liability for the information merely transmitted or stored at the direction of the users, and demand that the service provider act upon a notice-and-take-down procedure. This solution provides some comfort to ISPs as they are safe from legal sanctions, but also potentially transforms them into content judges and only partially solves the problem, since the contested content may be posted on another website, hosted by another ISP.

Child online protection

As with all other stakeholders involved in protecting children online, ISPs and hosts are instrumental in filtering certain types of illegal content (most notably, child sexual abuse images) as soon as they become aware of it. There are generally two main processes leading to the removal of illegal content:

  1. Via notice-and-take-down measures, which are typically the first line of defence. As soon as providers, such as ISPs, domain registrars, and web hosts are alerted that their services being used to host such content, many go on to remove it or close down the user’s account, within a short period of time.
  2. Via hotline reporting, through which ISPs can be notified of illegal content by its customers, members of the public, law enforcement, or hotline organisations. ISPs generally work hand-in-hand with law enforcement to ensure that the content is verified, and that steps are taken to identify and locate the criminals.

Other technical options may help prevent illegal content from being accessed. For example, a number of intermediaries around the world, including ISPs and search engines, restrict access to lists of URLs confirmed to contain illegal content.

In the above cases, the extent of ISPs' and hosts' liabilities may vary from country to country. In some frameworks, a legal obligation is imposed; in many other cases, ISPs and hosts voluntarily develop and adopt processes to help protect children online.

Spam

ISPs are commonly seen as the primary entities involved with anti-spam initiatives. Usually, ISPs have their own initiatives for reducing spam, either through technical filtering or the introduction of anti-spam policy. The ITU’s report on spam states that ISPs should be liable for spam and proposes an anti-spam code of conduct, which should include two main provisions:

  • An ISP must prohibit its users from spamming.
  • An ISP must not peer with ISPs that do not accept a similar code of conduct.

Content policy

Under growing official pressure, ISPs, hosts and search engines are gradually, albeit reluctantly, becoming involved with content policy. In doing so, they might have to follow two possible routes. The first is to enforce government regulation. The second, based on self-regulation, is for intermediaries to decide on what is appropriate content themselves. This runs the risk of privatising content control, with ISPs taking over governments’ responsibilities.

In recent months, the courts have also imposed rules on intermediaries, most notably with respect to the right to be forgotten, and in respect of comments posted on online portals.

Right to be forgotten

In 2014, following the decision of the Spanish data protection authority to uphold a Spanish citizen’s request for the removal of the links from Google search results, the Court of Justice of the European Union imposed upon search engines the obligation to consider all right-to-be-forgotten requests.

Although many argued that this right represents only a right to be de-listed, the obligation imposed upon search engines – and not only to Google, as claimant in the case Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González – triggered major debates.

Offensive comments posted on news portal

In 2013, the European Court of Human Rights confirmed a ruling by the Estonian courts which found the news portal Delfi liable for offensive comments posted on its website. In June 2015, the Grand Chamber of ECHR confirmed the 2013 judgment: the Estonian courts’ decision was justifiable and proportionate, as the comments were extreme and had been posted in reaction to an article published by Delfi on its professionally managed news portal run on a commercial basis. (The judgment does not however concern other online spaces where third-party comments can be disseminated, such as an Internet discussion forum, a bulletin board or a social media platform.)

Each of the topics above are explained in more detail on dedicated sections: copyrightchild safetyspam, and content policy.

Events

Actors

(WIPO)

WIPO has developed, together with the

...

WIPO has developed, together with the Internet Corporation for Assigned Names and Numbers, the Uniform Domain Name Dispute Resolution Policy (UDRP). Under this policy, WIPO’s Arbitration and Mediation Centre provides dispute resolution services for second level domain name registrations under generic top-level domains (gTLDs). The Centre also administers disputes under a specific policies adopted by some gTLD registries (e.g. .aero, .asia, .travel). In addition, the Centre offers domain name dispute resolution services for over 70 country code top-level domains (ccTLDs). WIPO has developed a ccTLD Program, with the aim to provide advice to many ccTLD registries on the establishment of dispute resolution procedures.

