The Regulated End of Internet Law, and the Return to Computer and Information Law?

It seemed unfair to hang on to this article from Professor Chris Marsden, another in our Tech Law Masterclass series for the October/November issue, when Internet regulation is such a hot topic. Chris looks back at the Internet’s legal history, with a view to helping us to move forward in an informed manner

In the last 25 years, many lawyers have been very excited about the global communications network connected by the Internet Protocol, which has transformed the consumer/prosumer and small business experience of electronic communication. Now that broadband Internet is ubiquitous, mobile and relatively reliable in urban and suburban areas, it is being regulated as all mass media before it. The Internet is no longer a lawless, special unregulated zone; in fact, it never was, as seen in the wonderfully obscure case of Shetland Times v Shetland News.[1] The major gatekeepers are regulated for the public good and public interest to some extent, whether that be access providers through infrastructure sharing, electronic privacy, cybersecurity and network neutrality regulation, or the social media, e-commerce and search giants through various duties of care including those for notice and rapid action – in many cases requiring takedown of allegedly illegal material in a day or even an hour,[2] and notification of breach of security and privacy to the customer.

This short article is both a retrospective, and even requiem, for the ‘unregulation’ argument in Internet law in that 25 years, and a prospective on the next 25 years of computer law, in which many of the expert treatises of the 1970s to early 1990s need to be dusted down and re-absorbed.[3] Publishing this article in Computers & Law in 2018 is especially appropriate - the SCL itself is 40 years old and the Society’s history far predates the commercial Internet, with foci ‘SCL's interests - the use of technology in the law, and the law as it impacts on technology’.[4] Machine Learning, smart contracts, distributed ledgers and algorithmic regulation have very long histories and we would do well to remember those, especially given the prism of the normalisation of the Internet as a mass medium.[5]

A Very Short Internet Legal History

Internet law was a subject of much practical and academic interest in the 1990s in the USA, and some specialist interest in the UK and elewhere in Europe. These foundational rules for the adaptation of liability online focussed on absolving faultless (and low-fault, the line is shifting) intermediaries of liability for end-user posted content. Twenty-one years after ACLU v Reno, and 25 years since the ‘Information Superhighway’ metaphor of Al Gore and Bill Clinton’s first administration, is as useful a time as any to look back to the future. Settled policies were arrived at as a result of expert testimony and exhaustive hearings, on liability, privacy, trust, encryption, open Internet policies against filtering. Changing those policies in 2018 may result in potentially catastrophic untying of the Gordian knots of intermediary safe harbour/harbor, privacy, copyright enforcement, and open Internet European regulations.

In the USA, the early legislative milestones were the Communications Decency Act 1996, s 230 (which established no liability for intermediaries without actual knowledge of infringement),[6] the Digital Millenium Copyright Act 1998, s 512 (which laid out detailed rules for copyright infringement and the action required of intermediaries when notice of infringement was sent). These have been developed over time, and maintain a significant degree of difference from the gradually less permissive intermediary regime now permitted in the EU.[7] Note that the term ‘Internet Service provider’ is not used in these statutes – the terms ‘online’ or ‘interactive’ are used instead.[8] Yet we still blithely use the legally meaningless term ‘ISP’ in all our interactions with clients!

In Europe, the milestones begin in 1996 with the ‘Convergence Green Paper’ and its responses, which explain why we refer to Information Society services, rather than Internet services.[9] They continued with debates over the 1997 audiovisual media law, revising Directive 89/552/EEC (known to UK lawyers as ‘satellite TV without frontiers’) as Directive 97/36/EC then Directive 2007/65/EC, soon to be further revised in 2018.[10]  It is worth noting that European consumer Internet use roughly dates to 1998, with the opening of the Telecoms Single Market and broadband to 2000, with the Local Loop Unbundling Regulation. In the 1997 Teleservices Act and 1998 Bavaria v Felix Somm (Compuserv) case, Germany showed that it wished to see a similar limited liablity regime to that in the USA. This led, with British support, to adoption of the E-Commerce Directive (2000/31/EC) creating the Internal Market in e-commerce. Largely drafted in 1998/9, this was incomplete as compared to the US statute, with for instance no ‘put back’ provision, and no academic/research exception to copyright rules. Most critically, it contained no rules for how notice was to be given, leaving these details to national implementation from 2002, and led to the large body of case law generated by the European courts in the 15 years since. The Copyright Enforcement Directive 2001/29/EC somewhat clarified the earlier Directive.

