A
preview of some of the UK
internet legal developments that we can expect in 2018. Any future EU legislation will
be subject to Brexit considerations and may or may not apply in the UK.
EU copyright reform In 2016 the European Commission published proposals for
TV-like regulation of the internet The review of the EU Audio Visual Media Services Directive continues. The Commission proposal adopted on 25 May 2016 would further extend the Directive's applicability to on-demand providers and internet platforms. [The European Parliament, Council and Commission have reached a preliminary political agreement on the main elements of revised rules.]
Pending CJEU copyright cases More copyright references are pending in the EU Court of Justice. Issues under consideration include whether the EU Charter of Fundamental Rights can be relied upon to justify exceptions or limitations beyond those in the Copyright Directive [(Spiegel Online GmbH v Volker Beck, C-516/17; Funke Medien (Case C-469/17) (Advocate General Opinion 25 October 2018 here) and Pelham Case 476/17)]; and whether a link to a PDF amounts to publication for the purposes of the quotation exception (Spiegel Online GmbH v Volker Beck, C-516/17). Another case on the making available right (Renckhoff, C-161/17) is pending [Judgment was given on 7 August 2018.]. It is also reported that the Dutch Tom Kabinet case on secondhand e-book trading has been referred to the CJEU [Case C-263/18].
ECommerce Directive Two cases involving Uber are before the CJEU, addressing in different contexts whether Uber’s service is an information society service within the Electronic Commerce Directive. Advocate General Szpunar gave an Opinion in Asociación Profesional Élite Taxi v Uber Systems Spain, C-434/15 on 11 May 2017 and in Uber France SAS, Case C‑320/16 on 4 July 2017. [The CJEU gave judgment in Uber Spain on 20 December 2017, holding that the service was a transport service and not an information society service. It followed up with a similar judgment in Uber France on 10 April 2018.][The Austrian Supreme Court has referred to the CJEU questions on whether a hosting intermediary can be required to prevent access to similar content and on extraterritoriality (C-18/18 - Glawischnig-Piesczek).]
Online pornography The Digital Economy Act 2017 grants powers to a regulator (recently formally proposed to be the British Board of Film Classification) to determine age control mechanisms for internet sites that make ‘R18’ pornography available; and to direct ISPs to block such sites that either do not comply with age verification or contain material that would not be granted an R18 certificate. The DCMS has published documents including draft guidance to the Age Verification Regulator.
Cross-border liability and jurisdiction Ilsjan (Case C-194/16) is another CJEU reference on the Article 7(2) (ex-Art 5(3)) tort jurisdiction provisions of the EU Jurisdiction Regulation. The case concerns a claim [by a legal person] for correction and removal of harmful comments. It asks questions around mere accessibility as a threshold for jurisdiction (as found in Pez Hejduk) and the eDate/Martinez ‘centre of interests’ criterion for recovery in respect of the entire harm suffered throughout the EU. The AG Opinion in Ilsjan was delivered on 13 July 2017. [The CJEU gave judgment on 17 October 2017. It held that a claim in relation to rectification, removal and the whole of the damage could be brought in the Member State in which the legal person had its centre of interests. Since an action for rectification and removal is indivisible it cannot be brought in each Member State in which the information is or was accessible.]
The French CNIL/Google case on search engine de-indexing has raised significant issues on extraterritoriality, including whether Google can be required to de-index on a global basis. The Conseil d'Etat has referred various questions about this to the CJEU. [See also C-18/18 Glawischnig-Piesczek. A Swedish court has declined to make a global de-indexing order against Google in a right to be forgotten case, restricting the order to searches from Sweden.]
Online state surveillance The UK’s Investigatory Powers Act 2016 (IP Act), partially implemented in 2016 and 2017, [will] come fully in[to] force [by the end of] 2018. However the government has acknowledged that the mandatory communications data retention provisions of the Act are unlawful in the light of the Watson/Tele2 decision of the CJEU. It launched a consultation on proposed amendments to the Act, including a new Office for Communications Data Authorisation to approve requests for communications data. [The proposed amendments are contained in the draft Data Retention and Acquisition Regulations currently being considered by Parliament.] Meanwhile a reference to the CJEU from the Investigatory Powers Tribunal questions whether the Watson decision applies to national security, and if so how.
The IP Act (in particular the bulk powers provisions) may also be indirectly affected by cases in the CJEU (challenges to the EU-US Privacy Shield), in the European Court of Human Rights (various NGOs challenging the existing RIPA bulk interception regime [- judgment given on 13 September 2018]) and by a judicial review by Privacy International of an Investigatory Powers Tribunal decision on equipment interference powers. However in that case the Court of Appeal has held that the Tribunal decision is not susceptible of judicial review. [A further appeal will be heard by the Supreme Court, following grant of permission to appeal on 22 March 2018.] One of the CJEU challenges to the EU-US Privacy Shield was held by the General Court on 22 November 2017 to be inadmissible for lack of standing.
Liberty's challenge by way of judicial review to the IP Act bulk powers and data retention powers is pending. [A judgment in relation to data retention powers was issued on 27 April 2018, giving the government until 1 November 2018 to amend the IP Act to reflect two conceded grounds of incompatibility with EU law. See above, the draft Data Retention and Acquisition Regulations.]
EU copyright reform In 2016 the European Commission published proposals for
-
a Directive on Copyright in the Digital Single Market. As it
navigates the EU legislative process the proposal continues to excite
controversy, mainly over the proposed publishers’ ancillary right and the clash between
Article 13 and the ECommerce Directive's intermediary liability
provisions.
