This guest post was written by Dirk Voorhoof*
The European Court’s judgment of 10 October 2013 in Delfi AS v. Estonia has caused a lot of controversy in the world of online media, news portals, internet-groups and freedom of expression websites. Especially the criticism by Article 19, Index on Censorship and The Guardian (amongst others, also here, here, here and here) initiated a robust debate. The judgment has been qualified as a “serious blow to freedom of expression online”, ignoring the relevant international standards on the limited liability of host-providers. The Court’s judgment dealing with a crucial issue of freedom of expression on the internet has promptly been integrated in the updated fact sheet of the European Court’s case law on New Technologies. But at the same time it has been very negatively welcomed as it should “worry all websites allowing users to comment below online articles” and “send a shiver of fear down any website operator’s spine”. Also at the Internet Governance Forum held in Bali (Indonesia, 21-25 October 2013) the judgment’s possible impact on pre-monitoring user generated content and on the erosion of the limited liability of internet intermediaries was vigorously debated. What’s all the fuss about?
In essence the European Court found that one of Estonia’s largest news portals on the Internet, Delfi, is not exempted from liability for grossly insulting remarks in its readers’ online comments, regardless of a technical system filtering vulgarity and obscene wordings, regardless of a functioning notice-and-take-down facility, and, most importantly, regardless of an effective and immediate removal of a series of offensive comments after being notified by the victim about the grossly insulting character of the users’ comments. The news portal was found liable for violating the personality rights of the plaintiff, although it had expeditiously removed the grossly offending comments posted on its website as soon as it had been informed of their insulting character. The plaintiff was awarded 320 euro in non-pecuniary damages. The European Court found that this interference with Delfi’s right to freedom of expression did not violate Article 10 of the Convention.
Most importantly, the European Court accepted the Estonian authorities’ approach that Delfi’s news portal is to be considered as a publisher, rather than as an internet service provider (ISP). The consequence is that as a publisher Delfi could not rely on the specific provisions of the EU Directive 2001/31 on Electronic Commerce (Art. 14 and 15) and the Estonian Information Society Services Act (Section 10 and 11) exempting internet service providers, including host-providers, from liability in cases where they expeditiously remove or disable access to content emanating from third parties, as soon as they obtain knowledge or become aware of the illegal nature of the information. The E-Commerce Directive and the Estonian Act also guarantee that no general obligation to monitor should be imposed on the internet service providers, nor a general obligation to seek facts or circumstances indicating illegal activity. Both the EU-directive and the Estonian Act, as well as other international reports and policy documents of the Council of Europe reflect the principle that in order to safeguard the right to freedom of expression and information on the Internet, there should be no obligation for internet service providers to pre-monitor user generated content. It has been considered sufficient to hold host providers liable for illegal content transmitted on their platform, only when they have an active role allowing the operator to have knowledge and control of the data stored. Also the CJEU has ruled, with reference inter alia to Article 10 ECHR, that an ISP shall not be required to install a system of filtering of all electronic communication passing via its services, as this would amount to a preventive measure and a disproportionate interference with all customers’ freedom of expression and information (Scarlet Extended and Netlog). Such an interference with the right to freedom of expression and information cannot be justified as necessary in a democratic society, regardless of the legitimate aim of protecting the rights of others, such as IP and copyright protected by Article 1 of the First Protocol, or the right of privacy or reputation as protected by Article 8 of the Convention. That an ISP has the technical possibility to pre-monitor or has an economic interest in exploiting the portal should not affect or remove their limited liability (Google and L’Oréal/Ebay). The general principle is that expeditious removal upon (notified) knowledge of illegal content exempts the ISP from liability.
The reason why Delfi could not rely on the ISP liability exemption is that the European Court accepted the finding by the Estonian courts that the news portal had integrated the readers’ comments into its news portal and that it had invited the users to post comments, having also an economic interest in exploiting its news platform with the integrated comment environment. Delfi should have effectively prevented clearly unlawful comments from being published, as it was to be considered a provider of content services, rather than of technical services. As a consequence Delfi’s liability was that of a publisher, not of an ISP. The European Court did not challenge this finding, restricting its supervisory role to ascertaining whether the effects of the disqualification of Delfi as an ISP were compatible with Article 10 of the Convention.
