Reshaping the Law for the Digital Economy – II – the liability of intermediaries

Google image, via GoogleAs I said my first post yesterday, last Friday morning I attended a seminar on Promoting innovation – Reshaping the Law for the Digital Economy, hosted by Google Ireland, co-sponsored by the Institute for International and European Affairs (IIEA), and chaired by TJ McIntyre. In that post, I summarized the presentations by Johnny Ryan (the internet has created a hinge in history when information is plastic and copyright law is a block upon total commerce) and Niall O’Riordan (for Google, a fair use doctrine in Ireland and Europe is an idea whose time has come). In this post, I’ll look at last Friday’s other presentations; and in tomorrow’s post, I’ll add a few comments of my own on some of the issues raised by the seminar.

Kate O’Sullivan (Director of Regulation and Public Policy, UPC Ireland) pointed out that intermediaries (such as Google, Facebook, and ISPs) are caught in the middle between content producers seeking to enforce their rights as against users, and it is not appropriate that ISPs should be judge and jury in such a cause. Section 40(3) of the Copyright and Related Rights Act, 2000 (also here) provides that the mere provision of facilities by an ISP, for example, which enable the making available to the public of copies of a work “shall not of itself constitute an act of making available to the public of copies of the work” and therefore shall not for that reason amount to a copyright infringement.

She examined the main rights of each of the three main involved: rights holders, subscribers, and intermediaries. First, the rights of right holders. Section 40(4) of the 2000 Act provides that

where a person who provides facilities referred to in that subsection is notified by the owner of the copyright in the work concerned that those facilities are being used to infringe the copyright in that work and that person fails to remove that infringing material as soon as practicable thereafter that person shall also be liable for the infringement.

This ‘notice and takedown’ provision effectively means that where the pipe provided by the ISP is being used to infringe copyright, and the ISP is informed of this (notice) but doesn’t remove any such infringement when practicable (takedown), the ISP is also liable for the infringement. Moreover, rights holders can take advantage of a court order to compel ISPs to release information about infringing customers (such an order is necessary, because the ISPs couldn’t release this information).

Second, the rights of subscribers. They have rights under data protection legislation; they have right to privacy and to freedom of expression; and under a package of EU Directives in 2002, measures taken by ISPs must be necessary and proportionate, and subject to various safeguards including due process. Third, rights of intermediaries. These include the European Communities (Directive 2000/31/EC) Regulations 2003 (SI No 68 of 2003) which provide for various immunities for ISPs. Article 8(3) of the Copyright Directive 2001 (Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society) provides that

Member States shall ensure that rightholders are in a position to apply for an injunction against intermediaries whose services are used by a third party to infringe a copyright or related right.

Ireland has not yet given effect to this provision, but the CJEU in C-275/06 Promusicae v Telefonica has made it clear that when Member States act on foot of Article 8(3), they must be mindful of the other rights involved.

There are similar debates in other EU Member States. For example, in the UK, under the Digital Economy Act, 2010, OFCOM is developing a ‘three strikes‘ policy, by which infringers are identified and put on a black list, but no disconnection is provided for at present. A final draft is expected in January next, but in the meantime, there is a legal challenge to DEA. In France, HADOPI similarly provides for a three strikes response, with various remedies from fines to disconnection, but disconnection requires a judicial order. And in New Zealand, the Copyright (Infringing File Sharing Amendment) Bill is pending; it provides for three strikes but not disconnection. There is as yet no EU mandated approach, but ISPs would welcome the certainty common EU approach. A three strikes approach could make sense, but it is not a matter for private enforcement via ISPs; instead, legislation is necessary to balance the rights of all stakeholders.

TJ McIntyre agreed that a three strikes policy should be democratically agreed, rather than enforced by secret deals or misconceived settlements of High Court actions. The next presentation was an excellent example of Johnny Ryan’s new reality – Nick Kelly (singer-songwriter, filmmaker, viral creator) explained the process by which his most recent record was composed. He sought to harness fan power in a very profound – and fun – way, be performing songs for the record in different styles with various collaborators over a 9-month period, and getting fan feedback. And he blogged about it on his Gestation blog. He described this interactive process of evolution – similar to the way Conor Gearty is writing The Rights Future) of the record as a process of humiliation. All of the artwork was submitted by fans. And he sought subscription in advance to meet the costs of production. He was very positive about what he described as this interactive process of co-creation, in which all of the commentators and contributors feel ownership for the finished product, which is available via his Self-possessed records website.

It is precarious and expensive for him to produce serious music, and this raises a key ethical issue: what incentivises creative peoples’ work so that society benefits? It is imperative to get the balance right, otherwise culture will be impoverished. It is particularly important for Ireland to protect content creators: build the pipe, but don’t give the oil away for free.

Next up was Darragh Doyle (Community Manager, is a forum site based in Ireland, dedicated to the facilitation of online discussion. It makes its money from advertising. And it can run into real legal problems based on what people say on their forums/fora. As a consequence, people spend a lot of time dealing with complaints about content, especially relating to defamation, copyright infringement, invasion of privacy and breach of data protection principles. The key problem he identified is exactly the same as that identified by Kate O’Sullivan: as a forum site, are intermediaries just as ISPs are, and are often easier targets than infringing users.

This experience illustrated the essential point of TJ McIntyre‘s talk on intermediary liability. He argued that it is essential to prevent the unnecessary exposure of intermediaries to legal liability, and it is a much wider issue than copyright, such as defamation, contempt of court, invasion of privacy, and so on. With so many intermediaries hosting material generated by their users, the scope of liability for publication is very great, and the defamation defence of innocent dissemination not wide at all in Ireland. In practical terms, intermediaries are easily identified and have deep pockets, and they suffer from a lack of public understanding of the process of commenting online – at present, there is no public differentiation between the source of a comment and the medium through which it is channelled.

It could all have been so very different. In the late 1990s, there was a burst of public policy enthusiasm for ensuring that the regulation of the online environment was congenial. So, the information society strategy in 1998 (pdf) and the Electronic Commerce Act, 2000 (also here) were quite ahead of their time. However, public policy then lost its way. For example, the Data Protection (Amendment) Act, 2003 (also here) wasn’t leading but following EU policy. Hence, the Irish government were no longer agenda setters, but simply policy takers – and not very good ones at that: as the internet has been moving to web2.0, Irish law has still remained web1.0. He gave three examples. First, there is still no Bill to implement the CyberCrime Convention 2002. Second, our transposition of the ECommerce Directive (Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market) is minimalist, leaving intermediaries in a relatively weak position: it contains (i) only conduit cache and hosting defences, (2) on which there is no clarity, and (3) there are no additional protections, for search, aggregators, hyperlinking, and so on. And third, the Defamation Act, 2009 (also here) is primarily directed to traditional media, especially the print media, and constitutes a missed opportunity to deal with online concerns; for example, the defence innocent publication did not integrate the ECommerce Directive rules relating to intermediaries, and membership of the Press Council requires a print-connected periodical – so, a website for newspaper is within the Press Council’s jurisdiction, but exclusively online publications like and siliconrepublic are not.

His basic theme was that other jurisdictions have moved considerably further in protecting intermediaries, and we should at least follow suit. At present, many US intermediaries could not safely establish themselves here: the Tripadvisor model could not run in Ireland given current defamation laws. So, we need much wider immunities for intermediaries, otherwise we concede a very great competitive advantage to other jurisdictions which have gone so much further in this regard. It was the take-home message of the seminar.