Feeds

Euro watchdog: We need ONE definition of 'illegal content' across EU

Scurvy server dogs threatened with the plank

Secure remote control for conventional and virtual desktops

The European Commission should define what is meant by "illegal content" in order enable content 'hosts' to better understand what responsibilities they have to remove or disable access to such material, an EU privacy watchdog has said.

The European Data Protection Supervisor (EDPS) Peter Hustinx said that hosting service providers may be forced to process sensitive personal data when dealing with 'notice and action' requests.

The EDPS made the comments in a response (3-page/32KB PDF) to a European Commission consultation on reforming rules that govern the removal of illegal material posted on the internet.

In its consultation the Commission listed examples of what could constitute 'illegal content', which included intellectual property rights infringements; consumer protection law breaches; hate incitement; child abuse content; terrorism related content; defamatory material, and privacy-invading material, among others.

However, the EDPS said that hosts may not be best placed to deal with some requests to remove or disable that material contained on their platform.

"The EDPS is of the view that there is a need for a more pan-European harmonised definition of the notion of 'illegal content' for which the notice-and-action procedures would be applicable," the watchdog said. "The EDPS underlines that notice-and-action procedures may imply the processing of personal sensitive data (such as data relating to offences), which requires additional safeguards in terms of data protection."

"Not all categories listed in [the Commission's consultation] carry out the same weight and would best benefit from a notice-and-action procedure being addressed to a hosting service provider. For instance, privacy infringements could be best reported to data protection authorities (similarly infringements of consumer protection rules could best be reported to competent authorities and/or national associations representing consumers' interests). Several types of infringements would require the involvement of law enforcement, e.g. child abuse content and terrorism related content," Hustinx added.

"Furthermore, it should be defined more clearly what type of action is required from hosting service providers in those cases (for instance, define the conditions and modalities of forwarding these requests to the competent authority/body)," he said.

Host service providers should be required to comply with "separate and distinct" steps to either remove or disable illegal content depending on what the material relates to, the EDPS said.

Under EU law a 'host' of content has less responsibility for that content under EU law than a publisher. Under the EU's E-Commerce Directive 'hosts' are defined as platforms that store information in order to provide "information society services" to recipients.

Under the E-Commerce Directive online hosts of content are generally not liable for illegal content communicated by others, but are required to act to remove the material when notified of its existence.

The Directive protects service providers from liability for material that they neither create nor monitor but simply store or pass on to users of their service. The Directive says that service providers are generally not responsible for the activity of customers and that member states must not put service providers under any obligation to police illegal activity on its service.

Service providers are not liable for infringement via their services if they do not have "actual knowledge" or an awareness of the illegal activity or having obtained such knowledge "acts expeditiously to remove or to disable access to the information". The Directive is implemented in the UK by the E-Commerce Regulations.

However, the EDPS said that even if content hosts can escape liability for illegal activity by others under the E-Commerce Directive, those service providers would still be held responsible for any breach of data protection law that was incurred on their platform.

"The EDPS would like to emphasise that the definition of the activities that should be considered as 'hosting' for purpose of applying the e-commerce liability exemption regime should not affect the liability incurred by any of the service providers listed [in the Commission's consultation questionnaire] under data protection law," he said.

Hustinx said that social networks and search engines can be considered to be 'data controllers' that are responsible for personal data contained on their services.

The watchdog also said that notice and takedown forms should "contain only the minimum personal information required for purpose of such notification". Those that issue "unjustified or abusive notices should be subject to rules and possible sanctions," he added.

Any requirement for hosts to pro-actively "prevent illegal content" should not place responsibility on those service providers to generally monitor information that is transmitted or stored on their service to identify illegal activity, the EDPS said. Such a general monitoring obligation runs contrary to the E-Commerce Directive, whilst the European Court of Justice has also ruled in two cases against initiatives requiring internet service providers and social networks to monitor for infringement of intellectual property rights, the watchdog said.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

The essential guide to IT transformation

More from The Register

next story
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
EU justice chief blasts Google on 'right to be forgotten'
Don't pretend it's a freedom of speech issue – interim commish
Detroit losing MILLIONS because it buys CHEAP BATTERIES – report
Man at hardware store was right: name brands DO last longer
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.