The Electronic Commerce Directive (Terrorism Act 2006)
Regulations 2007 were laid before Parliament on 31st May and come
into force on 21st June.
The Terrorism Act 2006 is already in force. It created offences
relating to the encouragement of acts of terrorism and the
dissemination of terrorist publications. The Act contains a notice
and takedown regime that applies to all website operators. If a
person posts any remark to a blog that encourages an act of
terrorism, a police constable can serve a notice on the operator of
the blog requiring the removal of the offending post within two
days.
Failure to comply within the two-day period, in the absence of
"reasonable excuse", means that the operator will be deemed to have
endorsed the post and its directors could face up to seven years in
prison.
The Terrorism Act made action against UK and companies in the
European Economic Area (EEA) possible and Home Office Guidance of
October 2006 described procedures that should be followed. The EEA
member states comprise the 27 EU member states plus Iceland,
Lichtenstein and Norway.
If, for example, a blog posting is deemed a threat to public
security and a police constable asked the EEA member state to
effect its removal and that state failed to do so, proceedings in
the UK will be possible.
A Home Office spokesperson stressed to OUT-LAW that the new
Regulations do not extend the application of the Terrorism Act to
service providers overseas beyond what is already possible under
that Act. Instead, they restrict the circumstances in which this is
possible, setting conditons that must be satisfied.
The Regulations also extend certain protections of the
E-commerce Directive to the Terrorism Act.
These protections apply to intermediaries acting as mere
conduits or those that cache or host third party content. They were
aimed at ISPs and website hosting companies. However, the UK's
implementing rules, the E-commerce Regulations 2002, do not apply
to legislation that postdates them and so the protections need to
be given on a case-by-case basis. This month's Regulations add the
protections of the E-commerce Regulations to the Terrorism Act. The
protections are qualified. For example, hosting a user's offending
content is not an offence provided it is removed or blocked
expeditiously "upon obtaining actual knowledge that the information
was unlawfully terrorism-related".
The Terrorism Act presented a significant challenge for
operators of social networking sites or any others that encourage
users' contributions when it was introduced. The notice and
takedown regime goes further than the laws that control copyright
infringements on websites because it also applies to any "repeat
statement". That is defined in the Terrorism Act as a statement
which "is for all practical purposes, to the same effect as the
statement to which the notice related". The two-day time limit for
removal of the statement will begin to run from the date of
re-publication.
The Terrorism Act says a person is not deemed to endorse a
repeat statement if he "is not aware of the publication of the
repeat statement" or where he has taken "every step he reasonably
could to prevent a repeat statement" becoming available to the
public. However, the explanatory notes to the Act provide little
guidance as to what is reasonable for the host of a website, blog
or message board.