In 2000, the Europeans and US published the ‘Safe Harbor’ for Privacy. Negotiated from 1998, it was always legal nonsense if sound policy, and was struck down in Case C-362/14 Schrems. Its replacement, the ‘Privacy Shield’, is equally a sticking plaster over trans-Atlantic differences, and may also be struck down in 2019. While this article will not describe any of the data protection law developments over the last 25 years, it is noteworthy that the Data Protection Directive (95/46/EC) was continually attacked as unsuitable for the Internet that it was not expressly designed to regulate (for which see Directive 2002/58/EC), so the new General Data Protection Regulation is already subject to much attack for its failure to regulate AIe and robotics, yet again technologies for which it was not expressly designed…but may be adapted.[11]

We also saw in 2000 the landmark French criminal case ofYahoo v LICRA, confirming that US multinationals must conform to national criminal law on hate speech. In 2001, the Council of Europe released the Budapest Convention on Cybercrime (in force 2004) with the Protocol of 2003 on hate speech (entering into force in 2006), which was not signed by signatories to the main convention including UK, Ireland and the USA.

So what is this ‘cyberlaw’ that law students are taught? Lessig famously debated the ‘law of the horse’ with Easterbrook in 1996, concluding that Internet law helps us understand the complexities and multifaceted techniques of control that our environment places on us – it’s an advanced survey course in undertsanding the Theory of Everything as applied to the law.[12] Some of the more interesting Internet law academic literature from the 1990s (and early noughties) has also stood the test of time,[13] for instance on network effects,[14] cyberlaw and control by code or Lex Informatica,[15] free and open source software and control of the online environment,[16] network neutrality and the regulation of intermediaries by their networked environment[17] and the creation of monopoly gatekeepers resisting yet also predicting the dominance of Google, Amazon, Facebook and Apple (GAFA).[18]

Too much specialism may be a boost for career prospects – client ignorance is bliss or at least creates more billable hours – but Guadamuz argued as far back as 2004 that the ‘Attack of the Killer Acronym’ was preventing accessibility to Internet law for the wider legal profession, clients (and faculty).[19] That over-specialised  argument was extended by Larouche in 2008, who predicted the end of Internet law as a subject and the abstraction of information law to move away from a specific technology (except telecoms, media law).[20] That has happened to some extent, with e-commerce part of standard contract law, platform dominance in competition law, digital copyright (and patent) law, cybercrime in criminal law, and so on, as Murray described.[21] The law syllabus is being digitized, quite literally (e-books, e-syllabi, e-libraries).

It is not only the European institutions who are becoming excited about more Internet regulation, driven in part by self-preservation and the rise of disinformation (fake news – sic). These seem to be exciting times to be an information lawyer. Law students  are no longer demanding Internet law classes, but AI or (heaven help us) Blockchains and the Law…electronic signatures plus Merkle Trees have developed in 25 years.[22] In 2018/19 the cyberlaw past has arrived in the Law School: empirical textual analysis, tools of information retrieval, and a ‘scientific legal approach’ are beginning to once again dominate information law analysis as they did in the 1980s. It is worth asking when students (or trainee solicitors) last visited a Law Library! Reed and others question how we regulate Artificial Intelligence[23] (not with ethics!) and dominance of the ‘surveillance-industrial’ state in these post-Snowden/Schrems/GDPR times, pushing digital law into even constitutional studies.[24] Most law students (and most young lawyers) understand most legal issues better if it comes with an app as an example…

The Future: OffData, a regulator for the ubiquitous computer era

Just as Internet lawyers are widening their horizons and returning to the broader notion of being information lawyers whose interests extend beyond a public IP network, the end of the special place for Internet law, and its absorption into media law, was prematurely announced. Government in a rumoured White Paper,[25] Opposition,[26] and Ofcom in September 2018 all called for more regulation, and potentially a new regulator, of the Internet.[27]  To put a damp squib on too much recurrent techno-optimism or cynicism, I argue that most arguments for regulating the Internet and cyber technologies in 2018 remain old wine in new bottles.[28]

