European Cyberlaw handout – ISP Liability Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (Directive on electronic commerce) Article 12 "Mere conduit" 1. Where an information society service is provided that consists of the transmission in a communication network of information provided by a recipient of the service, or the provision of access to a communication network, Member States shall ensure that the service provider is not liable for the information transmitted, on condition that the provider: (a) does not initiate the transmission; (b) does not select the receiver of the transmission; and (c) does not select or modify the information contained in the transmission. 2. The acts of transmission and of provision of access referred to in paragraph 1 include the automatic, intermediate and transient storage of the information transmitted in so far as this takes place for the sole purpose of carrying out the transmission in the communication network, and provided that the information is not stored for any period longer than is reasonably necessary for the transmission. 3. This Article shall not affect the possibility for a court or administrative authority, in accordance with Member States' legal systems, of requiring the service provider to terminate or prevent an infringement. Article 13 "Caching" 1. Where an information society service is provided that consists of the transmission in a communication network of information provided by a recipient of the service, Member States shall ensure that the service provider is not liable for the automatic, intermediate and temporary storage of that information, performed for the sole purpose of making more efficient the information's onward transmission to other recipients of the service upon their request, on condition that: (a) the provider does not modify the information; (b) the provider complies with conditions on access to the information; (c) the provider complies with rules regarding the updating of the information, specified in a manner widely recognised and used by industry; (d) the provider does not interfere with the lawful use of technology, widely recognised and used by industry, to obtain data on the use of the information; and (e) the provider acts expeditiously to remove or to disable access to the information it has stored upon obtaining actual knowledge of the fact that the information at the initial source of the transmission has been removed from the network, or access to it has been disabled, or that a court or an administrative authority has ordered such removal or disablement. 2. This Article shall not affect the possibility for a court or administrative authority, in accordance with Member States' legal systems, of requiring the service provider to terminate or prevent an infringement. Article 14 Hosting 1. Where an information society service is provided that consists of the storage of information provided by a recipient of the service, Member States shall ensure that the service provider is not liable for the information stored at the request of a recipient of the service, on condition that: (a) the provider does not have actual knowledge of illegal activity or information and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or information is apparent; or (b) the provider, upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information. 2. Paragraph 1 shall not apply when the recipient of the service is acting under the authority or the control of the provider. 3. This Article shall not affect the possibility for a court or administrative authority, in accordance with Member States' legal systems, of requiring the service provider to terminate or prevent an infringement, nor does it affect the possibility for Member States of establishing procedures governing the removal or disabling of access to information. Article 15 No general obligation to monitor 1. Member States shall not impose a general obligation on providers, when providing the services covered by Articles 12, 13 and 14, to monitor the information which they transmit or store, nor a general obligation actively to seek facts or circumstances indicating illegal activity. 2. Member States may establish obligations for information society service providers promptly to inform the competent public authorities of alleged illegal activities undertaken or information provided by recipients of their service or obligations to communicate to the competent authorities, at their request, information enabling the identification of recipients of their service with whom they have storage agreements. In Joined Cases C-236/08 to C-238/08 (Google Adwords) B – The liability of the referencing service provider 106 By its third question in Case C‑236/08, its second question in Case C‑237/08 and its third question in Case C‑238/08, the Cour de cassation asks, in essence, whether Article 14 of Directive 2000/31 is to be interpreted as meaning that an internet referencing service constitutes an information society service consisting in the storage of information supplied by the advertiser, with the result that that information is the subject of ‘hosting’ within the meaning of that article and that the referencing service provider therefore cannot be held liable prior to its being informed of the unlawful conduct of that advertiser. 120 It follows that the answer to the third question in Case C‑236/08, the second question in Case C‑237/08 and the third question in Case C‑238/08 is that Article 14 of Directive 2000/31 must be interpreted as meaning that the rule laid down therein applies to an internet referencing service provider in the case where that service provider has not played an active role of such a kind as to give it knowledge of, or control over, the data stored. If it has not played such a role, that service provider cannot be held liable for the data which it has stored at the request of an advertiser, unless, having obtained knowledge of the unlawful nature of those data or of that advertiser’s activities, it failed to act expeditiously to remove or to disable access to the data concerned. In Case C-324/09 (eBay) 6. Article 14(1) of Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’) must be interpreted as applying to the operator of an online marketplace where that operator has not played an active role allowing it to have knowledge or control of the data stored. The operator plays such a role when it provides assistance which entails, in particular, optimising the presentation of the offers for sale in question or promoting them. Where the operator of the online marketplace has not played an active role within the meaning of the preceding paragraph and the service provided falls, as a consequence, within the scope of Article 14(1) of Directive 2000/31, the operator none the less cannot, in a case which may result in an order to pay damages, rely on the exemption from liability provided for in that provision if it was aware of facts or circumstances on the basis of which a diligent economic operator should have realised that the offers for sale in question were unlawful and, in the event of it being so aware, failed to act expeditiously in accordance with Article 14(1)(b) of Directive 2000/31. In Case C-70/10 (Scarlet) Directives 2000/31/EC (...), 2001/29/EC (...), 2004/48/EC (...), 95/46/EC (...), 2002/58/EC (...) read together and construed in the light of the requirements stemming from the protection of the applicable fundamental rights, must be interpreted as precluding an injunction made against an internet service provider which requires it to install a system for filtering – all electronic communications passing via its services, in particular those involving the use of peer-to-peer software; – which applies indiscriminately to all its customers; – as a preventive measure; – exclusively at its expense; and – for an unlimited period, which is capable of identifying on that provider’s network the movement of electronic files containing a musical, cinematographic or audio-visual work in respect of which the applicant claims to hold intellectual-property rights, with a view to blocking the transfer of files the sharing of which infringes copyright. In Case C‑484/14 (Tobias Mc Fadden) 1. Article 12(1) of Directive 2000/31/EC (…) must be interpreted as meaning that a service such as that at issue in the main proceedings, provided by a communication network operator and consisting in making that network available to the general public free of charge constitutes an ‘information society service’ within the meaning of Article 12(1) of Directive 2000/31 where the activity is performed by the service provider in question for the purposes of advertising the goods sold or services supplied by that service provider. 6. Having regard to the requirements deriving from the protection of fundamental rights and to the rules laid down in Directives 2001/29 and 2004/48, Article 12(1) of Directive 2000/31, read in conjunction with Article 12(3) of that directive, must be interpreted as, in principle, not precluding the grant of an injunction such as that at issue in the main proceedings, which requires, on pain of payment of a fine, a provider of access to a communication network allowing the public to connect to the internet to prevent third parties from making a particular copyright-protected work or parts thereof available to the general public from an online (peer-to-peer) exchange platform via an internet connection, where that provider may choose which technical measures to take in order to comply with the injunction even if such a choice is limited to a single measure consisting in password-protecting the internet connection, provided that those users are required to reveal their identity in order to obtain the required password and may not therefore act anonymously, a matter which it is for the referring court to ascertain.