The last 18 months has seen renewed interest in the liability position of online intermediaries and internet service providers. The effective truce between rights owners and online intermediaries, since the safe harbours incorporated in the US Digital Millennium Copyright Act and the EU E-Commerce Directive were passed in the late 1990s, has broken down. The protagonists have once more engaged in battle through the press, the courts and the legislature.

There have been two main contributors to this breakdown; first, the advent of video on the internet, threatening business models for the most valuable content: TV and movies; and second, the growth in peer to peer file sharing, much of it involving music and, increasingly, video.

The new era started in March 2007, when Viacom sued YouTube in the US, claiming over $1 billion damages for copyright infringement in respect of video clips uploaded to the video sharing site. That litigation is ongoing. In July 2008 the Italian media company RTI filed a similar lawsuit against YouTube in Italy, claiming $500 million in damages.

Court decisions have emerged around Europe addressing the question of whether various types of online actors qualify for online intermediary protection under the E-Commerce Directive. All the cases have concerned the hosting protection given to online service providers who store information provided by a recipient of the service. Under Article 14 of the ECommerce Directive, the service provider is not liable for information stored at the request of a recipient of the service if (a) the recipient of the service is not acting under the authority or control of the service provider (b) the service provider has no actual knowledge of the illegal activity or information and (for civil liability) is not aware of facts or circumstances from which the illegal activity or information is apparent, and (c) in any event upon gaining such knowledge or awareness acts expeditiously to remove or to disable access to the information.

Considerable uncertainty has surrounded the question of what qualifies as a host under Article 14. Does it apply only to passive technical storage activities? Or can it also include a broader range of discussion forums, auction sites and Web 2.0-type content sharing platforms? Various recent decisions in France have held that Google Video, Dailymotion (a video sharing site), Wikipedia and Google’s’ Blogger service are hosting services within Article 14 of the Directive. Other French decisions have held that Tiscali’s personal web page creation service, MySpace, provision of syndication feeds and provision of a “Digg”-type social ranking service were publishing activities, not hosting activities. The recent eBay cases in France held that eBay was an online broker, not a host. A Belgian court subsequently held the opposite.

There have also been various decisions applying the criminal and civil knowledge standards. On the whole the criminal knowledge standard has tended to require the content to be obviously and manifestly unlawful in order to fix a hosting provider with knowledge. For civil liability, however, the findings have been more variable as to how specific the required knowledge has to be. One notable decision was that in Zadig v Google, a copyright decision, in which a Paris court held that where there were repeated postings of the same infringing content, notice of the first infringement was sufficient to provide knowledge in respect of subsequent uploads. So merely acting to take down a notified content on the receipt of each subsequent notice was insufficient and Google ought to have taken steps to prevent repeated uploads.

Similarly, in the Dailymotion case decided in April 2008, another copyright case, the Paris court held that the likelihood of future infringement had to be judged in the light of notices received from the rights owners, which created a new obligation to check content. In the Belgian eBay case, however, the Brussels Tribunal de Commerce held that eBay was under no monitoring obligation.

An aspect of intermediary liability that has become more prominent in the courts is the question of when courts may grant injunctions against online intermediaries such as hosts and conduits. The E-Commerce Directive provides that limitations of liability do not affect the possibility of injunctions of different kinds; and that such injunctions can, in particular, consist of court orders requiring the termination or prevention of any infringement, including the removal of illegal information or the disabling of access to it. Also, Article 8.3 of the Copyright in the Information Society Directive enables courts to grant injunctions against service providers whose services are used by third parties to infringe copyright, without having to show that the service provider is itself infringing.

Injunctions against service providers can be categorised into three types: blocking of named internet sites, filtering by type of content and/or geographic origin, and termination of user accounts. There have been examples of all of these. The Danish courts have granted injunctions against conduits requiring access to the Russian allofmp3 site and to the Swedish Pirate Bay site to be blocked. An Italian court has also granted a similar injunction (subsequently vacated) in respect of the Pirate Bay site. The Belgian SABAM v Scarlet case remains the sole example of an injunction being granted against a conduit requiring installation of filtering technology, in that case relating to P2P file sharing of music files infringing copyright.

