Why have the E-Commerce Directive exemptions from ISP liability been restated in the DSA Chapter II provisions (setting out the liability of providers of intermediary services)?
The current E-Commerce Directive 2000/31/EC (the EU E-Commerce Directive), implemented in the UK by the Electronic Commerce (EC Directive) Regulations 2002, SI 2002/2013, provides information society service providers (ISP) relief from liability for any user-generated information or content which is hosted or transmitted on that ISP’s platform. This applies in the following circumstances:
- where an ISP simply transmits the information provided by a recipient or provides access to a communications network, provided the ISP is only acting as a ‘mere conduit’ and does not modify the information, select where it is going or coming from, or store the information for longer than is necessary;
- where ISPs simply cache information, provided that this is solely for the purpose of increasing the efficiency for other users accessing that information and provided the ISP does not modify the information, complies with the rules on access and updating the information, does not interfere with the use of technology to obtain data regarding the utilisation of the information and acts expeditiously to remove or disable access to the information where notified; and
- where providers simply store or host the information provided (see further below).
These exemptions were introduced to address the concerns from ISPs that they may be found liable for information or content that is stored or accessed by their users without the ISP’s knowledge and outside of the ISP’s control. The concern was that, for most ISPs, it would be impossible and impractical to monitor all of the information on their platforms. This is highlighted by Article 15 of the E-Commerce Directive (restated in the DSA), which notes that there is no general obligation on ISPs to monitor the information that they transmit or store, or actively seek facts or circumstances indicating illegal activity.
The intention on the enactment of the DSA was that the provisions setting out exemptions from liability within the E-Commerce Directive be passed directly into the DSA, which will now govern the liability of ISPs going forward. These have been intentionally preserved as a direct restatement within the DSA without amendment. Subsequently, it can be interpreted that the case law and guidance applicable to the exemptions as stated in the E-Commerce Directive would also be directly applicable to the exemptions in the DSA.
Recital 16 to the DSA highlights the divergences to date regarding the transposition and application of the exemptions under the E-Commerce Directive. The DSA seeks to provide clarity and coherence by incorporating the original framework within the Regulation. It further seeks to ‘clarify certain elements of that framework, having regard to the case law of the Court of Justice of the European Union’, and in particular, the interpretation of sufficient notification as addressed in Article 16 of the DSA (see below).
What does the DSA Article 6 hosting exemption say?
As above, the hosting exemption for ISPs has been carried through from the E-Commerce Directive to the DSA, providing an exemption from liability for any information from recipients that the ISP stores, provided that:
- the ISP ‘does not have actual knowledge of illegal activity or illegal content and, as regards claims for damages, is not aware of the facts or circumstances from which the illegal activity or illegal content is apparent’; or
- upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the illegal content
The rationale behind this exemption from liability is again that it may be deemed unfair for ISPs to be liable for information stored by users which ISPs have no knowledge of.
The only amendment to the original wording from the E-Commerce Directive that is set out in the DSA is to carve out from the exemption an ISP’s liability under consumer protection law where ISPs present items of information, services or products in a way which may lead consumers to believe that it is the ISP themselves providing the item in question (Article 6(3) of the DSA).
What is the relevance of the wording ‘as regards claims for damages’ in the second limb of the Article 6(1)(a) condition? Does the second limb only apply in the case of civil claims due to the reference to damages?
The wording within this hosting exemption was carefully drafted within the E-Commerce Directive to ensure that ISPs’ liability was excluded for both civil and criminal proceedings, given that ISPs may be liable under criminal law for illegal information or content that is hosted on their platforms, but also vulnerable to claims through civil proceedings where information or content may be defamatory, infringe third parties’ intellectual property rights or copyright, or cause harm to another individual for which they may seek damages.
ISPs’ liability under criminal law would normally be judged by whether they had actual knowledge, both of the information’s existence and of its illegality. However, a lower standard applies to ISPs’ liability in respect of civil claims for damages, being whether the ISP may have had constructive knowledge of the information. Subsequently, where the court deems that the illegality of the information should have been reasonably apparent to the ISP on the facts and circumstances available to it, this exemption from liability will be lost. The wording under the E-Commerce Directive was actually amended in the UK’s implementation of it under the Electronic Commerce (EC Directive) Regulations 2002 (the EC Regulations), SI 2002/2013, which amended the wording to apply where an ISP, ‘where a claim for damage is made, is not aware of facts or circumstances from which it would have been apparent to the service provider that the activity or information was unlawful’ (EC Regulations, SI 2002/2013, reg 19).
This standard has been considered in a number of cases by both the UK courts and the Court of Justice. The guiding authority on this standard was set in L’Oreal v Ebay, Case C-324/09, which saw the Court of Justice opine on this issue, stating that the test applied to awareness would be whether ‘a diligent economic operator would have identified the illegality and acted expeditiously’ on the facts and circumstances surrounding the content (para 52).
The Court of Justice also noted that it may be apparent to the service provider that the content is illegal where the operator receives a notification of such activity. This aligns with the E-Commerce Directive and DSA’s removal of any obligation on ISPs to monitor information which they transmit or store, meaning consideration of whether the ISP had actual or constructive knowledge of the information will usually only be triggered through the notification requirements contained in Article 16 (see below).
Subsequently, the wording ‘as regards to damages’ serves two functions, firstly to note that the exemption applies to ISPs’ liability under civil proceedings as well as criminal, but also to ensure this liability is confined solely to civil claims for damages. This is because ISPs’ will not be exempt from any non-pecuniary civil proceedings, such as in respect of injunctions to remove the information from its platform.
How does Article 16(3) work with Article 6?
Article 16 of the DSA imposes an obligation on providers of hosting services to put in place mechanisms which allow users to notify those providers of information on their platform which that user considers illegal. Providers must ensure that these mechanisms allow users to submit sufficiently substantiated and clear explanations of the information and why they allege it is illegal, which should in theory allow the provider to properly assess whether the information is in fact illegal and should be removed.
Article 16(3) directly integrates this notification mechanism with the exemptions from liability provisions elsewhere in the DSA, noting that where a provider of hosting services receives a notification that information may be considered illegal, this will amount to ‘actual knowledge or awareness for the purposes of Article 6 in respect of the specific item of information concerned where the notification allows a diligent provider of hosting services to identify the illegality of the relevant activity or information without a detailed legal examination’.
This acts as a direct codification of the L’Oreal v eBay judgement and inserts wording which was previously absent in the E-Commerce Directive but present in the Court of Justice’s interpretation of its provisions. Subsequently, where hosting providers receive a sufficient notification under Article 16, this will rebut the presumption of excluded liability under Article 6, creating an obligation on the ISP to assess and remove the information if it is deemed illegal and be liable for any failure to do so (both under criminal law and civil proceedings).
The consistent theme running through the wording of the DSA is that the Article 16 notices themselves must be sufficiently clear enough and contain enough information to allow the ISP to properly assess whether the information is, in fact, illegal. While ISPs’ liability under criminal law will be in relation to actual knowledge, the question as to whether the information’s illegality should have been apparent enough for a diligent provider to identify it as such will be one for the courts to determine in respect of any civil claims for damages that…
Read More: The EU Digital Services Act and the Article 6 hosting exemption