The internet has changed the world but as there are no barriers to information flows, an important issue is the determination of where liability limits lie, says David Miranda, corporate and technology partner with Osborne Clarke in Barcelona
‘Is it fair that personal data can be seen worldwide? If not, there should be sufficient mechanisms to ensure that any private data is immediately removed and, if not done promptly, the internet service providers (ISPs) are held liable.’
It is an issue that European Directives and domestic legal systems have already sought to tackle but issues still remain, he says. ‘In Spain we have some of Europe’s strictest data protection rules but this has meant that sometimes ISPs manage their businesses with a mixture of fear and uncertainty.’
Spanish data protection rules state clearly however that ISPs may not be held liable for any information stored as long as they remain unaware that it is unlawful, but once they become aware, illicit content must be promptly removed.
‘Usual practice dictates that liability lies with the person who uploads illegal content. This only passes to an ISP if, when notified, they fail to withdraw the information,’ explains Miranda.
The recent Italian prosecution of four Google employees for an illegal video upload constitutes a serious threat to the legal security required in order to preserve the internet’s accessibility, he believes.
‘The individual’s right of privacy versus the right of information need to be addressed, but in my opinion EU and Spanish legislation accurately balances such rights by requiring ISPs to promptly withdraw illicit contents once notified of their illegality.’
He does not believe that the case opens up new areas of liability. Internet companies should though ensure that internal controls are sufficiently strict as they are more likely to be the object of litigation than individuals who post illicit content.
The Spanish concept of the ‘diligence of an orderly entrepreneur’ can be a good reference to determine the level of internal diligence required, but in any event ISPs need to be clear about determining their own operational limits.
‘Companies need to be specific about what information may not be hosted on websites, the cancellation process and the timeframe in which illicit or harmful information will be removed, as proof of their own diligence,’ says Miranda.