Outside the Safe Harbours, EU Intermediary Liability Law Capsizes into Incoherence

What is the “Value gap” and why it’s deeply worrying

Carlo Bonavia [Public domain], via Wikimedia Commons

As has by now been extensively reported, on 14th September the European Commission released its new copyright reform package. Prominent within this is its Proposal for a new Directive on Copyright in the Digital Single Market.

The Proposal contains an array of controversial offerings, but from the perspective of this intermediary liability researcher, the most interesting provision is the proposed Article 13 on ‘Certain uses of protected content by online services’. This is highly problematic in a number of different ways.


The Supposed Problem

As the Communication on a fair, efficient and competitive European copyright-based economy in the Digital Single Market (which was released in parallel to the Proposal) explains, the new Article 13 is intended to address what in Brussels parlance over the past year has come to be termed the ‘value gap’. This refers to the idea that revenues generated from the online use of copyright-protected content are being unfairly distributed between the different players in the value chain of online publishing. A distinction is usually drawn in this regard between ad-funded platforms, such as YouTube, Dailymotion and Vimeo, and subscription-funded platforms, such as Spotify or Netflix. While the latter require the consent of copyright-holders to operate legally, the business model of the former revolves around user-created content (UCC). As a result, they tend to focus not on copyright licensing, but on notice-and-takedown systems, which allow them to tackle any unwanted infringements of copyright snuck onto their websites by their users.

According to the Communication, this creates difficulties for right-holders seeking to monetise their works. The Impact Assessment that accompanies the directive gives further insight into the Commission’s thinking. According to that document, some UCC-based providers refuse to negotiate any agreement with right-holders. Where providers have offered right-holders agreements for a share of ad-generated revenue, right-holders argue that these are different from copyright licensing agreements and therefore unfair. The providers in turn point out that they are not under a legal obligation to negotiate with right-holders and that they enter into monetisation agreements on a purely voluntary basis. They argue that right-holders often request terms that are unreasonable for the type of service they provide.


The Proposed Solution

The new directive attempts to tackle the ‘value gap’ through the introduction of a set of alternative obligations. These are targeted at what it unhelpfully terms ‘information society service providers that store and provide to the public access to large amounts of works or other subject-matter uploaded by their users.’ According to Article 13(1) of the Proposal, such providers should:

a) take measures to ensure the functioning of agreements concluded with right-holders for the use of their works or other subject-matter
or
b) prevent the availability on their services of works or other subject-matter identified by right-holders through cooperation with the service providers.

Assessment

The Proposal is not a good one. In addition to using excessively ambiguous language for a legal text, the new provision relies on a questionable interpretation of both existing EU copyright law and EU intermediary liability law. Most importantly, how the proposed Article 13(1) can be seen as compatible with the higher-level rules of the EU’s Charter of Fundamental Rights is hard to grasp.

Problem 1: What are ‘Large Amounts’ of Content?

The problems begin with the definition of the targeted providers. What is an ‘information society service provider that stores and provides to the public access to large amounts of works or other subject-matter uploaded by their users’? In particular, what qualifies as ‘large amounts’ of works?

Presumably, the Commission is here trying to distinguish between the mega-companies of global reach that dominate the internet intermediary market and smaller scale businesses. It should be commended for this: it is not unusual in law to demand different things of different persons, depending on the size of the risk they pose to the interests of others and their ability to control it. In this particular instance, the power of the internet’s giants cannot compare to that of start-ups and SMEs.

But clarity is always necessary. 
Where is the dividing line between large and small amounts of content? When does a company cross from one category into the other? Does the size of the user-base matter or may the ‘large amounts’ of copyright-infringing content be provided by and to a small pool of end-users? Does the jurisdiction in which the majority of infringers are located matter? Must the ‘large amount’ consist entirely of infringing material or is the totality of the content on the provider’s systems what is relevant? When, in short, does David become Goliath? 
Without an answer to these questions, the scope of application of the new provision becomes impossible to determine.

Problem 2: What is ‘Providing Public Access’?

Question marks also surround the new-fangled notion of ‘providing public access’ to content. We already know that providers of services that ‘consist of the storage of information provided by a recipient of the service’ enjoy protection from liability under the hosting safe harbour of Article 14 of the E-Commerce Directive. Recital 38 of the Proposal makes clear that this protection is not to be affected, by noting that the obligations it creates with regard to agreements with right-holders will only materialise if the provider is not protected by the safe harbour. This makes sense, but it does raise questions regarding the sudden mutation of ‘storing’ into ‘storing and providing public access’.

