Some might say that intermediary service providers have been smooth sailing the legal landscape ever since the introduction of the hosting defence under the e-Commerce Directive. The safe harbour has allowed intermediaries to escape liability for illegal content hosted on their services, where they do not have actual knowledge of the illegality, or where they do, they have acted expeditiously to remove the content. However, the Digital Services Act (DSA) is here to rock the boat.
The scope of the DSA
The DSA applies to intermediary service providers. A party is considered to provide an ‘intermediary service’ where it provides one of the following:
- A ‘mere conduit’ service, which consists of the transmission in a communication network of information provided by a recipient of the service, or the provision of access to a communication network;
- A ‘caching service’, which consists of the transmission in a communication network of information provided by the recipient of the service, involving the automatic, intermediate and temporary storage of that information, performed for the sole purpose of making more efficient the information’s onward transmission to other recipients upon their request; and/or
- A ‘hosting’ service, consisting of the storage of information provided by, and at the request of, a recipient of the service.
Therefore, internet service providers, content delivery networks, cloud service providers, online marketplaces, and social media sites, to name but a few, will find themselves governed by the DSA.
While the DSA reiterates when intermediaries are exempt from liability, it also imposes obligations on them, with the aim of combating illegal content available on their services.
‘Illegal content’ is determined by what is considered ‘illegal’ under Union law or from national law in accordance with Union law. Therefore, content amounting to intellectual property infringement, defamation, hate speech, etc which would usually find itself being illegal under EU law, national law or both, would fall into the purview of the DSA.
Obligations for hosting third party content
So, what are the obligations that now arise for service providers hosting third-party content?
1. Requirements to Implement a Notification Mechanism
Under the DSA, intermediaries are required to have a process in place to assist with the notification of ‘illegal content’ by individuals or entities. This process must be easy to access, user-friendly, and allow for the submission of notices exclusively by electronic means. However, the notices themselves must be sufficiently precise and adequately substantiated so that a ‘diligent economic operator’ can recognise the illegality of the content in question. If a reporter wants their notice to be valid, they must include the following elements:
- An explanation from the reporter of the reasons why they consider the information to be illegal content
- A clear indication of the electronic location of that information, for example, in the form of URLs to the content
- The name and e-mail address of the reporter, and
- A statement from the reporter confirming their good faith belief that the information and allegations in their notice are accurate and complete
Once a notice satisfying these requirements is submitted to an intermediary service provider, they are considered to have actual knowledge of the information they store. They, therefore, may find themselves liable for the storage of that information, should they not act expeditiously to remove or disable access to the illegal content.
Service providers should implement infrastructure to satisfy this requirement. Reporting forms, which prompt the reporter to provide all of the necessary information, should help to ease the process for all parties and allow service providers to act expeditiously.
In an intellectual property context, service providers might receive reports relating to copyright infringement, trademark infringement, or even counterfeit goods. For example, users might report others if they are using their artwork without availing of any fair use exception. Users might also report others where they attempt to trade on the goodwill of the reporter’s trademark or where the reporter’s trademark is being used by another for their own commercial purposes on the service.
2. Communication obligations
The DSA also imposes an obligation on the intermediary to confirm receipt of the reporter’s notice. Intermediaries must follow up with the reporter without undue delay once a decision in respect of the notice has been reached.
Similarly, the intermediary must provide a clear and specific ‘statement of reasons’ for removal/disablement to the impacted party, no later than at the time of the removal/disablement. For example, if an intermediary were to receive a valid notice of copyright infringement and the content was removed, they must notify both the party that reported the infringement, as well as the party who shared the infringing content through their service. The minimum requirements for this statement are set out within the DSA.
Service providers should therefore ensure all notices get responded to and all reported parties are informed of any decision taken against them or their content.
3. Requirement to implement an appeals mechanism
The DSA introduces the new concept that online platforms must also provide an appeals process, for a period of at least six months, where there has been one of the following:
- A decision for removal/disablement of content,
- A decision to suspend or terminate the provision of services to the recipient, or
- A decision to suspend or terminate the recipient’s account.
These appeals cannot be determined solely by automated means. Therefore, service providers should set up infrastructure similar to that for notification, which allows affected parties to appeal a takedown decision and have that decision reviewed by a human.
4. Implement repeat abuse policies
While the DSA imposes obligations on service providers, it also empowers them to suspend any user who frequently provides illegal content on their platform and/or parties who abuse the notification channel. The DSA governs when a service provider is free to act in this manner and also states that the service provider’s terms and conditions must include a policy outlining their approach to repeated abuse. Service providers should ensure that such a policy is implemented and that it identifies the factors they consider when assessing ‘misuse’, and the duration of any suspension, if one were to be imposed.
While the DSA acknowledges intermediaries are not obligated to monitor information nor engage in proactive fact-finding concerning illegal activity, they will have to take measures to set up notification and appeal mechanisms, which was not previously mandated by the e-Commerce Directive. This is similar to the obligation already imposed on service providers under the Directive on Copyright and Related Rights in the Digital Single Market. However, the mechanisms are now required for reporting all kinds of illegal content and is no longer solely required for reporting content infringing copyright.
Where a service provider does not comply with any of the provisions laid out above, Member States can impose a penalty of up to 6% of the annual income or turnover of the service provider. Therefore, service providers should make sure they have infrastructure in place to meet the DSA’s requirements, otherwise they risk falling foul of this new regulation.