SCL Event Report: Foundations of IT Law – Module 2: Internet Law

January 23, 2014

This event, the second in the SCL’s new Foundations of IT Law programme, was hosted by Bird & Bird and chaired by Roger Bickerstaff, who began by explaining his own belief in the importance of having a thorough appreciation of various Internet-related issues when practising as an IT lawyer.  The speakers were Professor Chris Marsden of Sussex Law School, who intriguingly titled his presentation ‘Back to Basics: Internet Law or ‘Three Wise Monkeys of Cyberspace” and Simon Deane-Johns, who covered a variety of topics in his talk ‘E-Commerce to Crowdfunding’.

Chris Marsden explained that much of his presentation was heavily based on a chapter in his recent book, the Oxford Bibliography of Internet Law (OUP, 2012) and would focus mainly on the liability of intermediaries rather than individuals.

In analysing the position under the E-Commerce Directive 2000, Chris noted the dangers for internet service providers (ISPs) of having actual knowledge of content, and the desirability for them of acting as ‘mere ciphers’.  Should ISPs engage in any ‘active’ filtering, they lose the protection afforded to them by Article 14, so a position of ‘masterly inactivity’ (except when instructed otherwise by law enforcement agencies) is the safest default position.

Chris offered an extremely interesting historical overview of the development of the law in this area, from cases in the early 1990s involving blasts from an internet age gone-by, such as Compuserve, through to more recent decisions involving the modern day giants of Google and eBay.  There has been no reform of the 2000 Directive but merely ongoing refinements by national courts; Chris contrasted the fragmented approach to this area across Europe with the clarity of the position in the US after the Digital Millennium Copyright Act of 1998.  He acknowledged that there had been a significant amount of ‘soft law’ in this area in the form of EU reports, frameworks and expert working groups aimed at effecting a more coherent pan-European framework to promote trust in the single market, but admitted that the situation was still far from ideal.

The only area where there has been significant reform is regarding the notice and take-down procedure, where there has been a consultation and an evaluation study.  Chris noted that concerns over the threats to free speech provided by the inherent incentive in the E-Commerce Directive to ISPs to ‘shoot first and ask questions later’ were not new, but there was often a feeling in this area that one was grappling with a Gordian knot!

Chris moved on to cover the position in relation to web sites and libel law within English law.  He examined in detail the 2012 case of Tamiz v Google (where a Conservative council election candidate failed to persuade the courts that Google should be liable at common law as a publisher in respect of defamatory comments made on a Google hosted blog) and moved on to address the Defamation Act 2013, which came into force on 1 January 2014 and introduced a new threshold of ‘serious harm’.  Under the new Act, Chris noted that it is a defence for the operator to show that it was not the operator who posted the statement on the web site, a defence which crucially is not defeated by reason only of the fact that the operator of the web site performs a moderating role in relation to statements posted on it by other individuals. 

Chris went on to consider various other aspects of the new Act, in particular the time periods for web site operators to respond to complaints, the form under which notices must be sent and the provisions of Section 10 of the Act, which provides a ‘knock-out blow’ for web site operators where it is ‘reasonably practicable’ for the complainant to bring an action against the author, editor or publisher.

He concluded that whilst the new Act appears to have strengthened the position of web site operators, it would be highly desirable for the MOJ’s guidance in this area to be simplified in order to avoid confusion.  Now that the Act is in force, some early test cases would be very useful, although Chris suggested that he thought these would be unlikely to eventuate until 2015.

Chris then proceeded to look at issues regarding intermediary liability and copyright, and the balance that the Court of Justice of the European Union requires national courts to strike in respect of protecting intellectual property rights (Article 17(2) of the Charter of Fundamental Rights) and the protection of individual rights to free expression.  This balancing test is described by the courts as a proportionality test; interestingly, the case law shows that cost is relevant and that ease of circumvention is unlikely to be seen by the courts as determinative. The cost of compliance with blocking orders is generally modest in the UK as the technology has previously been developed in relation to child pornography.  Chris drew an analogy between Newzbin and Wikileaks – in both cases the publicity garnered as a result of the attempted or successful blocking of the original site led to a far greater number of hits on mirror sites holding the same material.

