Feeds

Euro watchdog: We need ONE definition of 'illegal content' across EU

Scurvy server dogs threatened with the plank

High performance access to file storage

The European Commission should define what is meant by "illegal content" in order enable content 'hosts' to better understand what responsibilities they have to remove or disable access to such material, an EU privacy watchdog has said.

The European Data Protection Supervisor (EDPS) Peter Hustinx said that hosting service providers may be forced to process sensitive personal data when dealing with 'notice and action' requests.

The EDPS made the comments in a response (3-page/32KB PDF) to a European Commission consultation on reforming rules that govern the removal of illegal material posted on the internet.

In its consultation the Commission listed examples of what could constitute 'illegal content', which included intellectual property rights infringements; consumer protection law breaches; hate incitement; child abuse content; terrorism related content; defamatory material, and privacy-invading material, among others.

However, the EDPS said that hosts may not be best placed to deal with some requests to remove or disable that material contained on their platform.

"The EDPS is of the view that there is a need for a more pan-European harmonised definition of the notion of 'illegal content' for which the notice-and-action procedures would be applicable," the watchdog said. "The EDPS underlines that notice-and-action procedures may imply the processing of personal sensitive data (such as data relating to offences), which requires additional safeguards in terms of data protection."

"Not all categories listed in [the Commission's consultation] carry out the same weight and would best benefit from a notice-and-action procedure being addressed to a hosting service provider. For instance, privacy infringements could be best reported to data protection authorities (similarly infringements of consumer protection rules could best be reported to competent authorities and/or national associations representing consumers' interests). Several types of infringements would require the involvement of law enforcement, e.g. child abuse content and terrorism related content," Hustinx added.

"Furthermore, it should be defined more clearly what type of action is required from hosting service providers in those cases (for instance, define the conditions and modalities of forwarding these requests to the competent authority/body)," he said.

Host service providers should be required to comply with "separate and distinct" steps to either remove or disable illegal content depending on what the material relates to, the EDPS said.

Under EU law a 'host' of content has less responsibility for that content under EU law than a publisher. Under the EU's E-Commerce Directive 'hosts' are defined as platforms that store information in order to provide "information society services" to recipients.

Under the E-Commerce Directive online hosts of content are generally not liable for illegal content communicated by others, but are required to act to remove the material when notified of its existence.

The Directive protects service providers from liability for material that they neither create nor monitor but simply store or pass on to users of their service. The Directive says that service providers are generally not responsible for the activity of customers and that member states must not put service providers under any obligation to police illegal activity on its service.

Service providers are not liable for infringement via their services if they do not have "actual knowledge" or an awareness of the illegal activity or having obtained such knowledge "acts expeditiously to remove or to disable access to the information". The Directive is implemented in the UK by the E-Commerce Regulations.

However, the EDPS said that even if content hosts can escape liability for illegal activity by others under the E-Commerce Directive, those service providers would still be held responsible for any breach of data protection law that was incurred on their platform.

"The EDPS would like to emphasise that the definition of the activities that should be considered as 'hosting' for purpose of applying the e-commerce liability exemption regime should not affect the liability incurred by any of the service providers listed [in the Commission's consultation questionnaire] under data protection law," he said.

Hustinx said that social networks and search engines can be considered to be 'data controllers' that are responsible for personal data contained on their services.

The watchdog also said that notice and takedown forms should "contain only the minimum personal information required for purpose of such notification". Those that issue "unjustified or abusive notices should be subject to rules and possible sanctions," he added.

Any requirement for hosts to pro-actively "prevent illegal content" should not place responsibility on those service providers to generally monitor information that is transmitted or stored on their service to identify illegal activity, the EDPS said. Such a general monitoring obligation runs contrary to the E-Commerce Directive, whilst the European Court of Justice has also ruled in two cases against initiatives requiring internet service providers and social networks to monitor for infringement of intellectual property rights, the watchdog said.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Combat fraud and increase customer satisfaction

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
Reprieve for Weev: Court disowns AT&T hacker's conviction
Appeals court strikes down landmark sentence
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.