Also with regard to this assessment, the European Court continued to rely very much on the domestic courts’ arguments. It found that the interference with Delfi’s right to freedom of expression was justified taking into consideration a set of arguments. The Court recognised that the article attracting the offending comments addressed a topic of “a certain degree of public interest”, reporting about facts that negatively affected a large number of people. The original article was balanced and contained no offensive language itself. Nevertheless, the European Court concluded that Delfi should have expected that comments on the article could go beyond the boundaries of acceptable criticism and reach the level of gratuitous insult or hate speech, and that therefore it should have taken steps “in order to avoid being held liable for an infringement of other persons’ reputations” (par. 86). Next the Court is of the opinion that the word-based technical filter that was installed to delete vulgarities, threats or obscene expressions, was shown to be insufficient. Also the notice-and-take-down facility according to which anyone by simply clicking on a button designed for that purpose could notify inappropriate comments to the administrators of the portal, had not prevented the grossly insulting comments from being published on the platform (par. 87). The Court is of the opinion that Delfi exercised “a substantial degree of control over the comments published on its portal”, although it did not make as much use as it could have done of the full extent of the control at its disposal (par. 89). As Delfi allowed comments by non-registered users, and as it would appear disproportionate to put the onus of identifying authors of the offensive comments on the injured person, the Court is of the opinion that Delfi for that reason must be considered “to have assumed a certain responsibility for these comments” and that it should have prevented defamatory or insulting statements being made public (par. 89 and 91). The Court says to be mindful of the importance of the wishes of Internet users not to disclose their identity in exercising their freedom of expression, at the same time emphasising the danger that information, once made public, will remain and “circulate forever” and therefore calling for caution. As it is difficult to remove defamatory or insulting statements once they have started to circulate on the Internet and as the potentially injured person is unlikely to possess resources for continual monitoring of the Internet, this is considered an additional argument for pre-monitoring users’ comments on a news portal, preventing harm on others’ personality rights (par. 92). Finally the Court notes that Delfi was ordered to pay 320 euro in non-pecuniary damages, being by no means a disproportionate sanction for a professional media platform such as Delfi (par. 93). Based on these elements and “in particular the insulting and threatening nature of the comments” the Court unanimously comes to the conclusion that the Estonian courts’ finding that Delfi was liable for the defamatory comments posted by readers on its Internet news portal was a justified and proportionate restriction of Delfi’s right to freedom of expression.
With Delfi AS v. Estonia, the First Section delivered the first judgment of the ECtHR dealing with online media liability for user generated content and readers’ input on a news website or media platform. For several reasons however there are legitimate reasons to doubt whether the Court’s approach is a sustainable one in the light of the international and European standards on internet liability for intermediaries, online freedom of expression and the right of anonymity on the Internet.
Within the format of this blog it is not possible to unfold a thorough analysis of the case and the Court’s judgment. The blogs mentioned in the introduction already gave a preliminary analysis and have pointed out the controversial issues contained in the judgment, such as the fact that Delfi could have predicted that the article would cause offensive comments, the emphasis by the Court on organising an efficient system of pre-monitoring of user generated content, the repeated reference that Delfi received commercial benefit from the comments being made, and the way the Court struggles with the right of anonymity on the Internet.
