In some cases the law will protect you: in theory, parties that merely relay communications are never liable, while parties that store and relay information will be liable if they know that the information is manifestly unlawful. This is why a good Notice-and-Takedown procedure is very important.
The law protects “providers”, intermediaries that store or relay other party’s information, which includes the conventional Internet provider and hosting provider, but also managers of interactive services.
If you merely relay information, you can almost never be required to stop relaying manifestly unlawful information. Nor can you be held liable for relaying it. “Merely relaying” means that you are providing a service in which you are acting solely as a conduit. You are relaying information or providing access to a communication network. If you temporarily cache something while relaying, that still counts as merely relaying.
Are you a hosting provider? Then you can be held liable, at least, only if you are aware or should be aware of the presence of manifestly unlawful data. Even if you are aware of such data, you can still take steps to prevent yourself from being held liable. As soon as you become aware, you must act quickly to disable access to the data. In practice this means that there is no need for you to do anything until someone complains to you (“Notice”). If this complaint is evidently justified, but only then, you must disable access to the material (“Takedown”). Hence the name “Notice-and-Takedown” or NTD.
The speed with which you have to respond to the complaint and, if necessary, disable access to the data depends on the situation. If the data is causing serious damage, it may mean that access to it must be disabled within 48 hours. If it is not causing serious damage (any longer), you can take your time, although you may never take more than ten days to disable access.
Other internet service providers sometimes do and sometimes do not fall under the legal liability exclusion. In any event they must take “social responsibility” into account, i.e. do what they reasonably can to prevent or remove banned content. If you do not fall under the liability exclusion, it is also advisable to follow the NTD procedure, especially if you are unable to monitor all the information published through your website. In this way you are showing that you are doing your best to combat unlawful or illegal items, which may limit your liability.
As a forum manager you are not required to screen everything that is placed on your forum prior to publication. You are however obliged to respond to complaints. An NTD procedure is therefore important for you too. Remember! If you manage a forum with a legally or socially dubious purpose and audience, you are more likely to be liable for what is posted. The fact that screening is difficult or expensive makes no difference in this case. Apart from an NTD procedure, you will also therefore have to apply an active moderation policy.
Customers may also post unlawful content on auction sites and second-hand sale sites, such as counterfeit products offered for sale or photographs posted whose copyright does not belong to the poster. You are obliged to take the appropriate measures. If your website processes large volumes of sale advertisements, for example, then the use of an NTD procedure is advisable. You may also be expected to apply (simple) filter technology if this is feasible, such as filtering on the words “imitation” or “replica”.
Social network sites often have a huge amount of content, which is why a proper NTD procedure is worthwhile here too. Since privacy has a major part to play in this case, it is important that you also take proactive steps to prevent violations of privacy, such as screening user information from search engines.
As a hosting provider you may experience the obligation to remove material as a real dilemma. After all, you want to do the best for your customer and do not want to be called to account for breach of contract. On the other hand you cannot allow yourself to be called to account in court for the provision of unlawful data.
You can prevent this problem by being careful and taking the appropriate precautions:
It is at least as important that your general terms and conditions are tailored to the service you provide. Since you are doing business with healthcare facilities, you should pay particular attention to the following:
Copyright. If the complainant can prove that it holds the copyright or represents the copyright holder and the work has been posted on the Internet in its entirety without its consent, the complaint is manifestly justified. Where the complaint is about part of a work, it is possible that the complaint is not manifestly justified on the grounds of fair use, for example. In that case, a response from the poster is in any event needed to assess the complaint.
Defamation, slander, abuse. It is not usually possible to decide whether such a complaint is justified, but if it is about an evident exchange of abuse without substantiation, it is manifestly justified. The same applies if a party posts manifest lies with a view to harming another party. An example is saying that a business is bankrupt when the bankruptcy register suggests otherwise. In principle only the defamed or insulted party is allowed to complain, but in the event of evident factual inaccuracies third parties are allowed to complain as well.
Child pornography. Anyone can complain about this. An image or video is child pornography if it is information with a sexual slant showing a person who appears to be below the age of 18, the same applying to rendered images (virtual child pornography). A nude photograph is not in itself child pornography, but it may be a different story in the case of “unnatural poses” or a focus on the genitalia. A text or cartoon about sex with minors can never be child pornography.
Racism, stirring up hatred and other punishable statements. Texts that attack or degrade ethnic minorities or incite violence against such groups are usually punishable. Information denying or trivialising the persecution of the Jews or the Holocaust is always punishable, even if it purports to be a scientific analysis. On the other hand, a neutral report or news article on racism in which discriminatory statements are quoted is not punishable and does not therefore need to be removed.
Violation of privacy. The complainant must prove that he is the disadvantaged person or their parent/ guardian. In the case of publication of personal data such as home addresses, copies of proofs of identity, medical assessments or credit cards, the complaint is manifestly justified. Publication of a business address on the other hand is not a violation of privacy.
Phishing, fraud, etc. In principle anyone can complain about this. A complaint about a website or web page that falsely creates the impression of being a third party (such as a bank) and asks for login details or credit card details is manifestly justified. A complaint about an allegedly fraudulent company is not, because you cannot examine the evidence.
Use the following guidelines to deal correctly with complaints about customers’ content:
As a provider you can only be prosecuted if you fail to obey an order to disable access to certain information. The order must come from the public prosecutor with an authorisation of the examining magistrate.
If the service you provide merely involves relaying information, you will in all probability never receive such an order. If your service involves more than hosting or relaying information, you can also be prosecuted without an order. in this case, the exception described above does not apply to you. An NTD procedure and taking steps proactively may help in many cases, but offer no guarantee.
Handing over name and address details
The complainant may ask for the name and address details of the party providing the information complained about. Under certain circumstances you are obliged to cooperate with this, even if there is no judicial order and even if the complainant is not an investigating officer. However, you only need to provide the contact details in the following circumstances:
Should you decide to hand over the details following the above consideration, always notify your customer.
An investigating officer can also ask for name and address details for the purposes of an investigation. Different rules apply in this case. For example, you must receive an order in writing and the correct body (public prosecutor or investigating magistrate) must have authenticated the order.
In the case of requests for the purposes of a criminal investigation it is often not the intention that you advise your customer. This will be indicated in the request.
ICTRecht Notice-and-Takedown advice
Dealing properly with complaints about unlawful content is of the utmost importance for Internet companies. In practice, support staff do not always seem to know what is and what is not obligatory, which may harm your reputation (in the event of hasty removal) or lead to claims for damages (if intervention is not prompt enough).
Legal consultancy ICTRecht can provide you with quick and expert advice if you receive a complaint and have doubts about the steps to be taken. You will not receive any legal generalities but a clear “remove” or “leave”, plus a draft text that you can send to the complainant. We can also write both the external and internal NTD procedures for you and train your support staff in how to deal with the different requests.
The General Data Protection Regulation (GDPR) is a new pan-European privacy law. From 25 May 2018, your organisation must comply with this strict new law. So what is changing? And what do you need to change?
On May 25th 2018, the General Data Protection Regulation (“GDPR”) will enter into force. With penalties of up to the higher of 20 million euro and 4% of global turnover, executives across the EU are preparing to get their organisations GDPR compliant. If you would like to know how your organisation can ensure privacy compliance at work, […]
Avenue Louise 65, 1000, Brussels, +32 (0)2 535 77 55, email@example.com