Liability of ISPs for third party material
This guide is based on UK law. It was last updated in
November 2008.
Introduction
When John Bunt attempted to sue AOL, BT and Tiscali in 2005, he
hoped they would be found liable for defamatory comments made about
him by three individuals using their services. What he did in fact
do, was merely help to re-iterate the law. The judge found that an
Internet service provider ("ISP") which performs no more than a
passive role in facilitating postings on the Internet cannot be
said to be the publisher of that information.
While the law absolves ISPs of liability where they are only
providing connectivity services, there are still circumstances
where ISPs, Virtual ISPs ("VISPs"), web hosts and those providing
chat room facilities on their website (all of whom we will refer to
as "ISPs") could be held responsible for material posted by third
parties.
This guide will take a brief look at the E-Commerce Regulations
and the protections offered to ISPs by this legislation. It will
then look at the areas where ISPs are still at risk in respect of
third party material and what steps they can take to mitigate the
risks.
The E-Commerce Regulations
So, what legal protections are there for ISPs? The Electronic
Commerce (EC Directive) Regulations 2002 (or the E-Commerce
Regulations as they are commonly known), introduced a number of
provisions setting out the circumstances where Internet
intermediaries should not be held accountable for material which is
hosted, cached or carried by them.
For instance, Regulation 17 provides that a service provider
shall not be liable for unlawful or illegal content, sent or posted
by any of its users, so long as the service provider does not
initiate the transmission, does not select the receiver of the
transmission and does not select or modify the information
contained in the transmission.
In other words, if the above criteria are met, a service
provider will be treated as a "mere conduit" as opposed to an
author, editor or publisher.
Further protection is offered in respect of the caching of
information. Again, provided that certain criteria are fulfilled,
the E-Commerce Regulations relieve service providers of liability
for the automatic, intermediate or temporary storage of
information, where such activities are performed for the sole
purpose of more efficient onward transmission of the information to
other recipients of the service upon such recipients' requests.
It is important to note that the service providers must ensure
that they comply with any conditions which are imposed on the
access to the information. They could, therefore, still be liable
if the owner of the site specifically prohibits caching. The other
key element is the obligation on service providers to ensure that
the information is updated. One of the criticisms of using caches
is that the most up to date version of the site is not necessarily
available to people using that particular service provider. This is
something which service providers should be aware of.
Regulation 19 addresses the issue of a service provider's
liability in connection with the storing of information where such
information relates to an unlawful activity. The E-Commerce
Regulations provide that the service provider shall not be liable
if it does not have actual knowledge of the information or the
unlawful activity. Where a claim for damages is made, the service
provider will be protected so long as it is not aware of facts or
circumstances which would have made it apparent that the
information or the activity to which it relates is unlawful. It
shall also not be liable if it acts expeditiously to remove or to
disable access to the information on obtaining such knowledge or
awareness and providing the recipient of the service was not acting
under the authority or the control of the service provider.
The main point, therefore, is that of knowledge. If the service
provider is made aware of the unlawful nature of the material, it
is obliged to remove such material or disable access to it
expeditiously. Regulation 22 provides that in determining whether a
service provider has actual knowledge a court shall look at all
matters which appear to be relevant in the circumstances and lists
those particular things that a court shall take into account when
reaching a decision.
What are the risks now?
The main risks arise where ISPs seek to perform an editorial or
monitoring function. In such cases, they could still be found
liable for any unlawful material hosted on their systems. Such
material includes any items which breach the intellectual property
rights of a third party, viruses and worms, pornography, racist and
terrorist material, etc. Basically, if an ISP monitors the content
on their system with a view to removing unlawful material, but
fails to remove it, it may be deemed to be a publisher of that
material. It is essential therefore, that ISPs have in place proper
procedures to ensure that if they perform a monitoring function,
they immediately remove any unlawful material.
As mentioned above, where an ISP does not perform a monitoring
function but receives a complaint about unlawful material, it
should immediately investigate the complaint and remove any
material which is unlawful. For more detail see our Guide on Notice
and Takedown.
Getting the balance right
Often an ISP is placed in a difficult position. On the one hand,
it has a customer who has entered into an agreement with the ISP
for the provision of internet connectivity and/or web hosting
services. If the ISP removes the material posted by that customer
without the appropriate right to do so, it could find itself in
breach of contract giving rise to a claim for damages.
On the other hand, if the ISP is made aware of the unlawful
material and fails to remove it, it may become liable for the
publication of such material giving rise to a claim for damages or
even criminal prosecution.
There may also be occasions where an ISP, for its own reasons, may
not wish to be associated with certain material on its systems.
The best way to address this conflict is for the ISP to have
clear terms and conditions which set out the circumstances upon
which their services may be used and which permit them, in their
absolute discretion, to remove material from their servers.
In this way, the ISP can seek to protect itself against a claim
for damages for breach of contract if it has to take action to
prevent it from being liable for third party content. It is, of
course, essential that these terms and conditions are properly
incorporated into any contract. See our checklists, ISP/ Web Host
Conditions and Terms and Conditions.
Conclusion
At present, the best advice to ISPs to prevent liability for
third party content is (i) not to monitor content on their systems
and (ii) where they have been advised that they may be storing or
hosting information which is unlawful, to investigate the matter
swiftly and if necessary, ensure that the material complained of is
either removed or suspended whilst further investigations are
undertaken.
In order to ensure that it has the right to do this, the ISP
should ensure that it terms and conditions cover this area
adequately and that such terms and conditions are properly
incorporated into any contract it has with its customers. It is
also essential that all of its customers and users are made fully
aware of the basis upon which they may use the service, whether
this be by means of an authorised use policy or otherwise.
Contacts
Disclaimer: We hope you find OUT-LAW’s content useful. It’s prepared by the lawyers at Pinsent Masons. Please remember, though, that it’s intended as general information only. It’s not legal advice. If that’s what you’re seeking, please
contact us. See also: our
full disclaimer
