Thursday, December 03, 2015

EU public consultation on intermediary liability

EU Delegation to the US, Public Workshop on the Digital Single Market Strategy, Consultation on Online Platforms, Cloud & Data, Liability of Intermediaries, Collaborative Economy
2003 Directive: recital says that there’s no prohibition for member states to come up w/codes of conduct for intermediaries or generalized duties of care.  If you can or should reasonably expect that an intermediary should have been aware of illegal activity, you can impose certain responsibilities. Not a hands-off approach to what’s on your system.  Problem: how harmonized are these rules? Notice and action: that is harmonized.  But when we did 2010 assessment, practice on how quickly to respond, which formats can be used, can notices come from private parties was very widely diverging. Also risks of overreaction: parties can send continuous notifications w/o even checking whether content is even possibly illegal.  Puts intermediaries in difficult permission.  Also intermediaries continue to claim to be passive, but business model is based on processing data (implication: that’s not passive).  There is no conclusion yet about what we should do, if anything.  Difficult to get concrete information on what’s actually happening. 
Sampling as monitoring: control procedures can be justified if they sample because they catch illegal activity samples ex post, even if they don’t catch every piece of bad activity.  If we did ex post, how post should the ex post be?  Certain member states interpreted the Directive on “expeditious” action on notification as 24 hours, while others interpreted it as 6 months.  You can’t have a common market with such huge differences.  There are certain requests from stakeholders—not good policy/reasonable to expect we can simply say there’s no problem. Not fit for purpose given the amount of data going out.  We aren’t really talking about ©/IP—we’re talking about all kinds of illegal content, including terrorist content, radicalization.
Q: if liability might exist for insufficient monitoring, then why wouldn’t an intermediary be in trouble if it misses one thing? Why isn’t that a general obligation to monitor, inconsistent w/the directive?
EU person: There are concerns that you can’t have a duty of care w/o a general monitoring duty. 
Jonathan Band: Internet has space for ecommerce; but also for competing values.  Emphasis should be in favor of free expression. US goes further than ecommerce directive in §230.  Bad ideas may come to the US here—right to be forgotten, ancillary copyright.  Comments about
RT: OTW: actually a nonprofit, with no business partners, hosting user-generated content: That doesn’t mean small scale. 90 million pageviews per week, approaching 2 million unique pieces of content, over 600,000 registered users—writing skills, language skills, coding skills to mostly female users.  All volunteer, including our support and abuse team, who are not lawyers.  A standard that requires us to behave like YouTube, with automated scrutiny, or with “staydown” to keep a piece of content down no matter who posts it, would simply shut us down, despite all the benefits we provide.  Sampling is the same: would require us to have a larger team of lawyers than we have support personnel to engage in legal analysis—be clear on what that means.  Then we’d get arguments about whether we should be sampling/auditing more heavily in problem areas like audio—should it be random per work or within categories—the internet is much bigger and more diverse than the sites that are often focused on.  Civil society is more than businesses and the inquiry should keep that in mind.
A: My personal idea is auditing, that is not an official position of the EU, but important to consider.
Emma Llanso (sp?), CDT: Overblocking of lawful content is inevitable when you try to impose these types of duties on intermediaries.  Intermediaries having to figure out what content is illegal will be really dangerous.  Takedown and staydown: also very clear that this can’t be accomplished w/o monitoring obligations—inconsistent w/ ecommerce directive.
A: Note that we are open to different definitions of online platforms.
Q: note that monitoring duties harm smaller market entrants—works against the EU.  US companies already dominate the internet—how to replicate in the EU?  Excessive compliance costs in EU favor the giants, who already have $.  Magical thinking among non-programmers: humans write code; code can’t just scrutinize everything. Imperfect algorithms & humans; at least you need a good faith exception. No level of perfection will be obtained.  Circular: if you put in good faith, what standard do you truly get? 
A: I like good faith effort (but I am not official EU policy).  People have very bizarre ideas of how software is built.  In European legal system, we do have charter of fundamental rights, including freedom of expression/access to information; equal status to right to security, privacy, etc. Commission has not taken a position but should remember it’s part of our system. We also can’t live in a world in which a court has to order every takedown.
Q: cybersecurity—risk-based approach could be modeled. 
Internet Ass’n: Startups.  In US, bright line safe harbors have been instrumental in success of many startups.  Driven investment capital towards startups, which is also key.  If goal is to foster climate in EU conducive to investment/startups, remember success story of US.
A: You need to provide data on this, not just assertions, when you answer the associated questionnaire for this inquiry.
Software & Info Industry Ass’n: Just b/c of lack of legal liability, doesn’t follow that intermediaries/platforms should do nothing. Socially responsible platforms do have programs in place to deal w/things like revenge porn.  §230: a good samaritan provision—giving them opportunity to take voluntary steps to deal w/problematic content w/o incurring legal liability.  Sometimes these discussions elide responsibility w/legal responsibility.
Wilson Center: conceptual slippage—implementation is on the internet provider/self-regulating. But that’s different from enforcement. Would this be decentralized enforcement or not?  Code of conduct—corporate social responsibility model. Will also be important who participates/draws that up.  Hasn’t been much about what the EC can/can’t do. Complexity: ecommerce & other directives have been around for 10 years or more. How much will the role of ICT standards/Comm’n admin guidelines play? Will the EC do administrative rulemaking? For small businesses & nonprofits, they’re sometimes unaware of bulk of rulemaking taking place to flesh out the regulation.
A: There’s a clear push not to do hard legislation if at all possible. The delay before Council/Parliament agreement, full regulation (immediately applicable) or directive (must be transposed to member states)—average is 7 years.  We know very well not to do legislation unless clearly needed. Thus, rely on admin rulemaking and cooperation.
US Chamber of Commerce: Not clear why ecommerce should be treated differently than physical markets—especially when digital commerce is the best way to enhance competition for easy startups. Should encourage more of that instead of trying to pull down leaders, esp. w/o clear definition of the problem we’re trying to solve?  Is competition policy not doing the job?  What are the barriers b/t states?  On the cloud issues: mentions distrust of cloud computing—but we’re not clear where that comes from.  Why are you worried about it/who distrusts it?  You are asking for data but we want to ask for the same thing from you.  Also: Data protection: must work w/digital single market—not 28 different methods of enforcement.
Q: Many European startups simply pick up & move to the US for access to customers, etc.  Data flow regulation is a big part.
A: (In response to statement about EU targeting US companies for competition investigation) Actually we target 80% EU companies; US companies just tend to complain more in public whether they are targeted by EU or US regulators—you didn’t hear EU banks whinging about being fined millions of dollars in the US for behavior that was legal in the EU; you don’t hear the German chemical sector whining about the constant investigations it’s under in the EU.  EU is the most open market in the world.  We are extremely transparent.

No comments: