1
GENERAL MONITORING PROHIBITION FOR ONLINE INTERMEDIARIES
Analyzing the Scope of General Monitoring Prohibition under E-Commerce Directive, Case-Law and Digital Services Act
CENGIZ MESUT YILMAZ Candidate Number: 8005
Master’s Program 30 Credits The Faculty of Law,
University of Oslo Autumn 2021 - 2022
01.02.2022
2 Contents
... 1
1. Abstract ... 4
2. Introduction ... 4
a. Background ... 4
b. Research Question ... 8
c. Scope ... 8
3. E-Commerce Directive And Its Liability Provisions Related To The Information Society Services Providers ... 9
a. Objective of the E-Commerce Directive ... 9
b. Liability Exemptions under E-Commerce Directive ... 9
i) Liability Exemptions for Hosting services providers ... 10
ii) Prohibition on General Monitoring ... 10
4. Liability Exemptions and Monitoring Obligations under Digital Services Act ... 11
a. Liability Exemptions ... 11
b. General Monitoring Prohibition ... 11
c. Specific Monitoring ... 12
5. Analysis of Information Society Services in Case-Law and Digital Services Act ... 13
a. Shortcomings of E-Commerce Directive regarding Information Society Services ... 13
i) Uber Case ... 14
ii) Airbnb Case ... 15
b. Definition of Information Society Services in Digital Services Act ... 16
6. Evolution of General Monitoring Prohibition ... 17
7. Inherent Risk of Over-Enforcement by Automated Tools ... 21
a. Introduction ... 21
b. Use of Automated Tools and Proactive Measures for Monitoring Obligations in Case Law 23 i) SABAM v Scarlet Extend, SABAM v Netlog ... 23
ii) Eva Glawischnig Piesczek v Facebook Ireland ... 24
3
iii) Poland v European Parliament and Council ... 25
8. Assessment of the Relevant Provisions of Digital Services Act regarding Monitoring Obligations ... 30
a. VLOPs and Additional Obligations ... 30
b. Liability Exemptions and Awareness ... 35
c. Article 6 of Digital Services Act ... 36
d. Article 7 of Digital Services Act ... 37
9. Conclusion ... 39
BIBLIOGRAPHY ... 41
4 1. Abstract
The Directive 2000/31/EC (“E-commerce Directive” or “ECD”) was adopted in 2000 and became an insufficient legal base for today’s modern online services and needs. Even for the standard of that time, it was a limited legal instrument. The European Council has proposed the new Digital Services Act package on 15 December 2020, and it was adopted, with amendments, by the European Parliament on 20 January 2022. One of the critical components of the ECD and related legislation was the prohibition of general monitoring. However, in practice, interpreting and applying this principle had a controversial side regarding the balance between it and the specific monitoring obligations on online intermediaries. Furthermore, the digital developments to this day and the legislation trend of the European Commission has led to a more proactive form of monitoring by using algorithmic content recognition tools. This study is only limited to examining the principle of prohibition of general monitoring under ECD, case-law and eventually DSA. Due to the extensive coverage of the Digital Services Act and its amendments, we will only scrutinise its provisions on the prohibition of general monitoring and closely related topics to it. We will also discuss the evolution of the prohibition of the general monitoring principle, the related case law, and the current critical issues related to the prohibition of general monitoring.
2. Introduction
a. Background
When the Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (Directive on electronic commerce, mostly known as the “E-commerce Directive” or “ECD”) was adopted in the summer of 2000, some of the largest tech companies which are focal points of millions of users in Europe and the world now, such as Facebook, Twitter, Instagram, Uber, Spotify, etc., were not founded. At that time, ECD itself was adopted to regulate the information society services then and create a legal certainty to ensure the free movement of such. The ECD’s objective is to contribute to the proper functioning of the internal market by ensuring the free movement of information society services between the Member States of the European Union.1 To realise this proper functioning, the obstacles arising from the legal uncertainty and the divergence of the application of ECD provisions from one Member
1 Art. 1(1) of ECD
5
State to another should have been addressed and removed2. Therefore, the ECD aims to ensure a high level of Community legal integration to establish an internal borderless area, the Digital Single Market, for the information society services.3
The ECD set out some basic rules of e-commerce such as online advertisement and unsolicited commercial communications; the internal market clause (which makes the providers of online services subject to the law of the Member State in which they are established); and exemptions of liability for the intermediaries. However, the latter only sets out exemption rules of the online intermediaries which fulfil certain conditions – to name them briefly, (i) awareness and actual knowledge, (ii) expeditious act against illegal content, and (iii) the passive role of the services.4 It is stipulated that the ECD should be applied according to the Union laws. It is not intended to “affect national fundamental rules and principles related to freedom of expression”5. With this proportionality principle, the measures provided by ECD are strictly limited to the minimum needed to achieve the objective of the proper functioning of the internal market.6 One, maybe the most crucial part of the ECD was covering the liability exemptions of online intermediary service providers. This part has regulated the liability exemptions of the online intermediary service providers with a horizontal approach. The intermediaries who provide mere conduit (Art. 12), caching (Art. 13) and hosting services (Art. 14) has found the liability exemptions for them in the ECD. In addition to that, the prohibition of general monitoring (Art.
15) was introduced with the E-Commerce Directive.
The European operations of online intermediaries are subject to, amongst others, the ECD, which is dated back to 2000. It is apparent how technological developments exceeded the horizon foreseen then. The ‘information society’ has evolved into a ‘platform society’ while our society has transformed into an ‘intermediated society’ where the online service providers and platforms affect our daily online life to a great extent as they shape it, filter it and eventually define it including our past and memories.7 Thus, they ultimately play a determinative role in the way we comprehend the outside world and the way we get into interaction.8 Even though
2 See Recital (5) of ECD
3 See Recital (3) of ECD
4 https://ec.europa.eu/digital-single-market/en/e-commerce-directive
5 Recital (9) of ECD
6 Recital (10) of ECD
7 Frosio Giancarlo, Editor’s Note: A Dialogue on the Role of Online Intermediaries, The Oxford Handbook of Online Intermediary Liability, Edited by: Giancarlo Frosio, Oxford Univeristy Press, May 2020; P. 2
8 Taddeo, Mariarosaria, The Civic Role of OSPs in Mature Information Societies, Ibid.; P. 11
6
the European Commission was of the opinion that the existing intermediary liability regime fit its purpose in 20169, the ECD was inadequate to address the new systems and new technological products due to the online players' complexity and relatively unprecedented power. Also, the legal fragmentation between the Member States was hampering the free movement of internet society services in the European Union.
