Does the European Union offer web hosts any protection from liability for the content of third parties, a la section 230 of the Communications Decency Act (CDA 230) or the "safe-harbor" provisions of the Digital Millennium Copyright Act? This looks to be a key question for four current and former Google executives, as Italian prosecutors prepare to launch criminal charges against them over a video hosted by Google Video.
The Wall Street Journal (WSJ) reported last week that the prosecutors are looking to charge the executives with defamation and invasion of privacy, both of which are criminal claims in Italy, due to Google Video's hosting of a clip featuring the abuse of a teenager who has Down syndrome. Reuters reports that in the video, which was recorded in Turin, Italy, in May or June 2006, four high schoolers are seen "taunting" and "humiliating" the youth with Down syndrome.
An Italian Down syndrome advocacy group alerted Google to the clip's presence on the site in September 2006, and Google removed it "within hours." The WSJ wrote that sources close to the prosecutors said that the charges against the executives would be premised on Google "allegedly failing to adequately control the content of the site." The four teenagers are facing separate charges.
Stefano Hesse, the head of Google's corporate communications in Southern Europe, told the WSJ that there is no legal basis for action against the company under Italian law, as no Google employees were involved in the incident in the video. Furthermore, Google has no responsibility to monitor content, he said, but rather only to remove offending video when notified of its existence.
It sounds like Hesse is referring to a European safe-harbor provision that applies to defamation and privacy claims. Does the EU provide protection to web hosts like Google from lawsuits based on content created by third parties (think CDA 230), using a procedural mechanism similar to that found in the DMCA?
It looks like EU legislation, from which Italian law draws, does. First, under Article 1 (2)(a) of Council Directive 98/48/EC, 1998 O.J. (L 217) 18, Google Video would appear to qualify as an "information society service" ("ISS"). Council Directive 98/48/EC defines an ISS to be "any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services." Google Video is certainly provided at a distance, as host and user do not have to be in the same location for the service to work. Google Video is also provided by electronic means, and at the request of the user.
The only possible hang-up is that Google Video is a free service, so there may not be "remuneration." Without a definitive interpretation, it's hard to say whether Google Video fails to be an ISS because of its cost-free business model. Perhaps Google's advertising practices would fit the concept of remuneration, although the statutory language suggests that the recipient of services is the one providing remuneration. But given that the directive says "normally provided for remuneration" (emphasis added), I'd imagine that Google would clear this hurdle and be considered an ISS under EU law.
That established, we look to Article 14 of the Directive on E-Commerce, Council Directive 2000/31/EC, 2000 O.J. (L 178) 1. Article 14, titled "Hosting," declares: "Member States shall ensure that the service provider is not liable for the information stored at the request of a recipient of the service, on condition that:"
(a) the provider does not have actual knowledge of illegal activity or information and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or information is apparent; or
(b) the provider, upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information.
In addition, Article 15 of the E-Commerce Directive, titled "No general obligation to monitor," says, well, just that.
Note that, in the United States, the DMCA safe-harbors only apply to copyright claims, and CDA 230 prohibits state law claims that treat a web host as the "publisher or speaker of any information" provided by a third party (e.g., defamation, invasion of privacy, negligence). By its terms, CDA 230 does not apply to intellectual property claims, federal criminal law, or the Electronic Communications Privacy Act. Article 14, on the other hand, seems to apply to all claims, civil or criminal, based on information stored at the request of a recipient.
These provisions certainly support Hesse's view of Google's obligations. The offending video was stored at the request of the four teenagers who filmed it. Google took no part in creating the content and was not aware of the content's illegality. And Google took it down shortly after receiving the complaint about the video. Under such a reading, Google ought to be immune from the Italian prosecutors' charges.
Of course, it's probably not that simple. After all, the directives are not self-executing. EU member states like Italy have to incorporate them into their laws, and Italy may have made changes to the wording in the codification process. Further, there may be administrative or other materials steering the reading of the law toward a more narrow interpretation of the EU directives. To find out more would require a better knowledge of Italian than my own; hopefully there are some readers out there who are better versed in EU and Italian law and can weigh in. But making just a cursory reading of the directives, it does look like the Google execs have a good defense.
(Arthur Bright is a second-year law student at the Boston University School of Law and a CMLP Legal Intern.)