Presumably, the new obligation will only concern hosts that both fail to qualify for the protection of the safe harbour and ‘provide public access’ to copyright-protected content. What such ‘public access’ looks like however and how it differs from ‘storing’ is entirely undefined. Is it simply enough to allow the material to be accessed by parties other than the uploader? Should the ‘optimisation of the presentation of the content’ or the ‘promotion of the content’, which the CJEU established as conditions for safe harbour protection in the L’Oréal v eBay case and which are referenced again in the Recital, play a role? Would then a provider ‘storing and providing public access’ essentially be a host that does not enjoy safe harbour protection? Is actual access by a large number of people necessary or is it only the creation of the possibility of public access that is material? Some further information would be helpful.

Problem 3: The Redefinition of Communication to the Public

More alarmingly yet, the consequences of providing such public access are — under the new Proposal — quite dire. Recital 38 declares that where a provider does store and provide access to the public to copyright-protected works or other subject-matter uploaded by its users, unless it is eligible for the hosting safe harbour, it is performing an act of communication to the public. It is therefore infringing and is liable for that infringement.

For a nonchalant statement hidden in a recital, this is quite the dramatic development of EU copyright law.

It is first important to remember in this regard that the E-Commerce safe harbours are immunities, i.e. defences against liability. Failure to qualify for a safe harbour does not therefore necessarily mean that the provider will be liable — it just signifies the loss of an extra layer of protection. The safe harbours’ main objective was instead a minimum level of EU harmonisation: where their conditions apply, all EU Member States must refrain from imposing liability on providers. But the safe harbours say nothing about when liability itself comes about. To answer that question we have to look at the substantive rules of copyright law.

What do those say? Under Article 3 of the Copyright Directive, communication to the public includes making a work available to the public ‘in such a way that members of the public may access it from a place and at a time individually chosen by them’. In the online environment, it is generally understood that the making available is, in the first place, done by the end-user, who is after all the one actually uploading the material. In order for the intermediary to be held directly liable for the user’s copyright infringement, its involvement in that infringement must be such that it essentially becomes its own — it must have been the one to communicate the work to the public, not simply have been used by somebody else in their communication. In some jurisdictions, such as e.g. France, this is a fairly easy legal step to take. In others however, the challenge is harder. So, for example, in the UK, the Usenet indexing website Newzbin was found to have communicated works to the public, but only because it had ‘intervened in a highly material way’ to make the claimant’s films available to a new audience. By contrast, in a case against The Pirate Bay, communication to the public was not even discussed.

Where direct liability cannot be established, the only way to hold the intermediary liable is through what can broadly be termed ‘secondary’ or ‘accessory liability’. This is the paradigm under which intermediary liability in the national law of many EU Member States is examined. But the rules governing accessory copyright liability are a) unharmonised in the EU and b) dependent on highly demanding conditions.

The UK, for example, requires that, to be held accessorily liable for the infringements of its users, the intermediary must have either authorised those infringements, procured or induced them or acted pursuant to a common design with its users to achieve them. That was, for example, what was found to have happened in the aforementioned Pirate Bay case. In Germany, Art. 830 of the Civil Code on joint tortfeasance governs the issue. This has been interpreted by the BGH to mean that, to be liable, any third party must have knowingly and intentionally combined with the primary wrongdoer to bring about the infringement, induced them to infringe or helped them in their infringement. The general consensus is that intermediaries do not qualify, as they lack the essential mental element. It is for this reason that intermediary liability in copyright is almost invariably handled in Germany through the alternative doctrine of Störerhaftung. This depends on less demanding conditions, but also limits remedies to only injunctive relief.

In conclusion, the legal barriers to holding an intermediary liable for its users’ infringements are unestablished on the EU level and exacting on the national one. To see them completely discounted in the new Proposal is therefore disconcerting. If the EU is going to harmonise accessory copyright liability (and I agree it should), it should give a lot more thought to the matter, adopt provisions in the main text of the legal instrument, not its recitals, and explain the logic behind its Proposal much more convincingly. Why should providers be liable for the infringements that others have committed? When and why does ‘storing and providing public access’ to works amount to a communication to the public? Why should intermediary services automatically be assumed to be illegal and hosts beholden to right-holders as soon as their business becomes successful? Not only does this Proposal not seem fair, but it assumes a huge legal leap that has no previous foundation in EU law.