Furthermore, with the interpretations and decisions made by the Court of Justice of the European Union on the cases relevant to the provisions mentioned above of the ECD, the urgent need for new legislation embracing the developments and incorporation of the case law conclusions, thus codifying the key clauses, was critical more than ever.
As a result of this urgent need for new legislation, on 15 December 2020, the Regulation on a Single Market for Digital Services and amending Directive 2000/31/EC (“Digital Services Act” or “DSA”) was proposed. With the new proposal, the Commission took a big step towards approximating the Member States’ legal systems at the Union level in terms of the Single Digital Market and ensuring the proper functioning of the internal market.
While covering a highly extensive ambit, the DSA’s motto has become ‘What is illegal offline should also be illegal online.’10. It advises interpreting the concept of ‘illegal content’
appropriately.11
The critical goals of the Digital Services Act are bringing “...new rules which are proportionate, foster innovation, growth and competitiveness, and facilitate the scaling up of smaller platforms, SMEs and start-ups. The responsibilities of users, platforms, and public authorities are rebalanced according to European values, placing citizens at the centre.”12 Those rules are mainly (i) better protecting customers and their fundamental rights online, (ii) establishing
9 Riis & Schwemer, Leaving the European Safe Harbor, Sailing towards Algorithmic Content Regulation, 2019;
European Commission, “Communication on Online Platforms and the Digital Single Market Opportunities and Challenges for Europe,” Brussels, May 25, 2016, COM (2016) 288 final; P. 8
10 Recital (12) of DSA.
11 Ibid. The wording in the proposal was ‘broadly’. It has been amended to ‘appropriately’, which suits better in our opinion. However, even though the wording has been changed, it still preserves the interpretation’s broadness. For example, note that illegality should be understood not only as the actual act or information which is not in compliance with the Union or national law but also the content that is not in compliance since it refers to the illegal activity. See the amended version of Recital (12) of DSA.
12 The Digital Services Act: ensuring a safe and accountable online environment, European Union website, https://ec.europa.eu/info/strategy/priorities-2019-2024/europe-fit-digital-age/digital-services-act-ensuring- safe-and-accountable-online-environment_en#what-are-the-key-goals-of-the-digital-services-act
7
robust transparency and a clear accountability framework for online platforms, (iii) fostering innovation, growth and competitiveness within the single market.13
The DSA takes a horizontal approach that complements the related EU legislation, without prejudice. Accordingly such related legislations, amongst others for example; GDPR, Directive on addressing the dissemination of terrorist content, AVMSD Directive14 and Omnibus Directive15 are still applicable and effective.16
Even though the Digital Services Act deletes Articles 12-15 of the E-Commerce Directive embodies the ratio legis. As explained in the reasons for and objectives of the DSA, while it aims to reform the existing ECD legal framework thoroughly, it maintained the core principles of the liability (exemption) regime, the prohibition of general monitoring and the internal market clause. The liability exemptions of the providers of intermediary services were maintained as interpreted by the Court of Justice of the European Union.17 The prohibition of general monitoring has been embodied amongst other additional obligations in the Digital Services Act and took its place in Article 7: ‘No general monitoring or active fact-finding obligations’.
As this study is being prepared, the Internal Market and Consumer Protection Committee adopted the Digital Services Act proposal with amendments. Following that, in the plenary session on 20 January 2021, Members of the European Parliament voted on the amended DSA and adopted the amended texts. The adopted texts have become the European Parliament’s mandate for negotiations with the Member State governments.18 The draft has many crucial amendments. This study will examine the current adopted text with the approved amendments only related to the prohibition of general monitoring.
13 The Digital Services Act: ensuring a safe and accountable online environment, European Union website, https://ec.europa.eu/info/strategy/priorities-2019-2024/europe-fit-digital-age/digital-services-act-ensuring- safe-and-accountable-online-environment_en#what-are-the-key-goals-of-the-digital-services-act
14 Directive (EU) 2018/1808
15 Directive (EU) 2019/2161
16 Cauffman, C., and Goanta, C., A New Order: The Digital Services Act and Consumer Protection, European Journal of Risk Regulation, 12 (2021), pp. 758-774, Cambridge University Press; For the other directives See Art 1a(new) of texts adopted of DSA amendments; P. 760
17 DSA Proposal
18 Press Release, European Parliament, Digital Services Act: a safer online space for users, stricter rules for platforms, 14 December 2021.
8 b. Research Question
The online intermediaries’ responsibility to act expeditiously against the illegal content has shifted, if not already, towards a side where the automated means are used more often and becoming the sector standard. The European Commission’s tendency to promote self-regulation among the online intermediaries has been conferred with the Digital Services act again. Many provisions in the Digital Services Act extend the way of implementing specific monitoring obligations to the providers of the information society services, and it reflects the harmed balance of the monitoring obligations and the freedom of expression.
Before proposing the Digital Services Act, the Commission has already shown its interest and tendency to enhance self-regulation by the online intermediaries by issuing and promoting soft- law instruments.19
That tendency needs to be addressed by analysis of whether the general monitoring prohibition lose its effectiveness, and proactive measures are going to be the future of the sector standard.
It should also be assessed that whether this problem harms the balance between exercising fundamental rights such as freedom of expression and the combat against the illegal content disseminated via the online intermediaries.
c. Scope
In the next part of this study, Chapter 3, we will examine the safe harbour regime and general monitoring prohibition in ECD. Chapter 4 will cover liability exemptions and monitoring obligations under DSA. While Chapter 5 will analyze information society services in case-law and DSA, evolution of general monitoring prohibition in Chapter 6 will follow it. In Chapter 7 will examine the use of automated tools for monitoring obligations and the over-enforcement risk. In Chapter 8 we will analyze the monitoring obligations for online platforms in DSA and possible outcomes of such new and extensive obligations.
