On 10 January 2019, the regional Court in Rome (Tribunale di Roma) Section XVII Civil, issued decision no. 693, which addresses the issue of the liability regime of hosting providers with respect to illegal content that was uploaded by users of hosting services – also referring to the ‘active’ or ‘passive’ role of the hosting providers.
Internet service providers (a category which also includes hosting providers) are those network operators who are active on the information society services’ market and provide Internet services; such as, the connection, transmission and storage of data, also by making their technical equipment (i.e., servers) available for hosting such data. These data is routed through servers that perform the service, which can consist of providing either Internet access (access provider) or email-services and web space (hosting provider). In essence, the service providers take the role of an intermediary between those who want to make information available on the Internet and the end-users who wish to use or receive that information.
Henceforth the need to understand in which cases Internet service providers can be held liable for illegal content or operations performed by those who use the particular service, and in which cases they are not.
The necessary references to the legislative framework are to be found in Directive 2000/31/EC(hereinafter, the ‘Directive’) on information society services (in particular electronic commerce), as well as its implementation in Italy through the Legislative Decree 70/2003, which provides for exemptions from liability of certain service providers for offences and violations committed by its users – when specific requirements are met.
In particular, Article 16 of Legislative Decree 70/2003 exempts liability on the conditions that the provider:
- “is not aware of the fact that the activity or information is unlawful and, with regard to actions for damages, is not aware of the facts or circumstances that make apparent the unlawfulness of the activity or information;
- takes immediate action to remove the information, or to disable access to such information, as soon as it becomes aware of such facts, and upon the appropriate communication to the competent authorities“.
However, Article 15 of Directive restricts providers from imposing a general obligation of conducting preventative and generalised monitoring, as well as “a general obligation actively to seek facts or circumstances indicating illegal activities” (Article 15.1 of Directive), since this would result in curtailing the fundamental right to freedom of expression and information (art. 11, EU Charter of fundamental rights).
The result is a general ‘basic’ rule according to which internet service providers are not liable for the information processed and the operations carried out by the users of the service, unless they intervene within the users’ content or in the performance of the operations, thereby taking an ‘active’ role. In fact, recitals 42 and 43 of the Directive require a ‘passive’ role of the Internet service provider – i.e., one of a purely technical and/or automatic nature – in order to be entitled to the exemption in question.
Therefore, it follows that when the role qualifies as ‘active’, Article 16 (liability exemption) of the Decree would not be applicable and this, consequently, results to a non-contractual tort/delict under Article 2043 of the Italian Civil Code, which consists of an obligation for the provider to compensate any damages that arise thereof.
In short, in order to determine whether the liability exemption applies or not, it is necessary to understand in which cases the service provider takes an ‘active’ and / or a ‘passive’ role. The recent ruling is in line with national and supranational case-law on this issue.
According to the Italian case law, a hosting provider has an ‘active’ role whenever it intervenes – even merely in the organisation, selection or promotion of the uploaded material, enhancing the content or exploiting it economically by means of advertising. In this regard, according to the recent decision, it is sufficient to provide ‘assistance in enhancing the presentation of offers for sale and in promoting them‘, thus it is not necessary that the actual content has been manipulated with.
Conversely, a merely ‘passive’ role would occur whenever the service of the hosting provider is limited to providing a ‘neutral service’ through a purely technical and passive processing of the data provided by the users, while also being able to offer better usability through technological expedients, such as providing simple technical access (App. Milano 7.01.2015 Yahoo vs. RTI), without – due to this purpose – departing from its ‘passive’ role. In other words, the hosting provider must be precluded from having control over the content or editing rights that would give the provider knowledge about the content, since that way the provider would meet the aforementioned requirement of Art. 16.1.a of the Decree and therefore trigger its liability.
As a matter of fact, the Court of Justice of the European Union has on several occasions stated that having an ‘active’ role does not impose on the provider the generalised obligation of an ex ante control on all uploaded content; likewise, having a ‘passive’ role does not exempt from liability if – once becoming aware of the illegal character of an activity or information – the provider does not take action and remove them, provided that this would meet the requirement under Article 16.b of the Decree.
This in turn leads to the question of what is actually meant by ‘to become aware’ and, consequently, when the obligation to take action is triggered, and what shall be done.
According to the decision of the Court in Rome, it would not be necessary to have a personal and first-hand knowledge of the illegal content, but it would be sufficient that the technological means (e.g., the software that indexes/catalogues/structures the data in an automatic manner, without any human intervention) are suitable to allow for the ‘awareness’ and control of the stored data. In such cases, the provider would be considered as ‘being aware’ of the contents and, in case of inaction, would be held liable to Article 2043 of the Italian Civil Code for the consequent damages.
However, it is clarified that if the awareness does not occur independently (or indirectly through the technological equipment of the provider), the obligation to take action could arise ex post, following a complaint by the competent authorities or a precise indication of the contents to be removed by the potentially damaged person. In the present case, a general instruction requiring the provider to search for ‘all the programs’ illegally uploaded or disseminated in an indiscriminate manner was considered insufficient, but it was also clarified that the exact indication of the URLs of each illegal audio-visual content is not necessary, insofar as the simple knowledge of the title of the illegal audio-visual content is sufficient to trigger the obligation of taking action.
With regards to the substance of the providers’ ‘diligence’: recital 48 of the Directive requires the diligence “which can reasonably be expected from them and which are specified by national law” and consists of removing the content or promptly disabling access to it.
In short, the ‘awareness’ of the provider, as outlined above, triggers the obligation for the provider to take action diligently to remove the illegal content. Conversely, inaction can be held liable under Article. 2043 of the Italian Civil Code; the compensation includes actual loss/damage and the loss of profits. The latter is quantified using the criterion of the so-called “consent price“, meaning the sum of money that the user would have had to pay to the rightful owner according to the time and the conditions of use of the content.
As a conclusion it is noted that, in order to effectively benefit from the liability exemption a provider has to (i) be in a ‘passive’ position and (ii) take action diligently, once it becomes aware about any illicit content or action.
Moreover, any provider (‘active’ or ‘passive’) needs to take action diligently once it is aware of any illicit contents, consequently, the failure to apply such diligence triggers its liability under art. 2043 of the Italian Civil Code.