Monday, 7 October 2019

Facebook’s liability for defamatory posts: the CJEU interprets the e-commerce Directive




Lorna Woods, Professor of Internet Law, University of Essex

The last couple of weeks have seen a number of judgments relating to the control of information on the internet by the subject of the information.  The cases of GC et al (Case C-136/17) and Google v CNIL (Case C-507/17) concern the interpretation of General Data Protection Regulation (GDPR), looking at the obligations of search engines. The most recent case, Glawischnig-Piesczek v Facebook (Case C-18/18) concerned the impact of the e-Commerce Directive (Directive 2000/31/EC), specifically the prohibition on general monitoring found in Article 15 of that Directive, on ‘stay down’ notices. The focus of this post is on Glawischnig-Piesczek, but there is a question that reaches beyond the impact of that case on the e-Commerce Direcitve: to what extent is there a coherent approach to issues arising from the Internet across the various legal measures that intersect with it. This may go beyond the e-Commerce Directive and the GDPR to include measures related to intellectual property (notably the recent controversial Directive on Copyright in the Digital Single Market (Directive 2019/790/EU) and the Enforcement Directive (Directive 2004/48/EC)) and the combating of child exploitation (Directive on combatting the sexual abuse and sexual exploitation of children and child pornography (Directive 2011/93/EU)) and terrorism (Terrorism Directive (Directive 2017/541/EU)).

The Judgment

The facts giving rise to this reference are simple.  Glawischnig-Piesczek complained to Facebook about some defamatory posts. Facebook did not remove the posts so Glawischnig-Piesczek obtained a court order requiring Facebook to stop publishing the impugned content. The precise scope of the order gave rise to further litigation and the Austrian Supreme Court referred a number of questions to the CJEU, asking:

-          Are “stay down” notices in relation to identically worded content compatible with Article 15 of the e-commerce Directive?
-          Are there geographic limitations to the obligation?
-          Are such notices in relation to content with equivalent content to that which has been found unacceptable which does not use the same words but conveys the same meaning acceptable?
-          In relation to posts with equivalent meaning, does the obligation accrue when the intermediary becomes aware of the content?

The Court started its analysis by making clear that the immunity from suit granted by Article 14 of the Directive is not a general immunity from every legal obligation. Specifically the national authorities remain competent to require a host to terminate access to or remove illegal information. The Court also noted that Article 18 of the e-Commerce Directive requires Member States to have in place appropriate court actions to deal with illegal content. It states:

Member States shall ensure that court actions available under national law concerning information society services’ activities allow for the rapid adoption of measures, including interim measures, designed to terminate any alleged infringement and to prevent any further impairment of the interests involved.

The Court held that no limitation on the scope of such national measures can be inferred from the text of the e-Commerce Directive [para 30]. 

It then turned to the impact of Article 15. It highlighted the fact that while Article 15 prohibited general monitoring as recital 47 in the preamble of the Directive makes clear, monitoring ‘in a specific case’ does not fall within that prohibition. It then held that

[s]uch a specific case may, in particular, be found, as in the main proceedings, in a particular piece of information stored by the host provider concerned at the request of a certain user of its social network ….. [35].

Given the nature of information flows there is a risk that any such information may be re-posted, so

‘.. in order to ensure that the host provider at issue prevents any further impairment of the interests involved, it is legitimate for the court having jurisdiction to be able to require that host provider to block access to the information stored, the content of which is identical to the content previously declared to be illegal, or to remove that information, irrespective of who requested the storage of that information. In particular, in view of the identical content of the information concerned, the injunction granted for that purpose cannot be regarded as imposing on the host provider an obligation to monitor generally the information which it stores, or a general obligation actively to seek facts or circumstances indicating illegal activity, as provided for in Article 15(1) of Directive 2000/31 [37].

The Court determined “equivalent meaning” to be about the message the information posted conveys and which was “essentially unchanged”. Given the focus on meaning not form, the Court held that an injunction could extend to non-identical posts as otherwise the effects of an injunction could easily be circumvented.  The Court then considered the balance between the competing interests. The Court commented that the “equivalent information” identified by court order should contain specific elements to identify the offending content and in particular must not require the host to carry out its own independent assessment. In terms of assessing the burden on the host, the court noted that the host would have recourse to “automated search tools and technologies” [para 46].

The court concluded that the injunctions would not constitute a general obligation to monitor all content and specifically no obligation to seek facts or circumstances indicating illegal activity.

The Court also noted that Article 18 of the Directive makes no provision for territorial limitations on what measures Member States may make available. In principle, world-wide effects would be permissible [para 50], but this is subject to the proviso that EU rules must be consistent with the international law framework.

The court felt it unnecessary to respond to the third question without elaborating further.

Comment

There are a number of comments that could be made about this judgment. This post comments on three: the approach of the Court to general monitoring; non-identical content; and the issue of territorial scope. It also discusses freedom of expression issues.

General Monitoring

In this judgment there is a clear confirmation that searching for specific pieces of information/types of content does not constitute general monitoring. The Court makes it clear, at para 35, that the searching for individual pieces of content constitutes a ‘specific case’ within recital 47.  The Court gives the searching for specific information as an example of a ‘specific case’; presumably the searching of a targeted user’s stored date could be another such.  This is the first time the approach has been adopted in regards to defamation.  Perhaps the fact that the case concerns defamation rather than, for example, intellectual property explains the dearth of previous case law cited in the court’s judgment.