While briefly explaining the said topics, we will try to minimize this study as related to the prohibition of general monitoring.
19 Tambiama, Madiega, Reform of the EU Liability regime for online intermediaries, European Parliamentary Research Service, Brussels, May 2020, p.3; See the EU Code of conduct on countering illegal hate speech online, Communication on Tackling illegal Content and 2018 Recommendation on Measures to Effectively Illegal Content Online
9
3. E-Commerce Directive And Its Liability Provisions Related To The Information Society Services Providers
a. Objective of the E-Commerce Directive
The ECD was adopted to establish the legal uniformity between the Member States for the information society services and contribute to such services’ free movement. In the ECD, the definition of the information society services was referred to as the Directive 98/34/EC20. According to that Directive, information society services are the services that are normally provided for remuneration by electronic means upon an individual request of a recipient. This definition was explained further in Article 1/(b) of the Directive 2015/153521.
b. Liability Exemptions under E-Commerce Directive
The E-commerce Directive provisions on liability do not introduce a general liability regime for online intermediaries but sets out specific exemption conditions (Art. 12-14) constituting a safe harbour regime whereby the online intermediaries would enjoy the exemptions under certain conditions.22 Those provisions harmonize the exemptions solely from the contributory liability. The legislation of each Member State determines the contributory liability conditions.
Accordingly, the same provider which offers the exact information society services to the recipients might be held contributory liable of its actions in a Member State while deemed not liable in another Member State.23
The liability exemptions in the ECD stipulate that the role of the provider information society service bears merely a passive role. Recital 42 of the E-Commerce Directive states that:
“The exemptions from liability established in this Directive cover only cases where the activity of the information society service provider is limited to the technical process of operating and giving access to a communication network over which information made available by third parties is transmitted or temporarily stored, for the sole purpose of making the transmission more efficient; this activity is of a mere technical, automatic
20 Recital (17) of Directive 200/31/EC
21 Directive 2015/4535 laying down a procedure for the provision of information in the field of technical regulations and of rules on Information Society Services
22 Madiega, 2020, p.1
23 P. 8, Riis & Schwemer, 2019, p.8
10
and passive nature, which implies that the information society service provider has neither knowledge of nor control over the information which is transmitted or stored.”
Accordingly, when the knowledge or control of the online intermediary exceeds a mere technical, automatic and passive nature in terms of the transmitted/stored information, the online intermediary would lose its liability exemption.
The ECD has a horizontal approach when assessing the liability of the providers of information society services. Accordingly, when the specific conditions are met, the Directive provides exemption to the online intermediaries from multifarious liabilities, including contractual, administrative, tortious or extra-contractual liability, penal liability, civil liability, or any other type of liability, including copyright infringements.24
i) Liability Exemptions for Hosting services providers
As per the Art 14 of the ECD, if an information society service provider, provided that it consists of the storage of information provided by the recipient of the service and, the provider does not have actual knowledge of illegal activity or information and is not aware of facts or circumstances from which the illegal activity or information is apparent; or it acts expeditiously to remove or block to the related content upon obtaining such knowledge of awareness.
The hosting providers have a relatively more active role with respect to the content hosted by them since they have ‘duties of care’ and ‘notice and take down’ obligations. As concluded from Article 14, the hosting providers have to act expeditiously when they have the ‘actual knowledge’ of the illegality of the content.25 However, there are no detailed rules and guidance for notice and action procedures in the E-commerce Directive.26
ii) Prohibition on General Monitoring
As per Article 15(1) of the E-commerce Directive, a general obligation of monitoring the information transmitted or stored by the provider of the information society services or a general obligation to actively seek facts or circumstances indicating illegal activity shall not be imposed
24 Madiega, 2020, p.2
25 Madiega, 2020, p.3
26 Hoffmann, Anja & Gasparotti, Alessandro, Liability for illegal content online, Weaknesses of the EU legal framework and possible plans of the EU Commission to address them in a “Digital Services Act”, cepStudy, March 2020, p. 10
11
by the Member States27. This prohibition is only for the monitoring obligations featuring general nature. Nevertheless, this does not prevent the Member States from ordering injunctions against specific cases, and the intermediaries may be ordered to terminate or prevent infringements. As per Art 18 of ECD, the court actions of the Member States may include rapid interim measures to terminate any infringement and prevent any further impairment of the interest involved28. Such action to prevent “any further impairment” may be specific monitoring obligations ordered by a Member State's national court29. As a result, de facto monitoring obligations with specific nature can be imposed on online intermediaries to prevent future infringements which has the same of equivalent content.30
4. Liability Exemptions and Monitoring Obligations under Digital Services Act a. Liability Exemptions
The DSA has preserved the provisions on the liability regime for the online intermediaries of the ECD. The ‘mere conduit’, ‘caching’ and ‘hosting’ as the information society services and the liability exemptions founded their place in Article 3, 4 and 5, respectively. Minor adaptions and better wording were made. However, the safe harbour regime in the provisions was mainly preserved. While not amending the general liability regime, DSA enlightens the classification of newly emerged systems31.
For the hosting services, the online platforms allowing the consumers to conclude distance contracts with trades, they will not enjoy the liability exemption if they lead a consumer to believe that the information, product or service is either provided by the online platform or by a recipient of the service who is acting under its authority or control.32
b. General Monitoring Prohibition
The DSA keeps the prohibition of the general monitoring clause naturally. Besides, it is emphasized that the specific monitoring obligations may be ordered by the Member States’
judicial or administrative authorities in accordance with the conditions in the DSA. Aimed at achieving the functioning of the internal market, since the national judicial or administrative
27 Art 15(1) of ECD
28 Art 18 of ECD
29 See Recital (47) of ECD
30 Hoffmann & Gasparotti 2020, P. 9; Regarding preventing future infringements, we will examine the Eva Glawischnig-Piesczek v Facebook case below.
