Last updated: 
2 months 3 weeks ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Intermediary Liability

Wednesday, July 4, 2012 - 17:00

I've just submitted a JANET(UK) response to the Ministry of Justice's consultation on a draft Defamation Bill. In fact my comments don't relate to the current draft Bill, but to a longer-term part of the consultation paper (pp 40-47) on whether any changes are needed to the law of liability for Internet intermediaries.

At the moment there are three models of liability, used by both UK and EU law for defamation, copyright and most other types of liability:

  1. Mere Conduit: Not liable for third-party content they transmit;
  2. Hosting/Caching: Not liable for third-party content they unknowingly host/cache, but potentially liable once they know of an alleged infringement either by being notified or by other means;
  3. Author/Editor: Liable for content they write or third-party content they edit.

Author/Editor is the traditional way that publications are regulated in the off-line world; Hosting/Caching was applied to web hosts and caches by the European e-Commerce Directive but is similar to how bookshops and newsagents are treated off-line; Mere Conduit was copied from telephone networks to Internet carriers by the same Directive.

The Law Commission spotted a problem with the Hosting/Caching model in 2002: when a web host is notified of allegedly infringing material they have a choice between leaving it untouched (and possibly being found liable in a later court case) and removing it (and being sure they have no liability). Not surprisingly, many hosts therefore remove material as soon as they receive a complaint, whether or not the complaint is justified (see, for example, the experiments by the Dutch civil rights organisation, Bits of Freedom). The Law Commission considered that "there is a strong case for reviewing the way that defamation law impacts on internet service providers", but so far the law remains unchanged. Universities and colleges have an additional challenge, since the law also requires them to "take such steps as are reasonably practicable to ensure that freedom of speech within the law is secured for members, students and employees of the establishment and for visiting speakers" (Education No.2 Act 1986, s.43). Unlike commercial hosting providers, they therefore do have to balance two legal requirements, with risks of liabilities on both sides.

More recently, problems have also emerged with the dividing lines between the three classes. A European case has commented that the knowledge required for a web host to acquire liability could be gained through the host's own "voluntary research" (para 164 of the Advocate General's Opinon in L'Oreal v Ebay), thus seeming to discourage web sites from proactively checking third party submissions for any infringement. A UK case has indicated that a blog host who corrects the punctuation of a third party comment might thereby convert themselves from a Host to an Editor (Kaschke v Gray & Hilton [2010] EWHC 690 (QB)). And there has always been a slight worry over how much filtering or editing of content a network could do without being found to "select or modify the information contained in the transmission" (e-Commerce Directive Article 12(1)(c)) and thereby lose its Mere Conduit status.

One possibility being explored by the Ministry of Justice is a revised categorisation used in a Private Member's Bill by Lord Lester last summer (included as Annex C in the consultation document). The same system of liabilities would apply, but with the classes defined by the degree of control/responsibility, rather than by technical implementation:

  1. Facilitator "a person who is concerned only with the transmission or storage of the content of the publication and has no other influence or control over it" (presumably this would include both transmission networks and neutral web hosts): Not liable for third party content they transmit/store;
  2. Others (anyone who is neither a Primary Publisher nor Facilitator, so possibly including blog hosts in relation to third party comment): Not liable until they receive a written (which includes e-mail!) notice in a prescribed form, then potentially liable;
  3. Primary Publisher "an author, an editor or a person who exercises effective control of an author or editor" (editor is further defined as "a person with editorial or equivalent responsibility for the content of the publication or the decision to publish it"): Liable for third party content they publish.

Provided these definitions do indeed have the effect I've suggested, this does seem to clarify the definitional problems and to remove the current incentives against filtering or inspecting. Anyone in the second class is still likely to respond to a notice by removing content irrespective of the merits of the complaint, but if web hosts are considered as (mere) facilitators then the Law Commission's concerns will have been addressed to some extent.

It'll be interesting to see what develops from this consultation, in particular whether similar ideas arise in European discussions and in other types of liability (particularly copyright).