The European Commission has published proposals for new legislation ‘to get terrorist content off the web, making sure that the same obligations are imposed in a uniform manner across the whole Union’.
The EU Commission has put forward its plans for a new Regulation which would impose considerable additional obligations on hosting service providers to remove terrorist content.
The Commission proposals for a ‘Regulation of the European Parliament and of the Council on preventing the dissemination of terrorist content online’ are said to build on the Communication of September 2017 and the Recommendation of March 2018 as well as the work of the EU Internet Forum. The proposed Regulation would specify the obligations and responsibilities of hosting service providers and Member States, ‘thereby increasing legal certainty’.
An extract from the proposal indicates the general nature of the obligations to be imposed:
'the Regulation introduces a removal order which can be issued as an administrative or judicial decision by a competent authority in a Member State. In such cases, the hosting service provider is obliged to remove the content or disable access to it within one hour. In addition, the Regulation harmonises the minimum requirements for referrals sent by Member States’ competent authorities and by Union bodies (such as Europol) to hosting service providers to be assessed against their respective terms and conditions. Finally, the Regulation requires hosting service providers, where appropriate, to take proactive measures proportionate to the level of risk and to remove terrorist material from their services, including by deploying automated detection tools.
The measures designed to reduce terrorist content online are accompanied by a number of key safeguards to ensure the full protection of fundamental rights. As part of the measures to protect content which is not terrorist content from erroneous removal, the proposal sets out obligations to put in place remedies and complaint mechanisms to ensure that users can challenge the removal of their content. In addition, the Regulation introduces obligations on transparency for the measures taken against terrorist content by hosting service providers, thereby ensuring accountability towards users, citizens and public authorities.
The Regulation also obliges Member States to ensure that their competent authorities have the necessary capacity to intervene against terrorist content online. In addition, Member States are obliged to inform and cooperate with each other and may make use of channels set up by Europol to ensure co-ordination with regards to removal orders and referrals. The regulation also foresees obligations on hosting service providers to report in more detail on the measures taken and inform law enforcement when they detect content which poses a threat to life or safety. Finally, there is an obligation on hosting service providers to preserve the content they remove, which functions as a safeguard against erroneous removal and ensures potential evidence is not lost for the purpose of the prevention, detection, investigation and prosecution of terrorist offences.'
A Commission press release attempts to answer some basic questions about the proposal. An extract appears below.
Terrorist content online refers to material and information that incites, encourages or advocates terrorist offences, provides instructions on how to commit such crimes or promotes participation in activities of a terrorist group. Such material might include texts, images, sound recordings and videos.
When assessing whether online content constitutes terrorist content, the authorities responsible as well as hosting service providers should take into account factors such as the nature and wording of the statements, the context in which the statements were made, including whether it is disseminated for educational, journalistic or research purposes, and the potential to lead to harmful consequences.
For example, the expression of radical, polemic or controversial views in the public debate on sensitive political questions should not be considered terrorist content.
The new rules apply to , irrespective of their size or where they are based. Today, the hosting service providers that are most exposed to terrorist content are in fact based outside the EU. These service providers - that do not have their headquarters in any EU Member State but which do offer services within the Union - are asked to designate a legal representative within the EU in order to facilitate compliance with the new rules. They will then fall under the jurisdiction of the Member State where the legal representative or their company seat is located.
Hosting service providers, who provide information services, including storing of information shared by users and making information available to third parties, will also be bound by the new rules. Examples include social media platforms, video streaming services, video, image and audio sharing services, file sharing and other cloud services, websites where users can make comments or post reviews.
Since terrorist content increasingly affects smaller service providers, the new rules do not exclude companies on account of their size, but instead provide targeted measures depending on the level of risk, while also taking into account their economic capabilities. Prior assessment and the use of standardised removal orders containing all the relevant information will support smaller companies in taking swift action.
Taking account of possible financial and technological burdens, there are mechanisms that small enterprises can benefit from. For example, the EU Internet Forum offers a space for cooperation and exchange between all relevant actors including companies, Member States and Europol. Furthermore, numerous small and medium enterprises have already benefitted from shared tools they adapted to their content policy.
The new rules introduce binding . The orders, issued by national authorities and requesting hosting service providers to remove terrorist content online or disable access to it, . As things stand, hosting service providers follow diverging rules concerning removal orders sent by some Member States, while other Member States refer material on a voluntary basis either directly to companies or via Europol, and have little or no power to ensure its subsequent removal. Under the new rules, failure to comply with a removal order may result in financial penalties.
Removal orders will be an important tool for Member States that may also wish to continue using existing voluntary arrangements, particularly where hosting service providers respond swiftly and effectively. Referrals of terrorist content however are not binding and have no specific timeframe.
Member States will have to put in place for not complying with orders to remove online terrorist content. In the event of systematic failures to remove such content within 1 hour following removal orders, a service provider could face financial penalties of up to 4% of its global turnover for the last business year.
The new rules require hosting service providers to take including the deployment of automated detection tools where appropriate and when they are exposed to the risk of hosting terrorist content. This will ensure that affected service providers do not depend only on the authorities or third parties flagging terrorist content, but take proactive measures to prevent their services from being exploited by terrorists. Service providers should also report on the proactive measures put in place after having received a removal order.
These proactive measures should be proportionate to the risk and the economic capacity of hosting service providers. They might comprise measures to prevent the re-upload of removed terrorist content or tools to identify new terrorist content, whilst recognising the need for oversight and human assessment to ensure that legal content is not removed. Such measures should be decided primarily by the hosting service providers themselves and, if necessary, in dialogue with national authorities. National authorities may, as a last resort, impose specific proactive measures where the measures in place by hosting service providers prove insufficient.
The new rules will require hosting service providers to put in place to ensure full respect of fundamental rights, such as freedom of expression and information. In addition to possibilities of judicial redress, such safeguards will include the possibility for hosting service providers and content providers to contest a removal order as well as effective complaint mechanisms for content providers where hosting service providers have taken down content unjustifiably.
Hosting service providers and Member States will be obliged to nominate to facilitate the swift handling of removal orders and referrals. This will help improve co-operation between Member States and the companies, where outreach efforts have at times been difficult.
A hosting service provider's point of contact does not have to be located in the EU but should be available 24/7 to ensure that terrorist content is removed, or access to it is disabled, within 1 hour of receiving a removal order.
Cooperation with Europol, Member States and hosting service providers is encouraged and will be further enhanced when transmitting removal orders and referrals.
The new rules will provide for greater . Companies and Member States will be required to report on their efforts and the Commission will establish a detailed programme for monitoring the results and impact of the new rules. To enhance transparency and accountability towards their users, online platforms will also publish annual transparency reports explaining how they address terrorist content on their services.
The full proposal can be accessed here.