31 See Recital (13) of DSA.
32 Art 5 of DSA
12
authorities may provide orders against specific illegal content for the providers of the information society services which might operate globally, the proposal sets out certain conditions to illuminate the fading line between specific and general monitoring while promoting automated recognition tools and balancing the risk of using them. The Commission offers the DSA to be a legal basis for the technological means to prevent any illegal content from reappearance, “accompanied with the highest safeguards to avoid that lawful content is taken down erroneously.”33
The successor of Article 15 of ECD is Article 7 of the DSA. It still keeps the prohibition of general monitoring of the information which is the subject of the services of the online intermediaries. In addition to that, Article 7 brings new rules, i. e. – prohibition on mandatory use of automated content moderation tools, prohibition on preventing end-to-end encrypted services, and the prohibition on preventing anonymous use of services.
The DSA has also introduced a Good Samaritan clause with Article 6 and ruled that when the providers of intermediary services carry out voluntary investigations or other activities to detect, identify, remove or disable the access to illegal content, they will not be deemed ineligible for the safe harbour regime34 as long as they carry out those activities in good faith and a diligent manner35. We will analyze Articles 6, 7, and related provisions below chapters.
c. Specific Monitoring
Undoubtedly, the ability to order providers to act against a specific content by the Member States' national judicial or administrative authorities was preserved. To prevent the issuance of different orders by different Member States’ judicial or administrative authorities against illegal content or to provide information and protect the providers from any disproportionate burdens and not affecting the rights of the third parties, the DSA remarks that there is a necessity to set the particular condition for such orders36. It is also set out that the orders to act against illegal content should be issued in compliance with the GDPR, Union law and prohibition of general obligations to monitor the information or actively seek facts or circumstances indicating illegal content or activity.37
33 Context of the DSA Proposal.
34 Art 6 of DSA
35 Recital (25) of DSA
36 Recital (29) of DSA
37 Recital (30) of DSA
13
An important amendment has brought the possibility of having a right to an effective remedy against such order by the Member States.38
5. Analysis of Information Society Services in Case-Law and Digital Services Act Over the years, with the newly emerging internet tools and complex intermediary services, the definition and scope of the information society services under ECD had to be interpreted by the European Court of Justice (“ECJ”) in the cases. Case law has become the band-aid for the gaps in the implementation of the ECD. This chapter will first determine the shortcomings and gaps in ECD in practice and the interpretation of the ECJ in different cases. We will further discuss whether the DSA has addressed such needs and filled the legal gap.
a. Shortcomings of E-Commerce Directive regarding Information Society Services
In the ECD, the information society services were not explicitly defined but only referred to the definition in the Directive 98/34/EC of the European Parliament and of the Council of 22 June 1998 laying down a procedure for the provision of information in the field of technical standards and regulations and of rules on information society services. The liability exemptions (safe harbour regime) and the prohibition of general monitoring apply to the information society services. Considering the mentioned definition, whether new unique and unprecedented systems of the online services created after the ECD should be counted as information society services was unanswered. This issue has led to divergent case law at the national and Union level39. The applicability of the E-commerce Directive to 'activities sponsored by advertisements', 'entirely free models' (e.g. Wikipedia) and to 'freemium models' is doubtful (i.e. when users make free use of a service and only some of them pay remuneration, f.ex.
WinRAR)40.
Regarding hyperlinks and search engines, a UK Court considered hyperlinking a mere conduit activity while a German court interpreted its status as a form of hosting.41 Since they cannot
38 Art 8(2b) (new) of DSA
39 Madiega, May 2020, p.4; S. Stalla la-Bourdillon, Internet Intermediaries as Responsible Actors? Why It Is Time to Rethink the E-Commerce Directive as Well, 2017.
40 Ibid, author’s note: for example, to get more storage capacity.
41 Ibid, European Commission, Summary of the results of the Public Consultation on the future of electronic commerce in the Internal Market and the implementation of the Directive on electronic commerce
(2000/31/EC), 2010.
14
easily be determined under one of the three information society services mentioned in the ECD, the liability exemption cases of search engines and hyperlinks are unclear. Even though they fall under the definition of the information society services under the ECD, it is not clear to classify them under: a mere conduit, caching, or a hosting provider. Therefore the requirement set out in the liability exemptions for mentioned providers are not actually met and it remains whether the search engines and hyperlinks can enjoy the liability exemptions or the question of how will enjoy such under ECD is not clearly identified.42 Besides, whether the social networks, online marketplaces, blockchain services fall within the information society services under the ECD is also unclear.
The status of collaborative and sharing platforms was also unclear whether they are information society services. In the Uber and AirBnB cases, ECJ has made a vital interpretation to distinguish whether collaborative and sharing platforms can be considered providers of information society services. Since similar applications that make the customer and the service providers meet are increasingly used in the market, we opine that those decisions illuminate the potential evaluations on such products whether they constitute an information society service within the meaning of the ECD or the DSA.
i) Uber Case
In the Uber case (Case C-434/15 Asociación Profesional Elite Taxi v Uber Systems Spain SL), uzgado de lo Mercantil No 3 de Barcelona (Commercial Court No 3 of Barcelona), prior to evaluate whether Uber Systems Spain SL (“Uber”) acts of unfair competition as the Uber or its drivers (who are unprofessional drivers in terms of the licenses and authorizations required under the Regulation on taxi services in the metropolitan area of Barcelona), considers it is required to ascertain if Uber has to have prior administrative authorization. Therefore, the services of Uber should be determined whether to be regarded as transport services, information society services or a combination of both. As long as such services are considered information society services and the ECD and Directive 2006/123 to be applied to Uber’s services, Uber’s practices could not be regarded as unfair.43
The ECJ has assessed this case to establish a milestone to understand the potential future issues.
