E-Commerce law raises liability concerns for ISPs

A public consultation paper for the E-Commerce Directive has ISPs worried because, they say, it fails to clarify their liability for hosting illegal content
Written by Wendy McAuliffe, Contributor

Internet Service Providers (ISPs) are concerned that the government's public consultation document on the Electronic Commerce Directive lacks clarity in exempting them from third party liability.

The Department of Trade and Industry (DTI) released its proposed implementation of Directive requirements today, but ISPs are nervous about the government's indecision over the need for notice and takedown regulations. The paper states that ISPs will not be exempt from criminal liability if they have actual knowledge of a customer undertaking illegal activity on their service -- but service providers are uncertain about what "actual knowledge" would entail.

The consultation document states that an ISP may be liable for damages "if it is aware of facts and circumstances from which the illegal activity is apparent". It offers reassurances that they may not be liable if, after obtaining actual knowledge or becoming aware of facts and circumstances indicating illegal activity, "they act expeditiously to remove or to disable access to the information," but ISPs say this is not good enough.

But Claire Gilbert, senior vice president of public policy and regulatory affairs at AOL, is anxious for the government to stipulate the exact grounds for ISP exemption of liability. "The law has left us in an uncertain position... if someone sends us an email about a defamatory posting on our service, it's difficult for an ISP to judge how to act," said Gilbert. She questioned whether this would count as "sufficient knowledge", and explained that "ISPs get many hoaxes every day -- it's difficult to check them all."

British ISPs were shocked by a controversial injunction earlier this year surrounding the James Bulger case, which threatened all ISPs with a hefty fine or jail sentence for unknowingly publishing banned information about the whereabouts of the boy's killers. The Electronic Commerce Directive establishes that no general obligation should be imposed on ISPs to screen or actively monitor third-party content, but Gilbert is sceptical about how the DTI will interpret the term "monitoring". "They could go further than notice and takedown -- but AOL serves 9.9bn URLs a day, and Web sites change constantly. Any step to monitor would be ridiculous."

ISPs currently adhere to a self-regulatory "notice and takedown" approach, which the EU Directive preserves -- with the suggestion that it be incorporated into some legal framework. The British government admits that it is considering whether regulation is needed, but believes that this would be better dealt with by industry codes of conduct.

Gilbert agrees that a self-regulatory code of practice could work, providing that it is clear and accepted by the law courts, and has statutory backing. "Regulation would be no forum for global regulation unless it is contained in a treaty," she explained. "[Legislation] is not fluid enough -- the technological process is best dealt with by an industry code of conduct as it can change quickly, and would hold well in such a competitive environment."

The E-Commerce Directive was adopted by the EU on 8 June 2000, and member states now have until 16 January 2002 to implement the requirements in local law. It has already been agreed that the whole area of ISP liability, and specifically notice and takedown, will be reviewed at a European Community level in 2003. The European Commission will also undertake an inventory and analysis of current notice and takedown initiatives later on this year.

See the E-commerce News Section for the latest headlines.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the ZDNet news forum.

Let the editors know what you think in the Mailroom. And read other letters.

Editorial standards