We have lots of legal regulators of information, even if none of those is entirely shiny, new and ‘cyber’. There is the Information Commissioner in ‘faraway from Whitehall’ Wilmslow, the Electoral Commission, Ofcom itself, the Advertising Standards Authority, and others. There are technical support institutions such as the National Cyber Security Centre,[29] the Turing Institute, and a variety of non-governmental organisations such as the new Nuffield Foundation-supported Ada Lovelace Foundation and the venerable Foundation for Information Policy Research (20 years young in 2018).[30]

We need to recall what is known about sectoral regulation. Ofcom was set up almost 20 years ago as a result of technological convergence between broadcasting and telephony,[31] but deliberately constructed not to regulate Internet content. It is now required to so do. This is not a moment for unique solution peddling or an ahistorical view of the need to extend competences beyond a privacy, a security, a sectoral competition and a communications regulator. In constructing what I call ‘OffData’, a regulator of electornic communications and content,[32] we need to learn the lessons of previous regulatory mergers both inside (OfCom) and outside (OfGem) communications.

While information law is maturing, and the old ‘Internet law’/‘cyberlaw’ nomenclature may be fading, what we do as lawyers dealing with computers and their impact on society is growing more important. Some of the new ideas about regulating the Internet and AI betray a worryingly ingenue view of technology and law. It is now our job as somewhat grizzled, experienced information lawyers to help policy makers understand that we have a great deal of experience in making laws for cyberspace.

Chris Marsden is Professor of Internet Law at the University of Sussex, author of a number of works on Internet law (most recently Network Neutrality: From Policy to Law to Regulation (2017)) and a member of the SCL Advisory Board.


[1] See Athanasekou, P. E., 'Internet and Copyright: An Introduction to Caching, Linking and Framing', Work in Progress, 1998 (2) The Journal of Information, Law and Technology (JILT). Also, Opinion of Lord Hamilton in the case of The Shetland Times Ltd v. Dr Jonathan Wills and Zetnews Ltd. Court of Session, Edinburgh 24 October 1996, at

[2] European Commission (2017) Communication on Tackling Illegal Content Online: Towards an enhanced responsibility of online platforms; European Commission (2018) Recommendation on Measures to Effectively Tackle Illegal Content Online, published 1 March.

[3] An extremely good place to start is Reed, Chris (2010) Making Laws for Cyberspace, Oxford University Press, especially at pp. 29-47.

[4] Eastham, Laurence (2011) Interview with SCL’s New President, Richard Susskind, Society for Computers and Law, 23 August at See also Susskind, Richard (2018) Sir Henry Brooke – A Tribute, Society for Computers and Law, at

[5] See Paliwala, Abdul [ed] A History of Legal Informatics, Prensas Universitarias de Zaragosa, Spain 2010

[6] Communications Decency Act 1996 was Part V of the Telecommunications Deregulation Act 1996,  in which S.222 deals with privacy and transparency. In 1997, ACLU v Reno 521 U.S. 844 overturned s.223  Part V.

[7] Guadamuz, Andres (2018) Chapter 1: Internet Regulation pp.3-20 in Edwards, L. ed Law, Policy and the Internet Hart/Bloomsbury Publishing: Oxford.

[8] Marsden, C. [2018] ‘Regulating Intermediary Liability and Network Neutrality’ Chapter 15 pp.733-788 in I. Walden ed. Telecommunications Law and Regulation, Oxford, 5th edition.

[9] Whitehead, Phillip (1997) Draft Report on the Commission Green Paper on The Protection of Minors and Human Dignity in Audiovisual and Information Services (COM[96]0483 - C4-0621/96) PE 221.804 of 24 April 1997.