According to the Court’s assessment, Uber provides an intermediation service consisting of
42 Hoffman & Gasparotti, March 2020, p.10
43 Court of Justice of the European Union Press Release No 136/17, Luxembourg, 20 December 2017
15
connecting a non-professional driver who uses his own vehicle with a person who wants to make an urban journey via a smartphone application for remuneration. In principle, this phenomenon meets the criteria of classification as an ‘information society service’ within the meaning of Article 1(2) of Directive 98/34 and Article 2(a) of Directive 2000/31 while the non- public urban transport services, such as taxi services, must be classified as ‘services in the field of transport’ within the meaning of Directive 2006/123. The Court notes that without the application of Uber, the drivers would not be led to provide transport services and the persons who wish to make an urban journey would not use the services provided by those drivers.
Furthermore, Uber has a certain degree of control over the quality of the vehicles, the drivers and their conduct and Uber gets the fare from the client first and pay a part of it to the non- professional driver.44
With such control and decisive influence, the main component of the services provided by Uber has been interpreted as the transport service. Accordingly, such services cannot be classified as an ‘information society service’.
ii) Airbnb Case
On the other hand, in the Airbnb Ireland case (C-390/18), the Court decided that the related activities of the Airbnb in the case should be classified as an information society service. The Court noted that to underline the different nature of such an intermediation service concerning the accommodation services to which it relates, first, that service is not aimed only at providing immediate accommodation services. Still, it consists of providing a tool for presenting and finding accommodation for rent, thereby facilitating the conclusion of future rental agreements.
“Therefore, that type of service cannot be regarded as being merely ancillary to an overall accommodation service. Second, the Court pointed out that an intermediation service, such as the one provided by Airbnb Ireland, is in no way indispensable to the provision of accommodation services, since the guests and hosts have a number of other channels in that respect, some of which are long-standing. Finally, third, the Court stated that there was nothing in the file to indicate that Airbnb sets or caps the amount of the rents charged by the hosts using that platform.”45
44 Case C-434/15
45 Court of Justice of the European Union Press Release No 162/19
16
Furthermore, the Court stated that unlike the intermediation services at issue in the judgments of Uber Spain and Uber France cases, neither that intermediation services nor the ancillary services offered by Airbnb Ireland make it possible to establish the existence of a decisive influence exercised by Airbnb over the accommodation services to which its activity relates, with regard both to determining the rental price charged and selecting the hosts or accommodation for rent on its platform.46
Even though the Airbnb Ireland case does not entirely satisfy the required legal understanding, as it is seen, the Court scrutinizes the level of control over the services provided to classify the provided service to determine whether it is an information society service. The Court’s judgment and reasoning illuminates us that the ‘degree of control’ by the provider over the provided services compasses the classification on the provider to determine whether it is an information society service provider. Comparing the Uber and Airbnb cases, we can conclude that if the level of control increases, the services is more likely to be interpreted as information society services.47
b. Definition of Information Society Services in Digital Services Act
Considering the case law on interpretations of the notion of the information society services, the Digital Services Act (“DSA”) has preserved the definition of the information society services as it means within the meaning took place in Article 1(1) (b) of the Directive 2015/153548. ‘Remuneration’ is also taking place with its explanation in Article 2. Direct or indirect payment, including cases where the recipient provides data in exchange for the online services, is considered ‘remuneration’49.
Besides that, the DSA acknowledges the new technologies emerged and rules that the providers of services establishing and facilitating the underlying logical architecture and proper functioning of the internet, including technical auxiliary functions, can also benefit from the exemptions from liability set out in this Regulation, to the extent that their services qualify as
‘mere conduits’, ‘caching’ or hosting services. The following is noted as examples for such services; wireless local area networks, domain name system services, top-level domain name
46 Ibid.
47 Madiega, May 2020, p.5
48 Recital (5) and Art 2 of DSA
49 Art 2(1) of DSA
17
registries, certificate authorities that issue digital certificates, or content delivery networks that enable or improve the functions of other providers of intermediary services. Also, online services such as Voice over IP, VPNs50, cloud infrastructure services51, messaging services and web-based e-mail services were mentioned to be able to benefit from the exemptions from liability to the extent that such services qualify as ‘mere conduit’, ‘caching’ or ‘hosting’
service.52 Cloud computing services providers are not considered as online platforms, provided that the dissemination of content is minor or an ancillary function.53
When defining the activity of the intermediary service provider, another improvement brought by the DSA with adopted text is that in the case of a website/webpage includes different elements which qualify as different intermediary services – mere conduit, caching or hosting services. In such cases, each part of that service will enjoy the liability exemption accordingly.54
Even though not much illumination was brought upon this issue with the DSA, the problematic case of collaborative and sharing platforms has been recognized, and it is concluded that the DSA should not apply to cases where the intermediary service is not an integral part of the provided service.55 Furthermore, as stated in the previous chapter, remuneration was defined, and Recital 13 of DSA has defined social networks and online marketplaces as providers of hosting services. Recital 13 also shows that the hosting services providers which dissemination to the public is merely an ancillary feature are not defined as online platforms.
6. Evolution of General Monitoring Prohibition
The prohibition of general monitoring obligation is a “foundational cornerstone” of the global internet regulation, and this principle has contributed to everyone’s everyday digitally living place, the internet, become a free and independent space where people can exercise their freedom of expression globally. With this principle, the online platforms and online service providers were prevented from being digital gatekeepers.56
50 Virtual Private Networks
51 VPNs and cloud infrastructure services were introduced in the adopted text with the amendments to the DSA.
52 Recital (27) of DSA
53 See Recital (13) of DSA.
54 See Amendment 24 (Recital (27a)) of adopted text of amendments to DSA.
55 See Recital (6) of DSA
56 More responsibility to online platforms – but at what cost?, EDRi, 19 July 2019
18
With the ECD, while the Member States having been prohibited for imposing a general monitoring obligation on service providers, there was left a leeway to monitoring obligation in a specific case.57 Following that, the ECD also left the possibility open to require the service providers to apply duties of care to detect and prevent certain illegal activities. However, the only safeguard mentioned by the ECD was that such duties of care should be reasonably expected from the service providers and specified by national law.58 With the ECD, Member States are allowed to require hosting providers to apply duties of care, which are not clearly specified. Consequently, the boundary between duties of care and general monitoring remains unclear.59 Also, the ECD does not prevent or prohibit proactive monitoring on the service provider’s own initiative as long as it is not in the nature of general monitoring.60
Nevertheless, this principle evolved in the direction of more and more monitoring obligations which promotes the seemingly specific attribution towards the limit of general monitoring. Now the current policy in the EU is shifting from implementing intermediary liability to promoting intermediary responsibility, and the use of algorithmic content moderation tools and similar technology is challenging the general monitoring prohibition.61
The automated filtering mechanisms are referred to with different wordings in the sector and academia, such as ‘proactive measures’, ‘content recognition tools’, ‘content recognition technologies’, ‘algorithmic content moderation tools’ or ‘automated tools/measures/means’.62
The initiatives for introducing automated recognition means were not started with the DSA.
