Wednesday, January 26, 2005

European ISP's Liability Battles

Yesterday the Higher Regional Court of Frankfurt (Germany) decided that an internet access provider is not fundamentally obligated to disclose the name and address of an internet user, who offers music files for download through an ftp-server, and thus violates the copyrights and other rights of third parties. The request of a German music firm that the access provider released the identity of this user was denied by the court, because the so-called Product Piracy Act may provide a right to obtain this information, this is only related to the manufacturing and dissemination of physical copies. The applicabillity of this provision on dissemination over the internet is still unclear. What's more, an access provider generally has no duty to monitor data streams and may only be obligated to block access to illegal content of which it has actual knowledge.

This decision stands in line with two other recent European decisions. Another German decision of a Munich court also rejected a request for identifying information by music firm BMG. A Viennese criminal court did not grant a demand to release the dynamic IP-adresses of internet users, since these data could only be provided for acts punishable with more than six months imprisonment. The current maximum sentence for uploading in Austria is six months. However, last October a Hamburg court did order the release of dynamic IP-adresses. And in the Netherlands, for example, the ISP Lycos was ordered to make efforts to find and release the name and address of a customer, who accused an eBay seller of fraud.

While it may look lately that there is somewhat of a trend to shield ISPs from releasing indentifying information, there is no real line in European court cases. In the US service provider Verizon successfully fought a request under the Digital Millennium Copyright Act (DMCA) by the Recording Industry Association of America (RIAA) to identify a customer, who allegedly offered copyright-infringing material on his computer for uploading. The US court agreed with Verizon's claim that the DMCA only covered alleged copyright-infringing material on the ISP's computer and not material on the user's computer. Verizon had the will and money to go to court, instead of giving in to the fear of a possible liability following from a denial of the request under the so-called notice and take down regime. In Europe things seem less clear when it comes to ISPs and liability, specifically based on notice and take downs.

The European Electronic Commerce Directive sets up a similar regime of liability as the DMCA (article 14). This regime not just applies to copyright infringement, but also to hate speech and defamation, for example. Contrary to US regulations, the procedure for notice and take down orders (requests to ISPs) is not described by the Directive. As a result service providers miss a public standard to make decisions on requests, and are left with the little guidance of (private) codes of conduct. The lack of procedural safeguards (on a European level) might bring an ISP, or court, more easily to the decision to take down illegal content, or provide identification. The incentive to do so is higher than the potential costs from liability of not doing so.

Yesterday's German Court decision may be lauded for not increasing this incentive. It's a bit dissapointing to see the uncertainty it expresses over the applicabillity of existing (copyright) provisions on the internet. To protect users against wrongful censorship and easy disclosure of their identities a transparent and procedural sound notice and take down regime should be set in place. In the meantime ISPs will hopefully be encouraged by yesterday's court decision and resist unreasonable requests to remove server content and dig up identities from their log files.
- - -
Frankfurt Court Decision (PDF, German)
thru Heise Online


Post a Comment

<< Home