Feeds

Euro watchdog: We need ONE definition of 'illegal content' across EU

Scurvy server dogs threatened with the plank

Intelligent flash storage arrays

The European Commission should define what is meant by "illegal content" in order enable content 'hosts' to better understand what responsibilities they have to remove or disable access to such material, an EU privacy watchdog has said.

The European Data Protection Supervisor (EDPS) Peter Hustinx said that hosting service providers may be forced to process sensitive personal data when dealing with 'notice and action' requests.

The EDPS made the comments in a response (3-page/32KB PDF) to a European Commission consultation on reforming rules that govern the removal of illegal material posted on the internet.

In its consultation the Commission listed examples of what could constitute 'illegal content', which included intellectual property rights infringements; consumer protection law breaches; hate incitement; child abuse content; terrorism related content; defamatory material, and privacy-invading material, among others.

However, the EDPS said that hosts may not be best placed to deal with some requests to remove or disable that material contained on their platform.

"The EDPS is of the view that there is a need for a more pan-European harmonised definition of the notion of 'illegal content' for which the notice-and-action procedures would be applicable," the watchdog said. "The EDPS underlines that notice-and-action procedures may imply the processing of personal sensitive data (such as data relating to offences), which requires additional safeguards in terms of data protection."

"Not all categories listed in [the Commission's consultation] carry out the same weight and would best benefit from a notice-and-action procedure being addressed to a hosting service provider. For instance, privacy infringements could be best reported to data protection authorities (similarly infringements of consumer protection rules could best be reported to competent authorities and/or national associations representing consumers' interests). Several types of infringements would require the involvement of law enforcement, e.g. child abuse content and terrorism related content," Hustinx added.

"Furthermore, it should be defined more clearly what type of action is required from hosting service providers in those cases (for instance, define the conditions and modalities of forwarding these requests to the competent authority/body)," he said.

Host service providers should be required to comply with "separate and distinct" steps to either remove or disable illegal content depending on what the material relates to, the EDPS said.

Under EU law a 'host' of content has less responsibility for that content under EU law than a publisher. Under the EU's E-Commerce Directive 'hosts' are defined as platforms that store information in order to provide "information society services" to recipients.

Under the E-Commerce Directive online hosts of content are generally not liable for illegal content communicated by others, but are required to act to remove the material when notified of its existence.

The Directive protects service providers from liability for material that they neither create nor monitor but simply store or pass on to users of their service. The Directive says that service providers are generally not responsible for the activity of customers and that member states must not put service providers under any obligation to police illegal activity on its service.

Service providers are not liable for infringement via their services if they do not have "actual knowledge" or an awareness of the illegal activity or having obtained such knowledge "acts expeditiously to remove or to disable access to the information". The Directive is implemented in the UK by the E-Commerce Regulations.

However, the EDPS said that even if content hosts can escape liability for illegal activity by others under the E-Commerce Directive, those service providers would still be held responsible for any breach of data protection law that was incurred on their platform.

"The EDPS would like to emphasise that the definition of the activities that should be considered as 'hosting' for purpose of applying the e-commerce liability exemption regime should not affect the liability incurred by any of the service providers listed [in the Commission's consultation questionnaire] under data protection law," he said.

Hustinx said that social networks and search engines can be considered to be 'data controllers' that are responsible for personal data contained on their services.

The watchdog also said that notice and takedown forms should "contain only the minimum personal information required for purpose of such notification". Those that issue "unjustified or abusive notices should be subject to rules and possible sanctions," he added.

Any requirement for hosts to pro-actively "prevent illegal content" should not place responsibility on those service providers to generally monitor information that is transmitted or stored on their service to identify illegal activity, the EDPS said. Such a general monitoring obligation runs contrary to the E-Commerce Directive, whilst the European Court of Justice has also ruled in two cases against initiatives requiring internet service providers and social networks to monitor for infringement of intellectual property rights, the watchdog said.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Internet Security Threat Report 2014

More from The Register

next story
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.