Algorithmic content recognition tools were already playing and still play a significant role in copyright protection, and such automated measures took place in some legislation before the DSA63. For example, in 2016, the proposed Directive in copyright in the Digital Single Market had provisions containing ‘content recognition technologies’ to ensure the protection of the copyrighted work of the rightholders. As a safeguard’ the principles of appropriation and
57 Recital (47) of ECD.
58 Recital (48) of ECD.
59 Kuczerawy, Aleksandra, To Monitor or Not to Monitor? The Uncertain Future of the Article 15 of the E- commerce Directive, New Controversies in Intermediary Liability Law, https://balkin.blogspot.com/2019/05/to- monitor-or-not-to-monitor-uncertain.html, 29 May 2019.
60 Hoffman & Gasparotti, March 2020; p.27.
61 Madiega, May 2020, p.15; A. Kuczerawy 2019.
62 Riis & Schwemer, 2019, p. 1
63 Madiega, May 2020, p.15
19
proportionality were introduced and deleted after due to the backlash and rejection64. However, eventually, Article 17 of the 2019 Directive on copyright and related rights in the Digital Single Market (“EU Copyright Directive”) emphasizes adopting such content moderation tools while reminding the Member States to bear in mind the principle of proportionality. Regulation (EU/2021/784) on preventing the dissemination of terrorist content online also promotes and encourages to take automated detection tools.65 Furthermore, we see the promotion of automated tools to combat infringements in Regulation 2017/2394.66 Code of Practice on Disinformation and the Audiovisual Media Services Directive (revised in 2018) are also the other examples fostering the intermediary responsibility trend in the European Union.67
In the Commission Recommendation on measures to effectively tackle illegal content online (EU 2018/334), under Chapter 2 on General recommendations relating to all types of illegal content” point 18 titled “Proactive Measures”, it is stated that “Hosting services the proactive measures should be encouraged to take, where appropriate, proportionate and specific proactive measures in respect of illegal content. Such proactive measures could involve the use of automated means for the detection of illegal content only where appropriate and proportionate and subject to effective and appropriate safeguards, in particular the safeguards referred to in points 19 and 20.”68 Articles 19 and 20, on the other hand, stipulate that there should be effective and appropriate ‘safeguards’ provided to ensure the hosting services providers act diligently and in a proportionate manner, to avoid removal of legal content inadvertently, and to ensure that the removal or disabling decision is well and accurate.69 In Chapter 3 (Specific recommendations relating to terrorist content), Points 36 and 37 rule out that the hosting service providers should take specific and proportionate proactive measures.
However, there is not a safeguard provision stated in Chapter 3.70
The Regulation on addressing the dissemination of terrorist content online (EU 2021/784) has entered to force in June 2021. The Regulation defines “terrorist content” as any material that incites a terrorist offence. As per the Regulation, the hosting service providers should remove
64 Riis & Schwemer, 2019, p. 2
65 Madiega, May 2020, p.15.
66 Regulation on cooperation between national authorities responsible for the enforcement of consumer protection laws and repealing Regulation (EC) No 2006/2004
67 Kuczerawy, 2019
68 Riis & Schwemer,2019, p. 5
69 Point 19 & 20, Commission Recommendation on measures to effectively tackle illegal content online.
70 See Riis & Schwemer,2019, p. 5
20
terrorist content or disable access to it all over the European Union in one hour. When a hosting service provider, based on a decision of the competent authority, is thought to be specifically exposed to terrorist content, it will also be obliged to take specific measures, which may include the adoption of appropriate technological measures or any other measure considered to be appropriate by the hosting service provider.71 In Recital 25, it is stated that a requirement to implement additional specific measures considered by the competent authority should not lead to a general obligation to monitor or engage in active fact-finding within the meaning of Art 15(1) of the ECD. However, it is possible for hosting service providers to use automated tools if they consider this to be appropriate and necessary to effectively address the misuse of their services for the dissemination of terrorist content.72 As a safeguard to avoid any erroneous decision leading to removal or disable access to content that is not terrorist content, Recital 23 stipulates that the hosting service providers should act with due diligence and implement safeguards, including human oversight.
On a minor note, the Regulation on addressing the dissemination of terrorist content online has introduced transparency obligations, including reporting obligations for hosting service providers just before the DSA.73
The Directive 2010/13/EU Audiovisual Media Services Directive applies to audiovisual media service providers. Article 27 of AVMSD also holds the video-sharing platform providers responsible for taking appropriate measures to protect minors from content that may impair their well-being.
The DSA promotes automated content moderation tools and encourages other actors, such as group moderators, to combat illegal content.74 However, various safeguards have also been added with the amendments adopted to the DSA in European Parliament. The DSA has been a solid benchmark to show the current and future policy of the EU with its overconfidence in the automated content recognition tools, provided that the certain safeguards are accompanying such automated means.
