Two recent court decisions lead us to reflect on the issue of the liability of the Net. The first is the European Court of Human Rights’ decision in the case of Delfi AS vs. Estonia and the second is the recent Grand Instance Court of Paris’s decision in the case of Max Mosley vs. Google Inc.
The two judgements confirm the responsibility, respectively of the portal and the search engine, for contents posted by users.
I believe that these decisions impose on lawyers the duty to question the topicality of European Directive 31/2000 on electronic commerce and on the system of responsibility of the provider. It should also be pointed out that the liability of the provider can only be additional to that of the end beneficiary of the offence.
The decision of the European Court of Human Rights highlights a substantial compatibility of the conviction of the Estonian news portal to settle damages for the defamatory comments published therein by anonymous readers with art. 10 of the Convention, which protects the freedom of expression. Although the sum of the damages was paltry and only amounted to 320€ for non-pecuniary damage, it clearly underlined the principle expressed by the Court, namely that the discredited party must be able to obtain compensation (it was not possible to identify the author in this particular case).
The ruling by the Grand Instance Court of Paris, which has lately raised many doubts, ordered Google Inc. to remove links related to the unauthorized photographs regarding the former president of the FIA (Fédération Internationale de l’Automobile), Max Mosley. Google was granted two months to comply with Judge Marie Mongin’s decision and to pay the former president the symbolic sum of 1€ damages and 5,000€ for legal fees.
The misalignment between regulation and law is clearly obvious to those in the know.
If we only consider the normative data, there can be no doubt: the responsibility of the provider is governed by the EU Directive and by Italian art. 17 of Legislative Decree no. 70/2003 which excludes any obligation for monitoring and only considers any responsibility subsequent to committing the offence under certain conditions. From a historical point of view, this rule was created to meet the needs of the economy, an approach that characterises Directive 31/2000 and the EU’s approach to electronic commerce itself: the need was to encourage the development of the Internet. Moreover, a liability rule that exempts from liability is most particular. This economic need is also accompanied by the need to meet the additional requirements of freedom and the neutrality of the Net
However, jurisprudence today seems ever more frequently to seek interpretative solutions that enable it to overcome the provision of the law.
We can consider emblematic the recent Italian case of Google vs. Vividown (Court of Milan, April 12, 2010, subsequently reformed by the Milan Court of Appeal on December 21, 2012), in which the grounds for Google’s responsibility was to be found in the legislation on the protection of personal data.
It is therefore necessary to reflect on the historical and economic reasons behind this change of scenario. In something less than fifteen years from 2000 to today, the Internet has radically changed. The need today is no longer that of “network expansion”, but of rethinking the legislative framework as well as the allocation of responsibility in this mature phase of the Internet.
At this point, the role of search engines must also be considered. Are they really neutral? Or do they create a sort of parallel reality for the average Internet user? There are already a number of decisions that confirm the responsibility of search engines: in the UK the judgement of the Royal Courts of Justice on 14 February 2013, in Australia in the case of Trkulja vs. Google on 12 November 2012 and finally in France, the judgement of the Grand Instance Court of Paris, which convicted Google of defamation with its judgement on 8 September 2010.
These decisions oblige lawyers to reflect on the actuality of Legislative Decree no. 70/2003 and the need for reforms.
Therefore it is high time we began pondering over and having second thoughts about a rule which came into being in 2000, but which was conceived even earlier, when the main aim was to get the Internet to expand.
What is the function of civil liability and its objective in this new context?
To answer this question, we must first answer two others. And it comes down to questions of method, in a context in which with increasing frequency laws are written without there being any plan, without any wondering why and abandoning what should be a lawyer’s true role, namely firstly to ask and also to ask oneself questions and only afterwards to write the rules.
And the questions to ask oneself – and there are at least two – are these.
The first, what are the values one is called on to protect through the law in this case? The second: who decides? The judge or the legislator?
On 27.2.2012 the Milan Court of Appeal published the reasoning behind the decision taken on 21.12.2012 declaring the full acquittal of Google in the case Google vs. Vividown.
The Court affirms that the criminal offence of unlawful data processing, stated by Section 167 of the Italian Personal Data Protection Code does not exist in the case under examination.
In order to have a better understanding of the decision, it is useful to analyse the text of Section167, as provided by the Italian Data Protection Authority website.
“Section 167. Unlawful Data Processing
1. Any person who, with a view to gaining for himself or another or with intent to cause harm to another, processes personal data in breach of Sections 18, 19, 23, 123, 126 and 130 or else of the provision made further to Section 129 shall be punished, if harm is caused, by imprisonment for between six and eighteen months or, if the offence consists in data communication or dissemination, by imprisonment for between six and twenty-four months, unless the offence is more serious.
2. Any person who, with a view to gaining for himself or another or with intent to cause harm to another, processes personal data in breach of Sections 17, 20, 21, 22(8) and (11), 25, 26, 27, and 45 shall be punished by imprisonment for between one and three years if harm is caused, unless the offence is more serious”.
According to Section 167, the criminal offence exists only if three circumstances occur simultaneously:
1) deceit with the clear intention of either gaining profit or of causing damage
2) data are processed violating one of the other Sections mentioned in Section 167
3) data processing has in fact caused damage.
According to the Court, the third circumstance has occurred. The other two have not.
First of all, clear deceit has not occurred: in fact it implies not only the purpose of gaining profit through ordinary commercial activity, but a specific profit directly achieved by the accused.
Secondly, data have been processed without giving data information to the data subject, but Section 13 of the Italian Personal Data Protection Code, which affirms this duty, is not mentioned in Section 167. Moreover, the duty to give data information to the data subject is the duty of the data processor, who in this case is the uploader of the video.
We can certainly share the opinion of the Milan Court of Appeal regarding their reasoning, which has the merit of shedding some light on a highly complex matter, which still has to be defined.
On 21.12.2012 the Milan Court of Appeal declared the full acquittal of the Google executives who had been convicted of violation of the data protection law in 2010 by the Milan Court, whose decision caused a worldwide sensation.
These are the facts: the video of a disabled schoolboy being bullied by his schoolmates which they had then uploaded to You Tube.
Google was not convicted due to the fact that under Italian Law providers has no obligation to carry out a prior control. However, as there is the involvement of personal criminal responsibility in this case the Google executives were convicted of violation of the privacy law. The main points debated were the applicability of Italian law per se in the case and Google’s obligation to verify that those who had uploaded the video had respected the data protection law.
We look forward to reading the reasoning behind this judgement, which for numerous different reasons will certainly have wide-ranging implications.