Problem 4: Compatibility with Fundamental Rights

It is on this insecure legal basis that Article 13(1) relies. It is not entirely clear how the two obligations this introduces relate to Recital 38 of the Proposal. Presumably, if a provider does not enjoy the protection of the hosting safe harbour and is therefore — in the eyes of the Proposal — automatically liable, the first obligation kicks in: to take measures to ensure the functioning of agreements they will necessarily (since they are apparently communicating to the public) have concluded with right-holders for the use of their works or other subject-matter.

But how does one go about ‘ensuring the functioning’ of a monetisation agreement? That is not really made obvious. One indication is given by Recital 38, according to which, in order to achieve this result, providers must ‘take appropriate and proportionate measures to ensure protection of works or other subject-matter, such as implementing effective technologies.’

The Recital then goes on to state that this obligation should also apply when the providers do enjoy safe harbour protection. The wording here is a bit incoherent (why should providers protected by the safe harbour take measures to ensure the functioning of licensing agreements they don’t have?), but this is probably where the second obligation of Article 13(1) kicks in: to prevent the availability on the providers’ services of works identified by right-holders through cooperation with the service providers. Is this reasonable?

It should immediately be stated that the basic idea of imposing obligations on intermediaries is not a strange one. The imposition of duties of care (which is what the obligations essentially amount to) on intermediaries used by third parties to commit infringements is common in the national European jurisdictions. Indeed, as a general rule, national courts investigating accessory liability claims will, among other things, search for some indication that the intermediary behaved reasonably with regard to the infringements of its users. So, for example, a duty of care to install warnings against infringement has, in the past, been identified as a good way for analogue intermediaries, such as a photocopier provider, to avoid liability for third party infringements. That was the conclusion of the Kopierladen case in Germany and the Law Society of Upper Canada decision of the Canadian Supreme Court. Through abiding by the identified duty, providers can show that they have taken appropriate action and thus avoid liability.

On the EU level, Recital 48 of the E-Commerce Directive confirms this logic by explicitly acknowledging that Member States may impose duties of care on host service providers in order to both detect and prevent certain types of illegal activity. This could obviously include copyright infringement. The wording of the Recital suggests that it would also apply where the intermediary is protected by the hosting safe harbour. However, the Recital notes that these duties of care must be such that they can reasonably be expected from the providers, while they must also be specified by national law. Article 3 of the Enforcement Directive later reinforced these demands by declaring that, while Member States must ensure the enforcement of the intellectual property rights, any measures imposed should, inter alia, be fair, equitable and proportionate. At first sight, Article 13(1) of the proposed directive seems to move along similar lines, by warning that any measures adopted must be ‘appropriate and proportionate’.

The tricky part however comes in determining which duties of care can respect these limitations. Confusingly, Article 13(1) suggests as an example of measures that providers must adopt ‘the use of effective content recognition technologies’.

This is entirely inconsistent with established EU law — indeed, it violates the Charter itself.

‘Effective content recognition technologies’ are clearly synonymous with filtering measures. But the imposition of broad obligations to filter on hosting providers has conclusively been rejected by the CJEU in SABAM v Netlog. The Court in that case explained that such measures would fail to strike a ‘fair balance’ between, on the one hand, copyright (protected as a property right under Article 17(2) of the Charter) and, on the other hand, a) the provider’s freedom to conduct a business, protected under Article 16 of the Charter, b) the right of the provider’s users to the protection of their personal data, protected under Article 8 of the Charter, and c) the rights of those users to their freedom of expression, protected under Article 11 of the Charter. As Netlog moreover concerned an injunctive order that would have been issued by a court against a specific company, it’s hard to see how a general duty of care incumbent on all ‘large’ hosting providers and unsupported by the decision of a judicial authority that has vetoed its use in the specific instance could hope to fare any better.

Other complications also arise. Specifically, where the provider is protected by the hosting safe harbour, Article 15 of the E-Commerce Directive also kicks in. This prohibits Member States from imposing on intermediaries general obligations to monitor the information which they transmit or store, as well as general obligations actively to seek facts or circumstances indicating illegal activity. But (although this point is often overlooked) filtering is not possible without general monitoring — in order to ‘filter out’ unwanted content, one must monitor all content.