[10] COM (2016) 287: Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive 2010/13/EU on the coordination of certain provisions laid down by law, regulation or administrative action in Member States concerning the provision of audiovisual media services in view of changing market realities Procedure 2016/0151/COD. The Parliament common position on the Directive’s revision is expected to be adopted in October 2018. See European Parliament (2017) Audio Visual Services Directive, May 2017 -

[11] Regulation EU 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) OJ L119.

See Veale, Michael and Edwards, Lilian (2018) Clarity, Surprises, and Further Questions in the Article 29 Working Party Draft Guidance on Automated Decision-Making and Profiling, Computer Law & Security Review 34(2) pp 398-404, at See also O’Conor M. (2018) ‘GDPR is for life not just 25th of May’, SCL, 18 April,

[12] Lessig, L. (1999) The Law of the Horse: Or What Cyberspace Might Teach, Harvard Law Review Volume 113, pp 501-546, his final response to Easterbrook’s provocation

[13] See for instance Marsden [2012] Oxford Bibliography of Internet Law, OUP, NY, NY.

[14] Lemley, M. and McGowan D. (1998), Legal Implications of Network Economic Effects 86 Cal. L. Rev.

[15] Lessig, L. (1999) Code and Other Laws of Cyberspace, Basic Books.

[16] Benkler, Y. (2002)Coase's Penguin, or Linux and the Nature of the Firm, 112 Yale L.J.

[17] Wu, T. (2003) When Code Isn't Law, Virginia Law Review, Vol. 89, at

[18] Zittrain, J. (2006) The Generative Internet, Harvard Law Review, Vol. 119, at

[19] Guadamuz, Andrés, (2004) Attack of the Killer Acronyms: The Future of IT Law. International Review of Law, Computers & Technology, Vol. 18, No. 3, pp. 411-424, available at:

[20] Larouche, Pierre (2008) On the Future of Information Law as a Specific Field of Law TILEC Discussion Paper No. 2008-020 at SSRN: or

[21] Murray, A. (2013) Looking Back at the Law of the Horse: Why Cyberlaw and the Rule of Law are Important, 10:3 SCRIPTed 310

[22] See two extremely important new books that critically analyze this phenomenon: Werbach, K. (2018) The Blockchain and the New Architecture of Trust, MIT Press, and Finch, M. (2018) Blockchain Regulation and Governance in Europe, Cambridge University Press.

[23] Reed, Chris (2018) How should we regulate artificial intelligence? Phil. Trans. R. Soc. A 2018 376 20170360; DOI: 10.1098/rsta.2017.0360.

[24] See for instance Frischmann , Brett M., An Economic Theory of Infrastructure and Commons Management. Minnesota Law Review, Vol. 89, pp. 917-1030, 2005 all cited and discussed in Marsden (2018) supra n.20.



[27] White, Sharon (2018) Tackling online harm – a regulator’s perspective: Speech by Sharon White to the Royal Television Society 18 September at

[28] Marsden, C. (2018) 24 April Oral Evidence to  Lords Communications Committee, ‘The internet: to regulate or not to regulate?’

[29] Merging CESG (the information security arm of GCHQ), the Centre for Cyber Assessment (CCA), Computer Emergency Response Team UK (CERT UK) and the cyber-related responsibilities of the Centre for the Protection of National Infrastructure (CPNI)

[31] Oftel (1995) Beyond the Telephone, the TV and the PC: Consultation Document. Note two further consultations were released, the last in 1998 – seen as a forerunner to the agenda on convergent communications for government and eventually Ofcom. See Barnes, Fod (2000) ‘Commentary: when to regulate in the GIS? A public policy perspective’, Chapter 7, pp.117-124 in Marsden, C. ed. (2000) Regulating the Global Information Society, Routledge, New York. In the USA literature, see Werbach, K. (1997) Digital Tornado: The Internet and Telecommunications Policy. Federal Communications Commission Office of Plans and Policies Working Paper 29. Washington. FCC

[32] Marsden, C. (2018) ‘Prosumer Law and Network  Platform Regulation: The Long View Towards Creating Offdata’, 2 Georgetown Tech. L.R. 2, pp 376-398

Published: 2018-10-15T13:20:00


      This site uses cookies. By using the site you agree to our use of cookies as set out in our Privacy Policy.

      Please wait...