The statement of the Court that searching for an individual item of content does not constitute general monitoring does not address the fact that such a search would presumably involve search all content held. Yet in McFadden (Case C-484/14), the Court described the scope of Article 15 thus:

As regards, first, monitoring all of the information transmitted, such a measure must be excluded from the outset as contrary to Article 15(1) of Directive 2000/31, which excludes the imposition of a general obligation on, inter alia, communication network access providers to monitor the information that they transmit. [McFadden, 87]

This is broadly similar to the approach in the early case of L’Oreal (Case C-324/09) which referred to Article 15 precluding ‘an active monitoring of all the data of each of its customers in order to prevent any future infringement ...’ [para 139].  The prevention of future infringements in the context of L’Oreal could be achieved – in the view of the Court – however by the suspension of the perpetrator.  Yet monitoring of the data of all customers seems to be what would be required to find the specific case of content. The matter remains unacknowledged in the Court’s analysis in Glawischnig-Piesczek.  Perhaps the assumption is (a) that the concern underpinning the prohibition in Article 15 derives from privacy; and (b) that when we look for one thing we do not really see the other things that we look at during our search – and that this might particularly be so when the searching is automated.  Of course, arguments that automated review of communications data does not constituted an invasion of privacy have not been accepted by the Court (e.g. Watson/Tele2).  In any event, further support for the distinction between searching for an identified piece of content and searching in a less targeted fashion is found in the context of the fight against child sexual abuse and exploitation and in the context of enforcement of intellectual property.

Non-identical content

The clarification that an injunction may also extend to non-identical content raises a number of issues.  While the Court states that a host should not be required to make its own judgment on these matters it is not clear how similar the content needs to be.  It is also unclear whether the Court is concerned here with the wording or the message conveyed. At [40] it refers to the ‘message conveyed’, which could refer to the idea in issue rather than its precise expression. The Court then referred to ‘information, the content of which, whilst essentially conveying the same message, is worded slightly differently …’ [41]. An approach based on wording (or presumably identifiable items of content such as images) has the benefit of being more easily described by order. It is probably easier to circumvent.  There seems to be an assumption in the judgment that technological means are available to implement this sort of requirement, though whether that is the case is another question.

Territorial Scope

The territorial scope of the order is also worth mentioning.  Like its Advocate General, Szpunar, the Court does not envisage any territorial limitation of the removal/blocking as a result of EU law.  It is important to note that the Court does not say that injunctions must have such extraterritorial effect. Rather the question is about the interplay between each national legal system’s own way of dealing with these issues (and area the Court noted gave Member States wide discretion) and the fact that Article 18 is silent as to any limitations. The silence of EU law allows Member States freedom to take action.  A further issue is that the Court noted the impact of international law without however elaborating what it meant – are we talking fundamental human rights (this seems unlikely given the existence of the EU Charter) or international comity, for example?. 

This is one of a number of cases in which the Court has had to consider the territorial scope of EU law in the context of the Internet – the most recent being the Right to be Forgotten case: Google v CNIL (Case C-507/17). There the Court held that

Where a search engine operator grants a request for de-referencing …, that operator is not required to carry out that de-referencing on all version of its search engine, but on the version of that search engine corresponding to all the Member States. [73]

It seems then that the opposite conclusion has been reached. This is overstating the point.  While the fact that EU law does not require extraterritoriality, the GDPR’s silence on the point gives space to a national court to make an order with extra-territorial effect, a point the Court makes express in para 72. A national could then, within the constraints of its own national rules, make such an order. In such a situation the position would seem similar to that under Article 18 e-Commerce Directive as understood in Glawischnig-Piesczek. A contrast to the silence of the EU legislature on extraterritoriality of blocking/de-listing can be seen in the Terrorism Directive. There Article 21 imposes an obligation on Member States to obtain the removal of terrorist content hosted outside their territory, but it also recognises that that may not be possible.

In Google v CNIL, while the Court recognised the possibility for national courts to make orders for de-referencing with extra-territorial effect, it expressly noted that in doing so they must weigh up the competing interests of the data subjects  and the right of others to freedom of information [para 72]. It is noticeable that in Glawischnig-Piesczek the balancing is different. The Court notes the interest of the subject of the information and also the need not to impose an excessive burden on the host provider [para 45, para 46]. The existence of other rights: the right of the host to carry on a business and the rights of those posting the material and those wishing to receive it – both aspects of freedom of expression - are not expressly mentioned. To some extent the issue of rights will be covered through the national courts, which will be the bodies to carry out that balancing within their own national frameworks and within the limits of EU law. By contrast to Google v CNIL, however, there is no instruction from the Court that these are matters to be considered, nor any express recognition that the balance between the right to private life (including the protection of reputation) and freedom of expression differs between territories. What might be seen as the legitimate protection of private life in one place is an infringement of speech in another.  So, while the matter was not directly the Court’s concern in this case, it is somewhat surprising that the issues were not directly considered.

Barnard & Peers: chapter 9
Photo credit: Department of Defense, via Wikicommons

1 comment:

  1. We at COEPD glad to announce that we have introduced Dot Net Technologies Internship Programs (Self sponsored) for professionals who want to have hands on experience. This program is available in COEPD Hyderabad premises which is accompanied by IT Companies. It is intelligently dedicated to our firm participants predominantly acknowledging and appreciating the fact that they are on the path of making a career in Dot Net Technologies discipline. We assume Object-Oriented Programming concepts and teaches C#.NET, ADO.NET which helps the interns to build database-driven Web applications and Web Sites successfully. This internship is designed to gain theoretical knowledge and also hands-on practice and practical know-how to master the nitty-gritty of the Dot Net developer profession. More than a training institute, COEPD today stands differentiated as a mission to help you "Build your dream career" - COEPD way.

    https://www.coepd.com/DotNet-Internship.aspx

    ReplyDelete