In other words, awkwardly, the Commission is proposing introducing a provision that would require Member States to adopt obligations which another EU law demands that they refrain from adopting.

Adding further incoherence, the new rule would also make the conditions of the hosting safe harbour redundant: under Article 14 of the E-Commerce Directive hosting providers must ‘act expeditiously to remove or to disable access to’ the offending content, as soon as they obtain ‘actual knowledge or awareness of facts or circumstances from which the illegal activity is apparent’. If they must however in advance proactively filter out infringements, then what is the point of the knowledge-activated take-down mechanism the safe harbour relies on? The new scheme would punch holes all over the E-Commerce Directive.

Apparently unperturbed by these shortcomings, Recital 45 of the proposed directive doggedly maintains that it ‘respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union.’ It notes that its provisions should be interpreted and applied in accordance with those rights and principles. Recital 46 further warns that any processing of personal data under the proposed directive should respect the right to the protection of personal data under Article 7 of the Charter. Certainly, Article 13(2) of the Proposal guarantees ‘complaints and redress mechanisms’ that should be made available to users in case of disputes over the application of the new obligations. Yet this represents a complete reversal of the current position and therefore a diminishment of users’ rights: according to the CJEU, end-users’ freedom of expression and the protection of their personal data require that filtering obligations not be imposed on intermediaries, not that users be given a right ex post to object to content removal. Indeed, such systems would do nothing to avoid the State-imposed general monitoring to which users’ content will now be subjected or the chilling effects on freedom of expression this will create. If end-users’ rights were truly to be considered, under the EU court’s own case law, the mention of ‘content recognition technologies’ in Article 13(1) should be completely ignored.

If it is ignored, it is unclear how the new provision would add anything to the protection that right-holders already enjoy. Without filtering, the only ‘measures to ensure the protection of works’ and ‘to prevent the availability of infringements on their services’ with which providers are left are those they already employ to maintain the protection of the hosting safe harbour: notice(or, more accurately, knowledge)-and-take-down systems. Problems do of course continue to surround the hosting safe harbour. Commentators have criticised its bare-bones approach and called for its further development into a detailed procedure. It was with this in mind that in 2013 a draft directive on notice-and-action was briefly floated. That proposal was in the end withdrawn unpublished, following — rumour has it — a conflict between interest groups over the inclusion of the counter-notice provision. Perhaps its revival would be a better course of action for the Commission?


Conclusion

Article 13(1) of the proposed directive is deeply worrying. It is ill-conceived, badly-worded and incompatible with established law. It betrays a bewildering lack of understanding of European copyright law and an alarming disregard for the law of fundamental rights. This is particularly true for the rights of end-users, i.e. the average person. It instead focuses only on strengthening the enforcement of copyright online.

While EU law does certainly demand a ‘high level of protection’ for copyright, something which should be respected, this absolute approach runs contrary to the ‘fair balance’ case law of the CJEU. By ignoring the dimension of intermediary and user rights, the Commission has placed itself in a bind: the measures it seeks to impose on intermediaries are illegal under the EU’s own law. Filtering is ruled out by CJEU case law and the Charter of Fundamental Rights, while imposing licensing agreements on providers is impossible unless they can be found to have violated an exclusive right — something the proposed directive takes for granted with zero analysis.

None of the above is of course to say that the proposed provision has no redeeming qualities. The idea of harmonising substantive intermediary liability is not in itself a bad one. The same is true of the instinct to do so through duties of care, a legal device which is recognised across the EU’s national jurisdictions. Indeed, I have recommended it myself in my own legal writings. If properly done, such a move could provide greater legal certainty for not only right-holders, but intermediaries and end-users as well, by bringing greater stability and unity to the current fragmented European intermediary liability landscape. But such developments should build on existing law, not undermine it, and they should definitely not seek to subvert principles as basic as fundamental rights. In other words, the EU should focus on a law-based approach that fleshes out current copyright law in a coherent manner.

In an era when post-truth politics and policy-driven evidence are eroding confidence in the EU, it is especially important that the European legislator commit to cogent, well-researched and fair legislation that takes due regard of the fundamental rights of end-users. The EU can do better than this Proposal. It now falls on the European Parliament and Council to review it. They should either strike Article 13 altogether or — preferably — replace it with something that resembles good law.


Originally published at kluwercopyrightblog.com on October 6, 2016.