Webtrends Tracking Code
 
UK Home >  Legal Info About... >  Hosting and Maintenance >  Liability of ISPs for 3rd party material

Liability of ISPs for third party material

This guide is based on UK law. It was last updated in May 2005.

Introduction

Whether you are an ISP, a Virtual ISP (VISP) or a web host or merely providing chat room facilities on your website, there is a risk that you could be liable for material posted by third parties.

ISPs are potentially liable for any unlawful material which may be hosted on their systems. Such material includes any items which breach the intellectual property rights of a third party, viruses and worms, pornography, racist material, etc. The person who posts such unlawful material may be impossible to trace. Even if they are possible to trace, they may not be in a position to pay damages to a person who has been offended by the unlawful material.

Long before the case against Demon Internet, there were a number of cases relating to defamatory material where the parties defamed sought redress against the relevant ISP or web host on the basis that the host should be responsible for material posted on its servers.

In theory, most ISPs are in breach of copyright in the web sites which they have cached in order to speed up their service. On the face of it, not only are they making copies of the sites but they are doing so for commercial purposes. However, it is arguable that practice of caching would fall within an implied licence granted by the owners of a website by making it available on the internet. As we shall see, this issue is not clear cut and is something that the EU Commission is seeking to redress.

What can be done?

ISPs s have traditionally sought to rely on the defence that they are "common carriers". The argument is that they are mere conduits for the information stored on or passing through their systems and should not be liable for it. In essence, the claim is that they should be treated in the same way as a telephone company, which is not liable for the contents of the telephone calls made over its system. Unfortunately, apart from a defence under the Defamation Act of 1996, which provides a degree of protection, there are no other statutory bases for this position.

The case law which has developed in both the US and the US has tended to support the proposition that an ISP and/or web host will not be liable for third party content, provided that they do not perform any editorial function.

If an ISP or web host seeks to monitor the content on their system with a view to removing unlawful material, then if it fails to remove some then it may be deemed to be a publisher of that material as it is performing an editorial function. This is not the same as reacting swiftly when someone makes a complaint to an ISP or web host in relation to third party material which they are hosting on their site.

It is essential that an ISP or web host has in place proper procedures to ensure that if a complaint is received it is investigated immediately and, if the material is unlawful, that it is removed.

Getting the balance right

An ISP or web host is placed in a very difficult position.

On the one hand, it has a customer who has entered into an agreement with the ISP for the provision of internet connectivity and/or web host services. If the ISP removes the material posted by that customer, then if it is not careful it will be in breach of contract. This may give rise to a claim for damages against ISP.

On the other hand, if the ISP or web host is made aware of the unlawful material and fails to remove it, then it may become liable for such material. This may involve a claim for damages or a criminal prosecution as in the case against Demon Internet Limited.

Demon Internet was liable for the defamatory content contained within a posting to a newsgroup for the period of 10 days following the date on which it was advised that the posting was defamatory and during which it failed to remove the posting from the relevant newsgroup.

There may also be occasions when an ISP or web host does not wish to be associated with certain material on its systems.

Shortly after the Dunblane massacre, a computer game based on a massacre of school children was hosted on an ISP's server. Whilst such a game was certainly distasteful, it was probably not unlawful. Not surprisingly the ISP concerned wished to remove the game from its systems. To do so, it had to rely on its terms and conditions, which permitted it to remove material from its systems.

It is very important for an ISP and the web host to have clear terms and conditions setting out the conditions upon which its services may be used and which permit the ISP/web host is entitled in its absolute discretion to remove material from its servers.

If the ISP/web host removes any material, it will obviously need to limit its liability for any loss of data. In this way, the ISP and/or web host can seek to protect itself against the claim for damages for breach of contract if it has to take action to prevent it from being liable for third party content. It is, of course, essential that these terms and conditions are properly incorporated into any contract. See our checklists, ISP and Web Host Conditions and Terms and Conditions.

The E-commerce Directive

The E-Commerce Directive makes the legal position clear for all service providers. The relevant provision were in part prompted by the prosecution of a director of CompuServe in Germany in relation to pornography which was stored on the company's servers. The relevant parts of the E-commerce Directive can be summarised as follows:

Article 12 provides that each member state shall ensure that service providers (which will include ISPs, VISPs and Web Hosts) will not be held liable for information transmitted on their sites provided that the relevant service provider:

  • Does not initiate the transmission;
  • Does not select the receiver of the transmission; and
  • Does not select or modify the information contained in the transmission.

In other words, if the above criteria are met a service provider will be treated as a mere conduit as opposed to an author, editor or publisher. However, a service provider will still be required to remove unlawful and/or defamatory material from its site once it has received a complaint.

Article 13 provides that service providers will not be liable for breach of copyright or other intellectual property rights merely as a result of caching sites. Once again, certain criteria have to be met:

  • not modify the information;
  • comply with any conditions on access to the information imposed by the site owner;
  • comply with rules regarding updating of the information, specified in a manner widely recognised and used by the industry;
  • not interfere with the lawful use of the technology to track data on the use of the information; and
  • acts expeditiously to remove or disable access to information it has stored upon actual knowledge of the fact that the information at the initial source of the transmission has been removed from the network, or access to it has been disabled or that a court or administrative authority has ordered such removal or disablement.

It is important to note that the ISP must ensure that it complies with any conditions which are imposed on the access to the information and, in theory, could still be liable if the owner of the site specifically prohibits caching. The other key element is the obligation to ensure that the information is updated. One of the criticisms of using caches is that the most up to date version of the site was not necessarily available to people using that particular ISP.

Article 14 concerns posting and protects a service provider in relation to any information stored at the request of a recipient of this service, (i.e. a customer) provided that the Service Provider:

  • does not have actual knowledge of illegal activity or information and, as regards claims for damages, is not aware of facts or circumstances upon which the legal activity or information is apparent; or
  • upon obtaining such legal knowledge or awareness acts expeditiously to remove or disable access to the information.

Once again, the main criteria is that of knowledge. If the ISP or web host is aware of the unlawful nature of the material, then it is obliged to remove such material or disable access to it immediately.

Article 15 makes it clear that a service provider will not have an obligation to monitor the content on its systems. This reflects reality. There is simply too much material for effective monitoring.

Conclusion

At present, it is advisable for ISPs and web hosts not to monitor the content in their systems. The E-commerce Directive makes it clear that they have no obligation to do so.

However, this does not mean that ISPs and web hosts will not be liable for third party material if they fail to remove it from their systems once they have been advised that it is unlawful.

It is therefore essential that an ISP has in place adequate systems to ensure that any complaints that it receives are investigated swiftly and that, if necessary the material complained of is either removed or suspended whilst further investigations are undertaken.

In order to ensure that it has the right to do this, the ISP must have clear terms and conditions which must be properly incorporated. It is also essential that all of its customers and users are made fully aware of the basis upon which they may use the service, whether this be by means of an authorised use policy or otherwise.

Any questions? Please contact struan.robertson@out-law.com / 0141 249 5422 or one of our other contacts.

OUT-LAW Recommends

Data Protection training
We offer training courses on Data Protection and Freedom of Information laws

Winner at 2008 Webby Awards

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.