All issues > Volume 14 > Issue 1 > The Liability of Internet Intermediaries

Jaani Riordan’s recent book, The Liability of Internet Intermediaries, maps the legal issues arising from the mediated environment of information flows. It is a timely book: in its recent communication, Digital Single Market Strategy (DSMS), the EU Commission identified Internet intermediaries and platforms such as search engines, social media and commercial communication service providers as central to the lifeblood of the digital economy.[1] This said, the subject of intermediary liability is not new. The early jurisprudence on intermediary liability in the field of Cyberlaw reveals the complex balancing processes in play as rules were put in place to enable economies of scale and innovation opportunities to be leveraged; legislators and the judiciary were tasked with articulating how best emerging governance challenges were to be addressed. Yet, the urgency to revisit the subject has heightened with the transformation of mediated communication and service environments since the enactment of the EU E-Commerce Directive in 2000.[2] The Liability of Internet Intermediaries provides an important resource not only in terms of aiding our understanding on the preceding history of regulatory and policy challenges, but also in providing us with a set of narratives to facilitate informed discussion on the role and limits to liability rules within the context of the digital economy:

The liability of internet intermediaries too often reflects ‘[t] hat codeless myriad of precedent’ and ‘wilderness of single instances’. In charting the boundaries of liability and seeking to draw connections between different areas of law, it is hoped that this work assists courts, practitioners, and scholars in developing clearer and more coherent rules to govern the next generation of internet intermediaries and disputes involving their services. (p. 3)

Scholars, students and practitioners will find the book a capacious resource, with issues clearly identified and supported by considerable research and empirical evidence. The book is set out in four parts and its ambitions can be gleaned from the terrain covered: the evolution of technological infrastructures mediating the spaces for information flows (Part I); substantive and evidentiary challenges confronting intermediaries (Part II); attribution of responsibility and liability for infringing acts of third parties (Part III); remedies, obligations and defeasibility rules (Part IV); and miscellaneous rules governing data retention and costs (Part V).

The first two chapters provide a good overview of the issues to be discussed in the book and alert readers to the way Internet intermediaries are depicted in policy and judicial deliberations (p. 31). The detailed discussion and analysis of the issues raised by Internet intermediaries is preceded by mapping the identity and role of information services providers, distinguishing as a consequence those who are mere conduits to those providing hosting, content and communication services. The network layer model sketched by Riordan provides an important taxonomy which helps contextualise liability issues and policy considerations that invariably implicate the standard setting process (pp. 36-46).

Chapters 3 and 4 also help situate understanding of conflicts, tensions and disputes that stem from information flows and interactions being mediated by Internet intermediaries. Chapter 3 is a slight departure from orthodox treatment of the subject. The usefulness of the chapter lies very much in pre-empting questions about identifying defendants, evidence-gathering challenges and strategies for arresting problems or risks of litigation. The Norwich Pharmacal Order and identity disclosure issues have become a recent feature of Internet intermediary liability. Cases such as CTB v News Group Newspapers Ltd[3] (“Big Brother celebrity”), Jeremy Clarkson v Alexandra Hall (formerly known as AMM v HXW)[4] and Applause Store Productions Ltd & Anor v Raphael[5] resonate with much of the careful analysis in Chapter 4. The discussion also surveys some risk assessment strategies that could be deployed so that “speculative invoicing”, bulk or indiscriminate disclosures do not compromise safeguards for individuals or give rise to onerous compliance costs (pp. 87-112). The sheer breadth of the topics do not detract from the verve with which leading cases and technical issues are covered. For example, immunity issues in copyright disputes arising in cases such as Newzbin[6] and Dramatico[7] are carefully analysed and considered alongside efficient enforcement strategies (pp. 150-162).

Chapter 7 examines the substantive rules on trademarks and common law rules on passing off, and there is also a useful coverage of the dispute mechanism processes for domain names. Chapter 8 shines the spotlight on defamation and illustrates how standards of accountability continue to evolve and together with the need to provide effective justice and the seemingly increasing use of metaphors to limit scope of Internet intermediary liability (pp. 236-252). The recent ruling in Monroe v Hopkins shows that the roles of communication platform providers are never far away.[8] Confidentiality and misuse of private information is the focus of Chapter 9. Even if we agree with the observations of the House of Lords in Campbell v MGN[9] on the reach of equitable principles in light of human rights legislation, the concept of reasonable expectation of privacy and culpability will still have to be worked through where flows of information are driven by algorithms (pp. 279-281).

Chapter 10 provides a good overview of data protection rules and devotes much of the discussion to the “right to be forgotten” case in Google Spain.[10] The analysis provides a balanced view of the ruling and reflects on the guidance provided by the UK’s Information Commissioner’s Office. The insights are extended to a deliberation of some of the practical implications of de-indexing personal data (pp. 328-344). It would have been interesting to know what Riordan would have made of the policy challenges identified by the Article 29 Working Party in its “Guidelines on the Implementation of the Court of Justice of the European Union Judgment on Google Spain SL and Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González” (WP 225). Readers will also benefit from some reflections on the (draft) General Data Protection Regulation (pp. 347-352).