(CJEU)

In recent years, the CJUE has adopted important rulings on Internet intermediary liabilities.

...

In recent years, the CJUE has adopted important rulings on Internet intermediary liabilities. In particular, CJUE’s case law focused for instance on the liability of a service provider in an online marketplace (McFadden v Sony Music Entertainment Germany, 2016), the liability of operators of internet marketplaces (L'Oréal v eBay, 2011), the liability of search engine operators (Google Spain case, 2014) and on the tension between data protection and online enforcement (Promusicae v Telefonica, 2008).

(OECD)

Convergence is one of the digital policy issues that the OECD is paying attention to, especially in relation t

...

Convergence is one of the digital policy issues that the OECD is paying attention to, especially in relation to the challenges this phenomenon brings on traditional markets, and the need for adequate policy and regulatory frameworks to address them. In 2008, the organisation issued a set of policy guidelines for regulators to take into account when addressing challenges posed by convergence. In 2016, a report issued in preparation for the OECD Ministerial Meeting on the Digital Economy included new recommendations for policy-makers. Digital convergence issues have been on the agenda of OECD Ministerial meetings since 2008, and are also tackled in the regular OECD Digital Economy Outlook report.

(ECHR)

The European Court of Human Rights deals with privacy through the prism of Article 8 of the

...

The European Court of Human Rights deals with privacy through the prism of Article 8 of the Convention for the Protection of Human Rights and Fundamental Freedoms. It adjudicates on cases brought on against Council of Europe member states accused of being in violation of one or more articles of the Convention. The ECHR has a broad view of what it deems to be protected as ‘personal data’ as any information related to a person (identified or identifiable), which falls under the ‘private life’ part of Article 8. Its most recent high-profile case on the issue found the Hungarian government in breach of Article 8, due to its broad surveillance law.

(APC)

The Association for Progressive Communications regularly participates at the UN Human Rights Council,

...

The Association for Progressive Communications regularly participates at the UN Human Rights Council, to defend the freedom to use encryption technology and to communicate anonymously. One of APC’s strategic priorities for 2016-2019 is to ensure civil society actors and human rights defenders have the capacity to confidently use the Internet and ICTs, by means of privacy-enabling technologies.

(ETNO)

The European Telecommunications Network Operators' Association aims to contribute, through advocacy activities

...

The European Telecommunications Network Operators' Association aims to contribute, through advocacy activities, to shaping the most appropriate regulatory and commercial environment for the telecom sector at the national and European level. As part of its activities, the association publish position papers, reports and studies on a wide range of issues related to intermediaries. ETNO also co-organise annually the ETNO-MLex Regulatory Summit, which gathers key stakeholders to discuss ongoing and future EU regulatory issues, in particular for intermediaries.

Instruments

Judgements

Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González Case - Court of Justice of the European Union (2014)

Recommendations

Other Instruments

Resources

Publications

Internet Governance Acronym Glossary (2015)
An Introduction to Internet Governance (2014)

Papers

Jurisdiction on the Internet: From Legal Arms Race to Transnational Cooperation (2016)
Encouraging the Participation of the Private Sector and the Media in the Prevention of Violence Against Women and Domestic Violence: Article 17 of the Istanbul Convention (2016) (2016)
Comparative Analysis on National Approaches to the Liability of Internet Intermediaries for Infringement of Copyright and Related Rights (2014)

Reports

One Internet (2016)
2015 In Retrospect (Vol. 4) (2016)
OECD Digital Economy Outlook 2015 (2015)
The Impact of Online Intermediaries on the EU Economy (2013)
Study on the Liability of Internet Intermediaries (2007)

GIP event reports

Realizing Rights Online: From Human Rights Discourses to Enforceable Stakeholder Responsibilities (2017)

Other resources

Harmonizing Intermediary Immunity for Modern Trade Policy (2014)

Processes

Session reports

Click on the ( + ) sign to expand each day.

UNCTAD 2018

WSIS Forum 2018

12th IGF 2017

WSIS Forum 2017

IGF 2016

IGF 2015

 

The GIP Digital Watch observatory is provided by

in partnership with

and members of the GIP Steering Committee



 

GIP Digital Watch is operated by

Scroll to Top