The EU Commission has put forward its plans
for a new Regulation which would impose considerable additional obligations
on hosting service providers to remove terrorist content.
The Commission proposals for a ‘Regulation of the European
Parliament and of the Council on preventing the dissemination of terrorist
content online’ are said to build on the Communication of
September 2017 and the Recommendation of
March 2018 as well as the work of the EU Internet Forum. The proposed
Regulation would specify the obligations and responsibilities of hosting
service providers and Member States, ‘thereby increasing legal certainty’.
An extract from the proposal indicates the general nature of
the obligations to be imposed:
‘the Regulation introduces a removal order which can be
issued as an administrative or judicial decision by a competent authority in a
Member State. In such cases, the hosting service provider is obliged to remove
the content or disable access to it within one hour. In addition, the
Regulation harmonises the minimum requirements for referrals sent by Member
States’ competent authorities and by Union bodies (such as Europol) to hosting
service providers to be assessed against their respective terms and conditions.
Finally, the Regulation requires hosting service providers, where appropriate, to
take proactive measures proportionate to the level of risk and to remove
terrorist material from their services, including by deploying automated
detection tools.
The measures designed to reduce terrorist content online are
accompanied by a number of key safeguards to ensure the full protection of
fundamental rights. As part of the measures to protect content which is not
terrorist content from erroneous removal, the proposal sets out obligations to
put in place remedies and complaint mechanisms to ensure that users can
challenge the removal of their content. In addition, the Regulation introduces
obligations on transparency for the measures taken against terrorist content by
hosting service providers, thereby ensuring accountability towards users, citizens
and public authorities.
The Regulation also obliges Member States to ensure that
their competent authorities have the necessary capacity to intervene against
terrorist content online. In addition, Member States are obliged to inform and
cooperate with each other and may make use of channels set up by Europol to
ensure co-ordination with regards to removal orders and referrals. The
regulation also foresees obligations on hosting service providers to report in
more detail on the measures taken and inform law enforcement when they detect
content which poses a threat to life or safety. Finally, there is an obligation
on hosting service providers to preserve the content they remove, which
functions as a safeguard against erroneous removal and ensures potential
evidence is not lost for the purpose of the prevention, detection,
investigation and prosecution of terrorist offences.’
A Commission press release
attempts to answer some basic questions about the proposal. An extract appears below.
What is online terrorist content?
Terrorist
content online refers to material and information that incites, encourages or advocates
terrorist offences, provides instructions on how to commit such crimes or
promotes participation in activities of a terrorist group. Such material might
include texts, images, sound recordings and videos.
The definition outlined in the new
rules is fully aligned with the definition of terrorist offences set out in the
existing Terrorism Directive.
When
assessing whether online content constitutes terrorist content, the authorities
responsible as well as hosting service providers should take into account
factors such as the nature and wording of the statements, the context in which
the statements were made, including whether it is disseminated for educational,
journalistic or research purposes, and the potential to lead to harmful
consequences.
For
example, the expression of radical, polemic or controversial views in the
public debate on sensitive political questions should not be considered
terrorist content.
Which service providers will be
affected by the proposals?
The new rules apply to all hosting service providers offering services in
the EU, irrespective of their size or where
they are based. Today, the hosting service providers that are most exposed to
terrorist content are in fact based outside the EU. These service providers –
that do not have their headquarters in any EU Member State but which do offer
services within the Union – are asked to designate a legal representative
within the EU in order to facilitate compliance with the new rules. They will
then fall under the jurisdiction of the Member State where the legal
representative or their company seat is located.
Hosting
service providers, who provide information services, including storing of
information shared by users and making information available to third parties,
will also be bound by the new rules. Examples include social media platforms,
video streaming services, video, image and audio sharing services, file sharing
and other cloud services, websites where users can make comments or post
reviews.
Are there special rules or support for
small hosting service providers?
Since
terrorist content increasingly affects smaller service providers, the new rules
do not exclude companies on account of their size, but instead provide targeted
measures depending on the level of risk, while also taking into account their
economic capabilities. Prior assessment and the use of standardised removal
orders containing all the relevant information will support smaller companies
in taking swift action.
Taking
account of possible financial and technological burdens, there are mechanisms
that small enterprises can benefit from. For example, the EU Internet Forum
offers a space for cooperation and exchange between all relevant actors
including companies, Member States and Europol. Furthermore, numerous small and
medium enterprises have already benefitted from shared tools they adapted to
their content policy.
What are the measures proposed in the
Regulation?
1. Removal orders
The new rules introduce binding removal orders.
The orders, issued by national authorities and requesting hosting service
providers to remove terrorist content online or disable access to it, must be carried out within 1 hour. As things stand, hosting service providers follow
diverging rules concerning removal orders sent by some Member States, while
other Member States refer material on a voluntary basis either directly to
companies or via Europol, and have little or no power to ensure its subsequent
removal. Under the new rules, failure to comply with a removal order may result
in financial penalties.
Removal orders will be an important
tool for Member States that may also wish to continue using existing
voluntary referral arrangements, particularly where hosting
service providers respond swiftly and effectively. Referrals of terrorist
content however are not binding and have no specific timeframe.
2. Strong penalties
Member States will have to put in
place effective, proportionate and dissuasive
penalties for not complying with orders to
remove online terrorist content. In the event of systematic failures to remove
such content within 1 hour following removal orders, a service provider could
face financial penalties of up to 4% of its global turnover for the last
business year.
3. Duty of care obligation
The new rules require hosting service
providers to take proactive measures including the deployment of automated
detection tools where appropriate and when they are exposed to the risk of
hosting terrorist content. This will ensure that affected service providers do
not depend only on the authorities or third parties flagging terrorist content,
but take proactive measures to prevent their services from being exploited by
terrorists. Service providers should also report on the proactive measures put
in place after having received a removal order.
These
proactive measures should be proportionate to the risk and the economic
capacity of hosting service providers. They might comprise measures to prevent
the re-upload of removed terrorist content or tools to identify new terrorist
content, whilst recognising the need for oversight and human assessment to
ensure that legal content is not removed. Such measures should be decided
primarily by the hosting service providers themselves and, if necessary, in
dialogue with national authorities. National authorities may, as a last resort,
impose specific proactive measures where the measures in place by hosting
service providers prove insufficient.
4. Strong safeguards
The new rules will require hosting
service providers to put in place effective
safeguards to ensure full respect of
fundamental rights, such as freedom of expression and information. In addition
to possibilities of judicial redress, such safeguards will include the
possibility for hosting service providers and content providers to contest a
removal order as well as effective complaint mechanisms for content providers
where hosting service providers have taken down content unjustifiably.
5. Increased cooperation
Hosting service providers and Member
States will be obliged to nominate points
of contact to facilitate the swift handling
of removal orders and referrals. This will help improve co-operation between
Member States and the companies, where outreach efforts have at times been
difficult.
A
hosting service provider’s point of contact does not have to be located in the
EU but should be available 24/7 to ensure that terrorist content is removed, or
access to it is disabled, within 1 hour of receiving a removal order.
Cooperation
with Europol, Member States and hosting service providers is encouraged and
will be further enhanced when transmitting removal orders and referrals.
6. Transparency and accountability
The new rules will provide for
greater accountability and transparency. Companies and Member States will be required to
report on their efforts and the Commission will establish a detailed programme
for monitoring the results and impact of the new rules. To enhance transparency
and accountability towards their users, online platforms will also publish
annual transparency reports explaining how they address terrorist content on
their services.
The full proposal can be accessed here.