Most controversial however is the Court’s acceptance of the qualification by the Estonian courts of Delfi as a content provider and not an intermediary internet service provider. Although there can indeed be no doubt that Delfi is a content provider and an editor of its own output as an online news portal, it is problematic to qualify Delfi as an editor of the users’ comment. The judgment demonstrates the far-reaching impact of the non-qualification as hosting provider: removing the limited character of the liability as an ISP and urging the publisher or operator of users’ comments to pre-monitor all incoming reactions in order to prevent any defamatory of insulting message on its platforms, risking otherwise to be held liable, even if the message has been removed once the illicit or illegal character of the content was acknowledged to the operator. Because of the clear legal and practical impact of the non-qualification as an ISP on Delfi’s right to freedom of expression, the European Court itself should have made a thorough assessment of how to qualify Delfi’s activities operating the users’ comment on its news portal, an assessment in the light of its own case law and the jurisprudence of the CJEU, on the basis of a comparative analysis with the situation in other member states and taking into account international standards on the matter. In this respect, the Court is also very lenient in accepting that the Estonian law was sufficiently clear and predictable and that Delfi should have been aware that it could be held liable, even after expeditious removal after having been notified of specific illegal content. One can certainly argue that there were no clear legal provisions excluding the activities of user generated content on a news platform from the restricted ISP liability, nor was there any convincing or consistent jurisprudence in Estonia in this regard. Based on the provisions of the E-Commerce Directive and the Estonian Information Society Services Act, Delfi was certainly in a position to believe that the users’ comment environment fell under the provisions of restricted ISP liability. A clear illustration that also amongst lawyers, legal experts and judges it was reasonable to estimate that Delfi could rely on the more recent and specific ISP-liability provisions in the online environment, rather than on the general provisions protecting personality rights and on the liability rules in the civil code, is found in the first instance judgment in this case. Indeed the judges of the County Court affirmatively found that Delfi’s responsibility was to be situated within the framework of the limited ISP-liability as enshrined in the Estonian Information Society Services Act and the EU E-Commerce Directive 2000/31. The County Court in 2007 found that Delfi’s comment environment was to be distinguished from the portal’s journalistic area, and that therefore Delfi could rely on the limited ISP-liability and did not have an obligation to pre-monitor the users’ comment on its platform. It is a bit far-fetched in this regard to emphasise, as the European Court did, that as a professional publisher Delfi must have been familiar with the Estonian legislation and case law on tort and must have been aware of the publisher’s liability when disregarding others’ personality rights, eventually on the basis of legal advice. The crux of the case is precisely that lawyers with expertise in ICT-law would probably have considered these activities by Delfi to fall under the application of the limited ISP-liability. And so did the judges of the first instance court in this case. Therefore the European Court’s statement that Delfi was “in a position to assess the risks related to its activities and that it must have been able to foresee, to a reasonable degree, the consequences which it could entail” seems to neglect that there were pertinent arguments why Delfi could reasonably count on being exempted from liability, as it had acted in accordance with the provisions of the Estonian Information Society Services Act and the EU E-Commerce Directive 2000/31, expeditiously removing offensive content upon notification. By affirming the disqualification of Delfi as an ISP, and by accepting that the interference with Delfi’s freedom of expression not acting as an intermediary was prescribed by law, the Court opened the door wide open to find no violation of Article 10, applying strict traditional standards of liability of media publishers combined with a tendency to overprotect personality rights in the internet environment, referring to the danger “that information once made public will remain public and circulate for ever”, urging for a general pre-monitoring of all users’ generated content.
A final observation relates to the reference by the European Court to Delfi’s “duty of diligence” with regard to the notice-and-take-down system installed, as this “system was easily accessible and convenient for users – there was no need to take any steps other than clicking on a button provided for that purpose and there was no need to formulate reasons as to why a comment was considered inappropriate (..)” (par. 88). Hence the Court seems to fully approve the “reporting button” type of notice-and-take-down procedures, which does not require any explanation or motivation as to why the content at issue might be offensive, illicit or illegal. Neither the one who notifies, nor the Internet intermediary has to give any justification for the removal or blocking of alleged offensive content. Such a notice-and-take-down reduces the monitoring process to a mere technical, non-transparent and very superficial interference with the right of freedom of expression in the online environment, with a clear risk of overbroad removal or blocking of online content protected according to Article 10 standards.
The judgment is not yet final and Delfi AS can still request for a referral to the Grand Chamber until 10 January 2014. Because of the controversial character of some of the arguments developed by the Court and the enormous impact the judgment might have if the Estonian approach, not overruled by the European Court, is followed in other European countries, there are good reasons to have the case reconsidered by the Grand Chamber of the Strasbourg Court. The Grand Chamber will also have the occasion, as it has done in other judgments, to be more inspired by some of the basic principles promulgated in a set of policy documents by the Committee of Ministers of the Council or Europe or by other European or international provisions related to the right of freedom of expression on the Internet. In this scenario, it will be up to the Grand Chamber to sort out the “Delfi mess” created by the judgment of the First Section.
* Dirk Voorhoof is professor at Ghent University (Belgium) and lectures European Media Law at Copenhagen University (Denmark). He is also a Member of the Flemish Regulator for the Media and of the Human Rights Centre at Ghent University. More information on Dirk Voorhoof can be found on the website of the Faculty of Political and Social Sciences, here.