71 Giglio, Flavia, The new Regulation on addressing the dissemination of terrorist content online: a missed opportunity to balance counter-terrorism and fundamental rights?, CiTiP, KU Leuven, 14 September 2021
72 Recital (25) of Regulation on addressing the dissemination of terrorist content online
73 Art 7 of Regulation on addressing the dissemination of terrorist content online
74 Recital (26) of the DSA
21
For instance, addressing the transparency concerns regarding the algorithmic moderation content, amendments to Recital 38 stipulate that the information on automated content moderation tools should be included in the terms and conditions of intermediary services providers. To further reinforce the reliability of such automated tools, certain safeguards were also introduced in Recital 42. Hereto, the used automated tools in case of a removal, disabling access, demoting or imposing other measures regarding the content provided by a recipient should “have been proven to be efficient, proportionate and accurate”75. Still, these principles are not further explained. We think that the assessment of proof of such safeguards is yet to be interpreted in light of their previous history and application success, which also need to be assessed separately.
7. Inherent Risk of Over-Enforcement by Automated Tools a. Introduction
Academics have dwelled upon the risk of over-enforcement of take-down actions by automated content recognition tools. High reliance on robust technological means to combat illegal content bears the risk of over-blocking and taking down the lawful content and might infringe the fundamental rights of the recipients of the information society services.
An online intermediary, as a commercial entity, targets to minimise the costs, including the potential legal disputes or even time, considering its resources. This might lead to creating and using an algorithm that takes down “too much rather than too little”.76 Online intermediaries are ‘least-cost avoiders’ as commercial bodies. They will naturally lower the costs of liability and risk of being sued; to achieve that by applying algorithmic content moderation tools, they might end up embracing over-blocking.77 Even before creating such an algorithm, the expected approach from especially a large online intermediary to code the algorithm's logic, would be taking down the content even it would be debatable in terms of the illegality.
Furthermore, the algorithmic tools do not comprehend the context of the content, political activism, critiscm or satire.78 For example, Tumblr, a blogging platform, enforced an adult content policy by automated content moderation tools in December 2018, it resulted in emitted
75 Recital (42) of DSA
76 Riis & Schwemer 2019, p. 2
77 Frosio, May 2020, p. 19; author’s note: See Guido Calabresi, ‘Some Thoughts on Risk Distribution and the Law of Torts’ (1961) 70 Yale L.J. 499; Ronald Coase, ‘The Problem of Social Cost’ (1960) 3 J. L. & Econ. 1.
78 More responsibility to online platforms – but at what cost?. EDRi, July 19, 2019
22
much non-adult content. Using of automated content moderation tools is also challenged with the fact that the application of statutory exceptions to copyright differs between the Member States.79 When encountering contested content, a satirical or even an internet ‘meme’, the online intermediary would most likely choose to disable or remove it even though such content falls within the legal side.80
This issue was even acknowledged in the SABAM v Scarlett Extend case81 , and the Court pointed out that the algorithmic content moderation system might not distinguish the legal and illegal content82.
One should also remember that those algorithmic tools and proactive moderation tools use statistics, which might result in discriminative outcomes of those used technological tools. A computer vision confused a black person with a hand-held thermometer as if he is carrying a firearm while recognizing a hand-held thermometer in the hand of a white person as an electronic device.
Besides, the reporting obligations introduced in the DSA in different articles, might force the online platforms to evaluate their success in the combat against illegal content based on the numbers of removed or blocked content and how fast those removals were.83
DSA, with the amended texts adopted, has brought a safeguard for algorithmic content moderation tools. While Article 12 stipulates that the online platforms should publish their terms and conditions, including the explanation of algorithmic tools. Article 13 obliges online platforms with transparency reporting obligations which includes a qualitative description of how the automated content moderation tools are used.84
79 Riis & Schwemer 2019, p. 13
80 See Ibid.
81 C-70/10
82 Para. 52, C-70/10 Scarlet Extended SA v Société belge des auteurs, compositeurs et éditeurs SCRL (SABAM), https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62010CJ0070; See blow chapter.
83 More responsibility to online platforms – but at what cost?. EDRi, July 19, 2019
84 Art 13(1aa)(new)
23
b. Use of Automated Tools and Proactive Measures for Monitoring Obligations in Case Law
In the case law, the prohibition on general monitoring has been debated. Particularly, SABAM cases85, Eva Glawischnig-Piesczek86 case and finally Poland v European Parliament, Council of the Union87 bears significant importance. We will examine these cases, respectively.
i) SABAM v Scarlet Extend, SABAM v Netlog
In the Scarlet Extended SA v SABAM case, the Court explained that by weighing the right to intellectual property on the one hand (SABAM), and freedom of conduct business of the internet service provider (Scarlet) and its customers’ right to protection of personal data and freedom to receive or impart information on the other, it would not be a fair balance struck to adopt an injunction requiring Scarlett to install a filtering system which monitors all the electronic communications and information of its customers without any time limitation (‘the contested filtering system’). Such a system would oblige Scarlet to actively monitor all the data of its customers, which would amount to general monitoring, which is prohibited by ECD (Para.
40). Also, requiring such a filtering mechanism on Scarlet’s solely own expense would not be fair and proportionate -while being an excessively costly- measure under Article 3 of Directive 2004/48 (Directive on the enforcement of intellectual property rights). 88
The Court also mentioned that ‘the contested filtering system’ might not distinguish adequately between the lawful and the unlawful content, which could undermine the freedom of information by blocking the lawful communications.89
The Court adopted the same approach in the SABAM v Netlog case, which has a very similar legal basis to the Scarlett v SABAM case. It opined that an injunction requiring the contested filter mechanisms would constitute general monitoring.90
85 C-70/10, C-360/10
86 C-18/18
87 C-401/19
88 C-70/10 Scarlet Extended SA v Société belge des auteurs, compositeurs et éditeurs SCRL (SABAM), https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62010CJ0070
89 Para. 52, C-70/10 Scarlet Extended SA v Société belge des auteurs, compositeurs et éditeurs SCRL (SABAM), https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62010CJ0070
90 C-360/10 SABAM v Netlog NV,
https://curia.europa.eu/juris/document/document.jsf?docid=119512&mode=req&pageIndex=1&dir=&occ=firs t&part=1&text=&doclang=EN&cid=373472
24
What is apparent from the decisions that a ‘case specific’ monitoring obligation as a proactive measure to be applied indiscriminately to all the recipients of that online services amounts to general monitoring. One might argue that the fair balance sought between the intellectual- property rights and the freedom of communication led to the Court having that outcome and decision since there is no case law enshrining the protection of the intellectual property at that time91. Nevertheless, as the critical point, it should be understood that the contested measure to apply all the recipients of the service indiscriminately. Thus, the promoted automation tools in the recent legal instruments should be construed in the same way.
