James McFarlane: Ships in the night – UK and EU diverge on Safe Harbour
Since the beginning of the millennium, the USA and the EU Member States have created and implemented legislation intended to provide limited exceptions to hosts’ liability when illegal or infringing content has been uploaded by internet users, writes James McFarlane.
This was an important protection against liability when users uploaded images which infringed copyright or trade mark rules.
However, in the past few years, there has been a distinct move away from the exemption – known as the Safe Harbour regime – in relation to internet hosts and internet service providers (ISP) more generally.
Hosts are now subject to much more liability in relation to copyright but, as things stand, Safe Harbour still applies for ISPs where a user infringes a trade mark.
ISP liability generally
An ISP – which includes hosts – is generally liable for copyright and trade mark infringement carried out directly by the ISP.
However, at the turn of the century and as internet use started to grow, it was acknowledged around the globe that something had to be done in order to prevent ISPs being held liable for the illegal activity or infringements that had been carried out by their users.
Consequently, Safe Harbour was introduced in the late 1990s in the US, which was closely followed by the introduction of the E-Commerce Directive in the EU.
EU Law and the Hosting Defence
The E-Commerce Directive was implemented into UK law by the E-Commerce Regulations in 2002, with Regulation 19 specifically applying to hosts.
Essentially, where liability would usually occur for a party who was not an internet host, the host would be exempt from any liability if they:
- do “not have actual knowledge of unlawful activity or information” or;
- in relation to a claim of damages, if the host is “is not aware of facts or circumstances from which it would have been apparent to the service provider that the activity or information was unlawful”.
Furthermore, there is an obligation on a host intending to rely on this defence: “upon obtaining such knowledge or awareness” the host must act “expeditiously to remove or to disable access to the information”.
This regulation goes beyond the wording of the Directive and also insists that “the recipient of the service”, i.e. the user, “was not acting under the authority or the control of the service provider” when the content was uploaded.
This provides quite a limited exception for hosts and is conditional on the fact that the host “has not played an active role of such a kind as to give it knowledge of, or control over, the data stored” (Google France Sarl v Louis Vuitton Malletier SA (C-236/08) [2011] Bus. L.R. 1).
A change in approach as ISPs grow – what liability do they face from users uploading illegal content?
It is clear that, in relation to copyright, the EU is in the process of taking a significant move away from Safe Harbour through the implementation of the Digital Single Market Copyright Directive, which will not apply in the UK.
Under Article 17 of the Directive, ISPs will have to obtain authorisation from content rights holders when images protected by copyright are uploaded to their website by users. If that authorisation is not given, the ISP will be held liable for the infringement unless they can show that they have satisfied the criteria set out in Article 17(4).
Hosts will be held liable for copyright infringement unless they obtain a licence or satisfy one of the objections above. It is clear that the bigger the host, the more stringent their obligations.
Poland has also appealed against Articles 17(4) (b) and (c) as they argue that these infringe on the right to freedom of expression provided for by Article 11 of the EU Charter of Fundamental Rights.
Cases referred to the ECJ
The YouTube and Cyando cases, which have recently been referred to the ECJ and will be decided this month, show that member states continue to resist this move away from the Safe Harbour rule.
Here the Advocate General seemed to stick with the old rules by suggesting that, as YouTube and Cyando did not play an active role in the uploading of the user-generated content, they could not be held liable in respect of the data that is uploaded.
He also noted that they could not have been playing an “active role” if they did not have “intellectual control of the content”. This analysis seems to be in line with the previous Copyright Directive and it will be interesting to see how the CJEU interprets this case when it decides upon this case this month.
In contrast, the CJEU has not yet said that ISPs will be directly liable for trade mark infringement together with their users in any circumstance.
However, recent case law in the UK (Cartier International AG & Ors v British Sky Broadcasting Ltd & Ors [2014] EWHC 3354) has suggested that courts have the power to impose website blocking orders on ISPs where the operators of the website are infringing a trade mark and they have actual knowledge of this infringement.
ISPs in this regard can rely on Safe Harbour as described above, but a recent case which has been referred to the CJEU may provide some clarification on this point: Louboutin, C-148/21.
The question has been referred by the Belgian courts after the first instance court decided that Amazon was directly liable for the infringement of the Louboutin trade mark when it displayed counterfeit goods in third party adverts on the Amazon Marketplace. This decision was reversed by the Brussel’s Court of Appeal.
It is interesting to note that, in another Belgian case (Coty Germany v Amazon) the Advocate General considered that, if a platform actively contributes to the distribution of goods, then they could be directly liable for trademark infringement as this could constitute an “integrated store” where Amazon contributes to the selling of the goods.
What happens next?
The above questions to the CJEU definitely show a change of approach to ISP liability in relation to the widespread view that the ISP can rely on Safe Harbour.
As the internet, ISPs and therefore hosts continue to grow and have more capacity to protect against such infringements, it seems as though the emerging approach is that they should take on more responsibility in relation to the content uploaded on their websites.
It will be interesting to note the CJEU view on the above points and whether that will have any impact on how the UK courts will interpret these rules. This is a key moment in relation to whether the laws on copyright and trade mark will diverge from the EU law on the same in a post-Brexit world.
It is important to note that the UK government has noted on its website that it is “committed to upholding the liability protections now that the transition period has ended.
For companies that host user-generated content on their online services, there will continue to be a notice and take down regime where the platform must remove illegal content that they become aware of or risk incurring liability.”
Therefore, Safe Harbour will apply to UK hosts for now, but it will be interesting to see the developments in this area in the future.
James McFarlane is a trainee at Burness Paull