Three developments in the last two months suggest websites face greater liability for content authored by third parties in the European Union—including reader comments, posts on message boards and social networks, and search engine results. 

Delfi v. Estonia: ECHR Allows Liability for Reader Comments on News Sites

On June 16, 2015, the Grand Chamber of the European Court of Human Rights decided Delfi A.S. v. Estonia, a case concerning comments to an article published by Delfi, one of the largest Internet news websites in the Baltics, about a shipping company’s role in halting a planned ice road in Estonia. About 20 of the 185 comments contained “personal threats and offensive language” against the company’s majority shareholder. In response to a demand from the shareholder, Delfi removed the comments but refused to pay damages. The shareholder filed a civil suit in Estonia, where the court awarded him 320 euros.  Estonia’s highest court affirmed. 

Delfi sought review by the European Court of Human Rights, claiming the decision violated Article 10 of the European Convention on Human Rights, which guarantees freedom of expression. In 2013, a seven-judge Chamber upheld the Estonian judgment. Last month, the Grand Chamber reached the same conclusion: imposing liability on a news site for reader comments did not violate the Convention. 

The Court provided two primary reasons. First, it noted Article 8 of the Convention guarantees the right to respect for an individual’s private and family life, a right that “deserve[s] equal respect” as free expression. The Court gave special weight to the fact a news portal like Delfi could more easily monitor its comments than a potential subject of speech. Second, the Court deferred to the Estonian courts’ decision that Delfi was not a “service provider” exempt from liability under Estonia’s Information Society Services Act, which implements the European Commission’s Directive on E-Commerce.  The Estonian courts held that because Delfi integrated comments into its news portal, invited visitors to comment, and benefitted from comments, its publication was not of the “technical, automatic and passive nature” necessary to be a “service provider.” The Grand Chamber found the Estonian courts’ interpretation was not unreasonable—and therefore, Delfi could have foreseen liability “for the uploading of clearly unlawful comments.” Notably, it also held other nations need not follow that interpretation.

What does Delfi mean? Most importantly, it means news websites could face liability in Europe for the content of reader comments to news articles if the website does not quickly remove them after publication. A concurring opinion in the ECHR noted the Court upheld liability only because Delfi did not remove the comments quickly enough, not because it allowed the publication of the comments at all. Therefore, Delfi does not require news organizations to approve all comments before allowing publication, but it does indicate that without sufficient moderation, a news site may have to pay damages for something a reader posts. 

Delfi also does not necessarily suggest future liability for websites other than news sites. The Grand Chamber’s opinion stated that it “does not concern other fora on the Internet where third-party comments can be disseminated,” including discussion forums, bulletin boards, and social media “where the platform provider does not offer any content.” 

European Commission: Recent Announcement May Signal “Duty of Care” for Intermediaries

In May, the European Commission in May published its “Digital Single Market Strategy for Europe,” a top priority for EU President Jean-Claude Juncker. The Strategy calls, among other things, for the Commission to analyze measures “to tackle illegal content on the Internet,” including “rigorous procedures for removing illegal content”—such as the content in Delfi—and of particular significance, “whether to require intermediaries to exercise greater responsibility and due diligence in the way they manage their networks and systems – a duty of care.” Again, the E-Commerce Directive already establishes intermediaries’ obligations as to third-party content. But intermediaries active in the EU will want to follow closely to see if this “duty of care” becomes a reality.

French Regulators: “The Right to Be Forgotten” Applies to All of Google, not Just its EU Domains

Finally, French regulators have expanded on the European Court of Justice’s 2014 “Right to be Forgotten” ruling and ordered Google to delist an individual from all domains of its search engine, not merely the domain for a particular country. The 2014 ruling found any individual who wants to have search results removed from a search of that individual’s name can request delisting from that search engine, and that Google must comply in certain circumstances. Google had interpreted that ruling narrowly and complied with the order with respect to individual European domains (such as google.fr, google.uk, etc.). This, though, meant users could still access those results by searching on google.com or other Google domains.

On June 12, 2015, the French regulator CNIL found that to comply with the ECJ’s ruling, Google must delist an individual “on all extension[s] of the search engine.” Although CNIL did not sanction Google, it noted that if Google did not comply, it would recommend a sanction.