The Danish Supreme court has issued an injunction requiring termination of the account of a customer proven to have engaged in unlawful P2P file sharing. The German courts have also granted injunctions against online auction sites and others. These are based on a “disturber” principle, specific to Germany, whereby the courts can grant injunctions, based on the intermediary’s knowledge of prior infringements, for future infringements of the same kind. However, such injunctions cannot oblige the provider to prevent future infringements at any cost or so as to put the provider’s business model at risk.

In November 2007, the debate over ISP responsibility took a new turn with the Olivennes agreement in France, whereby ISPs would cooperate with a newly created authority over P2P infringements. Under this arrangement, rights owners would identify alleged infringes, ISPs would experiment with filtering technologies and a “three strikes” process would be introduced, consisting of warning, account suspension and account termination. The new authority would create a database of terminated subscribers, to prevent them switching ISPs.

The European Commission issued a Communication in January 2008 asking whether the Olivennes agreement was an example to be followed, and whether filtering measures are an effective way to prevent online copyright infringements.

At about the same time Paul McGuiness, manager of U2, made a speech in which he asserted that the “the failure of ISPs to engage in the fight against piracy, to date, has been the single biggest failure in the digital music market”. He suggested that “the safe harbours of the 1990s are no longer appropriate, and if ISPs do not cooperate voluntarily there will need to be legislation to require them to cooperate.”

In the UK this was followed towards the end of February 2008 by the UK government Creative Industries consultation, which raised the possibility of legislation to require ISP cooperation. On 10 April 2008, a vote in the European Parliament opposed the Olivennes “three strikes” principle.

On 24 July 2008, six major UK ISPs signed a memorandum of understanding with the BPI, the MPA and the UK government. The ISPs agreed to initiate a three month trial whereby they would send informative letters to users suspected of illegal file sharing on the basis of IP address information provided by rights owners. At the same time the government issued a consultation paper on legislative options to address illicit P2P file sharing. Under the government’s preferred option there would be various self-regulatory approaches, underpinned by an obligation on ISPs to take action against subscribers to their network who are identified by the rights holder as infringing copyright through P2P. Expanding further on this obligation, the government stated in its consultation paper:

We anticipate this would take the form of the requirement to have an effective policy in place for dealing with cases of alleged unlawful P2P file sharing. … This regulatory requirement will be phrased to limit the ISP’s obligation to take action to those circumstances where it can be demonstrated that an individual subscriber or account is being used to infringe copyright. It would be designed to apply only to unlawful file sharing over P2P networks. This will not affect the ISP’s limitation of liability under Articles 12 to 14 of the E-Commerce Directive, insofar as ISPs will not be made liable for the illicit content of what they transmit, cache or host. Furthermore, ISPs will not be required to perform any general monitoring of their networks. ISPs who choose not to engage in the selfregulatory arrangement would remain bound by the underlying requirement to have an effective policy on unlawful P2P file sharing.”

At the European level, various amendments were introduced to the Telecoms Package as it made its way through the European Parliament, including some designed to address copyright infringement on the internet by placing cooperation obligations on ISPs. These did not pass. However, an amendment was passed that could be interpreted as preventing Member States from enacting legislation enabling internet subscribers to be cut off without a court order.

Simultaneously, rights owners have been lobbying the G8 countries participating in the Anti-Counterfeiting Trade Agreement negotiations to include ISP responsibility provisions in the ultimate agreement.

In the early part of 2008, the rights holders appeared to have seized the initiative in this area. It remains to be seen to what extent online intermediaries will continue to defend the position that they cannot and should not become involved in monitoring the activities of their users. In the meantime there are signs that the political process will be affected by increasingly vocal digital user groups protesting against the prospect of their ISPs being told to spy on them.