The Spanish Supreme Court is considering a case concerning the liability of an Internet Service Provider (ISP) for content hosted on its network by a third party. The Court of First Instance and the Madrid Provincial Court have held the ISP liable for infringing content – apparently in contradiction to the E-Commerce Directive – and the Supreme Court may refer the central liability question to the European Court of Justice (ECJ).

The author of material posted on the internet is responsible for any infringement of a third party’s intellectual property or constitutional rights but to what extent does an ISP also hold responsibility? Dior Couture, Louis Vuitton and Custo are sueing eBay for selling fake branded products and a current case being considered by the Spanish Supreme Court has sparked the debate again.

This case concerns content on a website hosted on the domain of the Asociación de Internautas (Internet Users’ Association, “AI”). The content was alleged to be contrary to the right to privacy under Spanish Law, and the claimant has sued the author of the information and the service provider, AI. As the right to privacy is a fundamental right according to article 18 of the Spanish Constitution, and this is the fundamental object of the case, the public prosecutor became a party to the case under the Spanish Civil Procedure Law.

The European Directive on legal aspects of information society services established that Member States will not impose a general obligation on service providers to supervise the hosted data (Article 15 of European Directive 2000/31/EC).

According to article 13 of Spanish Act 34/2002 (e-commerce and information society services), “information society service providers are subject to civil, penal and administrative responsibility”, and article 16 clarifies that “intermediary services providers are not responsible for the hosted content if (i) they do not have effective knowledge that the hosted activity or information is illegal or that it damages goods and rights of a third party and is susceptible to an indemnity; or (ii) if having effective knowledge, they act with diligence to remove the concerned data or to make them impossible to access”.

AI is the operator of the domain and the server where the content was hosted. AI alleged that it does not have the ability to add or remove data; it merely hosts spaces on its network. The Court of First Instance no.42 of Madrid found against AI and the Madrid Provincial Court confirmed the judgment, citing AI’s effective knowledge (the appealed judgments do not contain any justification or explanation for this finding) and technical ability to control the information. Therefore, the appealed judgments in this case state that the provider of a service should control the published content. The Court of First Instance and the Madrid Provincial Court are therefore imposing an obligation to supervise hosted data, apparently in contravention of the E-Commerce Directive.

AI has appealed to the Supreme Court, insisting that AI only authorises third parties to host information on its server, but it does not participate in the selection, design or organisation of information.

The main question is whether or not the middleman holds responsibility in a communications network in relation to illegal or infringing acts committed by third parties that, through a service provider, have space in the network.

The Public Prosecutor has proposed a question to be referred to the European Court of Justice for a preliminary ruling: “What is the scope of the ISP’s responsibility for the information or expressions published in a space provided by them, where the ISP has not intervened in its making, has not ordered it and has not modified it, according to articles 12 to 15 of Directive 2000/31/EC of the European Parliament and of the Council, of 8 June 2000, on certain legal aspects of information society services?”. The Supreme Court will either refer this question to the ECJ or decide the case itself, but it is hoped that in either event an approach consistent with the protection provided to ISPs by the E-Commerce Directive, is adopted.