Chris finished with a very brief look at the controversial subject of net neutrality.  Typically, providers wish to find out what is being accessed by their customers so that they can block VOIP services which compete with their own telephone services, as well as video traffic, which the providers would like to be paid to provide.  Insofar as this activity involves intermediaries trying to gain greater knowledge, it runs counter to the ‘masterly inactivity’ model of best practice described above, hence the controversy.

Ofcom’s statement on the topic of net neutrality was ‘odd, though detailed’ in Chris’ view.  In essence, Ofcom expects ISPs to play fair and not throttle or block, but does not anticipate regulatory consequences if they do not.  The proposed ‘Connected Continent’ Regulation may change this – it appears that it would make blocking or throttling illegal, but would allow operators to charge a premium for higher speed ‘managed services’.

Simon Deane-Johns‘ presentation looked mainly at the areas of e-commerce, e-payments, behavioural targeting of online advertising and the emergent topic of ‘crowdfunding’.  He began by emphasising the importance of recognising the Internet as an increasingly complex, dynamic and borderless system.  The proliferation of powerful, mobile devices and the consequent rise in machine readable data has given rise to enormous scope for ‘big data’ and the ability for consumer advertising to be more tightly focused than ever before.  On the other hand, however, Simon stressed the potential of ‘small data’ – for example, the use by consumers of price comparison sites to facilitate finding the correct products and the best deals for their needs.   Simon expressed his view that there was an increasing need for the law to recognise the shift in control (by consumers) and facilitate innovation and competition.

He then covered the current regulatory backdrop to the area in the form of the E-Commerce Regulations, the Distance Selling Regulations, as well as the forthcoming changes under the new Consumer Contract Regulations, which take effect on 13 June 2014.  On the subject of displaying advertisements to Internet users, based on data generated by that user’s activity (behavioural targeting), Simon explained that this existed in both site-based and network-based paradigms and engaged a variety of regulatory risks for participants, whether they be site publishers, advertisers, network operators or ISPs.  Whereas site-based behavioural targeting tracks a user’s journey through the use of cookies, network-based behavioural targeting can also work by inspecting browsing traffic passing through a participating internet service provider (deep packet inspection, or DPI).

He considered the applicability of provisions within the DPA, RIPA, the Computer Misuse Act, the Fraud Act and CDPA and questioned the circumstances under which a failure to show that an individual has consented to behavioural advertising would come to give rise to liability under the Fraud Act or the CDPA.

Simon went on to consider the regulatory framework relating to e-payments, and the various questions that arise in relation to identification of people in the offline and online contexts.  He discussed the exemptions relating to payments made in the context of electronic content provision as well as those where payment instructions are only accepted in the issuer’s premises (the ‘limited network’ exception).  Simon expressed the view that bringing Facebook credits within the scope of the limited network exception was stretching the bounds of credibility somewhat (indeed, he felt that Facebook probably had similar concerns!).

In the final part of his talk, Simon addressed the issue of crowdfunding and the attendant regulatory challenges that arise when the framework is based on the assumption that financial instruments are issued by a single provider to investors/depositors who have no control or visibility on how proceeds are used.

He noted that the FCA considers crowd investment in start-up companies as high risk, but concluded by questioning whether it was justifiable or coherent for consumers to be able to lose money to, say, a bookmaker in a relatively unregulated fashion, whilst at the same time being presented with barriers to investing in start-ups which provide employment, consumer goods and services, and give investors a high degree of transparency.

The next module in the SCL’s Foundations of IT Law series is Outsourcing Law and Practice, which will be hosted by Baker & McKenzie LLP on Wednesday 5 March 2014 from 4-6 pm.

Paul McMahon is an Associate in the Commercial Group at Bird & Bird LLP