ii) Eva Glawischnig Piesczek v Facebook Ireland
In a very recent case, Case C-18/18 (Eva Glawischnig-Piesczek v Facebook Ireland Limited), the ECJ has ruled out a controversial decision. Ms Glawischnig-Piesczek, a member of the National Council of Austria and the chair of the political party ‘die Grünen’ (The Greens), has brought an action against Facebook Ireland in Austria to make the latter withdraw a ‘defamatory comment’ about her. The demand included that “by interim order of 7 December 2016, directed Facebook Ireland, with immediate effect and until the proceedings relating to the action for a prohibitory injunction have been finally concluded, to cease and desist from publishing and/or disseminating photographs showing..(her) if the accompanying text contained the assertions, verbatim and/or using words having an equivalent meaning as that of the comment.”92 The Supreme Court of Austria had brought the case before the ECJ and referred to questions, inter alia, whether such injunction, which obliges Facebook to remove other identically worded items of information worldwide, would be precluded by Art 15 of the ECD. Furthermore, whether the negative response to the first question applies in each case of information with equivalent meaning.93
Referring to Article 14, 18(1) and Recital 41 of ECD, the Court reminded that the national courts or administrative authorities may require the host provider (Facebook Ireland) to terminate or prevent an infringement by removing the illegal information or disabling access it.94 Having the broad discretion to take necessary measures, the Member States require the hosting provider to terminate any alleged infringement and prevent any further impairment of
91 As per para. 43 of C-370/10.
92 Case C-18/18
93 Ibid.
94 P. 24, Ibid.
25
the interest involved without limitation on their scope.95 The same principle was applied judging the worldwide extension of an injunction and the Court stated that the ECD does not preclude worldwide injunctive measures.96 The Court further “clarified” that Art 15 of ECD does not concern these specific monitoring obligations (the monitoring obligations ‘in a specific case’).97 The Court states that to achieve preventing any illegal act being repeated or further impairment of the interests involved, it can be ordered that the host provider remove such content; which is equivalent to the content having equivalent meaning to the defamatory comment “which was previously declared to be unlawful, or to block access to that information, provided that the monitoring of and search for the information concerned by such an injunction are limited to information conveying a message the content of which remains essentially unchanged compared with the content which gave rise to the finding of illegality and containing the elements specified in the injunction, and provided that the differences in the wording of that equivalent content, compared with the wording characterising the information which was previously declared to be illegal, are not such as to require the host provider to carry out an independent assessment of that content,..”.98
iii) Poland v European Parliament and Council
The Republic of Poland has brought an action against the European Parliament on 24 May 2019 demanding the annulment of Article 17(4)(b) and (c), which are the wording ‘and made best efforts to prevent their future uploads in accordance with point (b)’) of Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC. Poland raises the argument that this provision is infringing the freedom of expression and information guaranteed by Article 11 of the Charter of Fundamental Rights of the European Union and claims that;
“..specifically that the imposition on online content-sharing service providers of the obligation to make best efforts to ensure the unavailability of specific works and other subject matter for which the rightholders have provided the service providers with the relevant and necessary information (point (b) of Article 17(4) of Directive 2019/790)
95 P. 30, Ibid.
96 P. 50, Ibid.
97 P. 34, Ibid.
98 P. 53, Ibid.
26
and the imposition on online content-sharing service providers of the obligation to make best efforts to prevent the future uploads of protected works or other subject-matter for which the rightsholders have lodged a sufficiently substantiated notice (point (c), in fine, of Article 17(4) of Directive 2019/790) make it necessary for the service providers — in order to avoid liability — to carry out prior automatic verification (filtering) of content uploaded online by users, and therefore make it necessary to introduce preventive control mechanisms. Such mechanisms undermine the essence of the right to freedom of expression and information and do not comply with the requirement that limitations imposed on that right be proportional and necessary.”99
If those provisions cannot be deleted from Art 17 of the Copyright Directive without substantively changing the rules contained in the remaining provisions of that Article, Poland argues that the Court should annul Art 17 of the Copyright Directive in its entirety.100
The action is still pending, and no decision has been made yet. But Advocate General Henrik Saugmangaard Øe’s Opinion has been put forth. Advocate General proposes that the Court should find that Art 17 of Copyright Directive is compatible with freedom of expression and information and therefore dismiss the action brought by Poland.
In his Opinion, the Advocate General Mr. Øe, evaluates the option to choose automated recognition tools by the online content-sharing service providers. On the one hand, as Poland and interveners101 claim that Art 17 does not require the providers to adopt automatic content recognition tools, and they have a ‘wiggle room’102 – considering the explicit reference was taken out from the draft: they may choose to use such tools or even develop new innovative solutions103. On the other hand, since online content-sharing service providers handle the
99 Case C-401/19, Poland v European Parliament
100 Case C-401/19, Poland v European Parliament
101 Kingdom of Spain, the French Republic and the European Commission. Portugal has not lodged a statement as an intervener.
102 Para 60 - 61 of Opinion of Advocate General Saugmandsgaard Øe, delivered on 15 July 2021, Case C-401/19.
103 Ibid; Advocat General Øe’s note: “See, to the same effect, Parliament press release, 27 March 2019,
‘Questions and answers on issues about the digital copyright directive’: ‘Is the directive creating automatic filters on online platforms? No. The draft directive sets a goal to be achieved … The draft directive however does not specify or list what tools, human resources or infrastructures may be needed to prevent unremunerated material appearing on the site. There is therefore no requirement for upload filters. However, if large platforms do not come up with any innovative solutions, they may end up opting for filters …’ (available at
https://www.europarl.europa.eu/news/en/press-room/20190111IPR23225/questions-and-answers-on-issues- about-the-digital-copyright-directive).” footnote (70).
