Monday 14 August 2017

21 years of cross-border liability on the internet

The Canadian Supreme Court decision in Equustek and the French Conseil d'Etat decision to make a CJEU reference in Google v CNIL have once again focused attention on the intractable issues around cross-border liability for publication on the internet. 

This is a topic on which I have been writing and speaking off and on since 1996 when I first heard lawyers calling for an international convention to govern cross-border internet liability issues. My view then was that, given the strong inclination of each state to assert the superiority of its own laws over anyone else's, anything that 100-plus governments were able to agree on was unlikely to be good for the internet.  We were better off with continuing chaos. (See further my contribution 'Content on the Internet - Law, Regulation, Convergence and Human Rights' in International Law and The Hague's 750th Anniversary (ed. W.P. Heere. TMC Asser Press 1999.) 

Subsequent experience has, if anything, reinforced that view. And what was originally a debate about information published across borders has, not to its benefit, now become tangled up with the separate jurisdictional question of police and intelligence agency powers to obtain private user data from internet companies in other countries (see e.g. Global Commission on Internet Governance Primer on Internet Jurisdiction (PDF)). 

The root of the intractability is simple.  Unlike any previous medium, the internet is cross border by default and is used, not just as reader but as publisher, by individuals in their hundreds of millions. An internet site is, unless its operator takes positive steps to prevent it by geo-blocking, accessible in any country (excepting those that have erected national firewalls at their borders and banned VPNs). This applies not only to commercial websites but also to individual blogs, tweets, Facebook posts and the like. Accessibility also applies to search engines, which since they operate on the internet are themselves by default accessible worldwide.  

How do nation states respond?  They may accept the possibility that their citizens (or residents and visitors) can, if they try hard enough, find information on the internet that has been created under other countries' laws and which may not be lawful at home (just as when citizens travel abroad and read books not available at home). 

If states reject that possibility they end up either forcing their laws on the citizens of other countries by insisting on worldwide removal, or compelling the site or search engine to geo-block. That holds out the prospect of less permeable borders in cyberspace than existed in the pre-internet physical world (putting on one side the ugly precedents of the Berlin Wall and jamming foreign broadcasts). (See further my chapter 'Cyberborders and the Right to Travel in Cyberspace' in The Net and the Nation State (ed. Uta Kohl, CUP 2017).)  

In a submission to the Leveson Inquiry (PDF) in 2012 Max Mosley said: 
“Anyone using the internet must therefore obey the laws in their country.  Similarly, they should obey the law in countries where their posts appear. As a practical matter, it is the search engines and service providers which can best prevent breaches of the law outside the country of origin of the original post."
As the Equustek and CNIL cases illustrate, the focus is indeed now on search engines, with plaintiffs seeking to leverage their gatekeeper potential not just domestically but on a worldwide basis. 

But Mr Mosley's beguiling proposition begs the same questions that have been asked since the 1990s: should the mere fact that a post appears in another country be enough to trigger the law of that country when the default setting built into the internet is cross-border accessibility? Does it accord with reasonable expectations to require individual bloggers and social media posters to comply with the laws of all countries? Does such a rule strike the right balance from the point of view of readers worldwide, bearing mind the resulting incentive to apply the most restrictive common denominator? My answer is no to all three questions. (See further my September 2012 submission (PDF) to the Leveson Inquiry commenting on Max Mosley's proposal.)

In one respect we have made progress since 1996. In an increasing number of subject matter areas a targeting test has been held (at least within the EU) to define the territorial scope of a right. Targeting rules hold out the prospect of something approaching a peaceful co-existence regime. Properly formulated and applied, a targeting test (a) lays down that mere accessibility does not trigger the laws or jurisdiction of another country and (b) requires relevant positive conduct, not mere omission, in order to do so. (See further my articles Directing and Targeting: The Answer to the Internet's Jurisdiction Problems Computer Law Review International, 2004 and Here, There or Everywhere? Cross-border Liability on the Internet (Computer and Telecommunications Law Review, 2007 C.T.L.R. 41).

However, the furore that periodically erupts around cross-border internet cases shows that there is still little consensus on these issues. Nuanced approaches may be at greatest risk of being jettisoned when the law in question is said to embody a core value of the state asked to adopt an expansive jurisdictional stance. That is also the time when greatest care should be taken not to let enthusiasm for the perceived merits of domestic law override respect for the different laws of other countries and the principle of peaceful co-existence.