The subject of intermediary liability for illegal and inappropriate content has been a feature of debates on the UK’s Digital Economy Bill. This subject is covered in Chapter 11. The tensions between access and control are particularly acute where child safety concerns are introduced into debates regarding the extent of Internet intermediary obligations. The chapter would have benefited from some consideration of ongoing scholarly and policy debates relating to the safety of children and their access to inappropriate or illegal content. The Children’s Charities’ Coalition on Internet Safety has been particularly instrumental in calling the UK government to increase the obligations on Internet intermediaries to block and filter content. According to their statement the current approach to self-regulation is far from being an effective response:

Whilst it is true that most of the commercial pornography publishers acknowledge their sites are not meant for minors and say minors are not welcome on them, in practice they have done little or nothing to inhibit access by minors and it seems clear to us that they won’t unless and until they are compelled to do so by law or are otherwise highly incentivised.[11]

It is useful to note that in the EU Commission’s Public consultation on the regulatory environment for platforms, online intermediaries, data and cloud computing and the collaborative economy (24 September 2015), policymakers envisage some revision on the way the E-Commerce Directive currently defines the role and responsibility of intermediaries on particular types of content.[12] That said, online intermediary responsibility for content is a double-edged sword, as seen for instance in the farcical events surrounding the BBC’s Facebook-related child abuse report.[13]

Part IV provides an excellent coverage of immunity rules (Chapter 12), injunctions and blocking injunctions (Chapters 13 and 14), website blocking practices in Europe (Chapter 15) and De-indexing and Freezing Orders (Chapter 16). Part IV tidies up the subject of Internet intermediary liability by examining retention and interception of communications data (Chapter 17) and costs (Chapter 18). The discussion and analysis will resonate with judicial and legislative general reluctance for proactive monitoring and preference for the proportionality test.[14]

The Liability of Internet Intermediaries covers an impressive breadth of topics and reflects scholarly rigour in addressing the various issues. An interesting theme to emerge from the work, and in light of the results from the EU Public Consultation, is whether the construction of data-driven business models may be impacted by the ratcheting of obligations on Internet intermediaries.[15] In a post-Brexit UK,  an overenthusiastic pro-liability stance could have implications for innovation, create considerable uncertainty and encroach into freedoms such as expression and privacy. Another theme relates to the question of whether markets in the data economy are equipped with tools to allocate and distribute risks efficiently and fairly. It would be the height of irony if policymakers and legislators assume that law can manage this environment’s complexity and uncertainty. The Liability of Internet Intermediaries may help remind us that when seeking solutions, care must also be taken to ensure that we do not undermine business models that have served us quite well. Intellectual property, data protection, net neutrality, spectrum infrastructure and competition law issues are some of the areas being scrutinised by policymakers and legislators.

[1]     European Commission, Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and Social Committee and the Committee of the Regions, A Digital Single Market Strategy for Europe 4 See European Commission, Communication: A Digital Single Market Strategy for Europe, COM(2015) 192 final, 6 May 2015, para. 3.3.

[2]     Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’).

[3]     [2011] EWHC 1232 (QB).

[4]     [2010] EWHC 2457.

[5]     [2008] EWHC 1781 (QB).

[6]     Twentieth Century Fox Film Corp v Newzbin Ltd [2010] EWHC 608 (Ch).

[7]     Dramatico Entertainment Ltd & Ors v British Sky Broadcasting Ltd & Ors [2012] EWHC 268 (Ch).

[8]     [2017] EWHC 433 (QB).

[9]     [2004] UKHL 22.

[10]    Google Spain v AEPD and Mario Costeja González, Case C‑131/12 (CJEU) [2014].

[11]    Children’s Charities’ Coalition on Internet Safety, “Briefing note on the Digital Economy Bill” (2016) available at http://www.chis.org.uk/2016/10/13/briefing-note-on-the-digital-economy-bill (accessed 1 June 2017).

[12]    See also European Commission, Communication from the Commission to the European Parliament, the Council, and the Economic and Social Committee, and the Committee of the Regions, Online Platforms and the Digital Single Market: Opportunities and Challenges for Europe, COM(2016) 288 Final, 25 May 2016, p. 9. See also European Commission, “Fighting Illegal Online Hate Speech: First Assessment of the New Code of Conduct” (2016) available at http://ec.europa.eu/newsroom/just/item-detail.cfm?item_id=50840 (accessed 1 June 2017).

[13]    Angus Crawford, “Facebook Failed to Remove Sexualised Images of Children” (2017) available at http://www.bbc.co.uk/news/technology-39187929 (accessed 1 June 2017).

[14]    L’Oréal and Others, Case C-487/07 (CJEU) [2009]; L’Oréal and Others, Case C-324/09 (CJEU) [2011]; Promusicae, Case C-275/06 (CJEU) [2008]; SABAM, Case C-360/10 (CJEU) [2012]; Tele2 Sverige AB v Post- och telestyrelsen, Case C‑203/15 (CJEU) [2016].

[15]    European Commission, “Public Consultation on the Regulatory Environment for Platforms, Online Intermediaries, Data and Cloud Computing and the Collaborative Economy” (2015) available at https://ec.europa.eu/digital-single-market/news/public-consultation-regulatory-environment-platforms-online-intermediaries-data-and-cloud (accessed 1 June 2017).