-
a Regulation extending the country of origin provisions of the Satellite and Cable Broadcasting
Directive
to broadcasters' ancillary online transmissions. Most of the Commission’s
proposal was recently
rejected by the European Parliament.
-
legislation to mandate a degree of online content portability within
the EU. The Regulation on cross-border
portability of online content services in the internal market was adopted on 14
June 2017 and will apply from 20 March 1 April 2018.
EU online business As part of its Digital
Single Market proposals the European Commission published a proposal for a Regulation on "Geo-blocking
and other forms of discrimination". It aims to prevent online retailers
from discriminating, technically or commercially, on the basis of nationality,
residence or location of a customer. Political
agreement was reached in November 2017 [and the Regulation was adopted on 28 February 2018. The Regulation will apply from 3 December 2018].
Telecoms privacy The proposed EU
ePrivacy Regulation continues to make a choppy voyage through the EU legislative
process.
Intermediary liability On 28 September 2017 the European Commission published a Communication on Tackling Illegal Content Online. This is a set of nominally voluntary guidelines under which online platforms would adopt institutionalised notice and takedown/staydown procedures and proactive content filtering processes, based in part on a system of 'trusted flaggers'. The scheme would cover every kind of illegality from terrorist content, through copyright to defamation. The Commission aims to determine by May 2018 whether additional legislative measures are needed. [The Commission followed up on 1 March 2018 with a Recommendation on Measures to Effectively Tackle Illegal Content Online and with a public consultation open until 25 June 208. On 12 September 2018 the Commission published a Proposal for a Regulation on preventing the dissemination of terrorist content online.]
Politicians
have increasingly questioned the continued appropriateness of
intermediary liability protections under the Electronic Commerce Directive. The UK Committee
on Standards in Public Life has suggested
that Brexit presents an opportunity to depart from the Directive. The government
has published its Internet
Safety Strategy Green Paper. More to come in 2018 or 2019. [The House of Lord Communications Committee is conducting an inquiry on internet regulation, including intermediary liability.] The
hearing of the appeal to the UK Supreme Court in Cartier on who should bear the cost of complying with site blocking
injunctions [was] heard [at the end of February] 2018. [Judgment was given on 13 June 2018. The Supreme Court held that the rightsowner claimants should bear the ISPs' costs of complying with the injunction. The Court reviewed the basis on which site blocking injunctions are granted and found that they have a domestic basis in the equitable jurisdiction of the courts, independent of EU legislation.] Intermediary liability On 28 September 2017 the European Commission published a Communication on Tackling Illegal Content Online. This is a set of nominally voluntary guidelines under which online platforms would adopt institutionalised notice and takedown/staydown procedures and proactive content filtering processes, based in part on a system of 'trusted flaggers'. The scheme would cover every kind of illegality from terrorist content, through copyright to defamation. The Commission aims to determine by May 2018 whether additional legislative measures are needed. [The Commission followed up on 1 March 2018 with a Recommendation on Measures to Effectively Tackle Illegal Content Online and with a public consultation open until 25 June 208. On 12 September 2018 the Commission published a Proposal for a Regulation on preventing the dissemination of terrorist content online.]
TV-like regulation of the internet The review of the EU Audio Visual Media Services Directive continues. The Commission proposal adopted on 25 May 2016 would further extend the Directive's applicability to on-demand providers and internet platforms. [The European Parliament, Council and Commission have reached a preliminary political agreement on the main elements of revised rules.]
Pending CJEU copyright cases More copyright references are pending in the EU Court of Justice. Issues under consideration include whether the EU Charter of Fundamental Rights can be relied upon to justify exceptions or limitations beyond those in the Copyright Directive [(Spiegel Online GmbH v Volker Beck, C-516/17; Funke Medien (Case C-469/17) (Advocate General Opinion 25 October 2018 here) and Pelham Case 476/17)]; and whether a link to a PDF amounts to publication for the purposes of the quotation exception (Spiegel Online GmbH v Volker Beck, C-516/17). Another case on the making available right (Renckhoff, C-161/17) is pending [Judgment was given on 7 August 2018.]. It is also reported that the Dutch Tom Kabinet case on secondhand e-book trading has been referred to the CJEU [Case C-263/18].
ECommerce Directive Two cases involving Uber are before the CJEU, addressing in different contexts whether Uber’s service is an information society service within the Electronic Commerce Directive. Advocate General Szpunar gave an Opinion in Asociación Profesional Élite Taxi v Uber Systems Spain, C-434/15 on 11 May 2017 and in Uber France SAS, Case C‑320/16 on 4 July 2017. [The CJEU gave judgment in Uber Spain on 20 December 2017, holding that the service was a transport service and not an information society service. It followed up with a similar judgment in Uber France on 10 April 2018.][The Austrian Supreme Court has referred to the CJEU questions on whether a hosting intermediary can be required to prevent access to similar content and on extraterritoriality (C-18/18 - Glawischnig-Piesczek).]
Online pornography The Digital Economy Act 2017 grants powers to a regulator (recently formally proposed to be the British Board of Film Classification) to determine age control mechanisms for internet sites that make ‘R18’ pornography available; and to direct ISPs to block such sites that either do not comply with age verification or contain material that would not be granted an R18 certificate. The DCMS has published documents including draft guidance to the Age Verification Regulator.
Cross-border liability and jurisdiction Ilsjan (Case C-194/16) is another CJEU reference on the Article 7(2) (ex-Art 5(3)) tort jurisdiction provisions of the EU Jurisdiction Regulation. The case concerns a claim [by a legal person] for correction and removal of harmful comments. It asks questions around mere accessibility as a threshold for jurisdiction (as found in Pez Hejduk) and the eDate/Martinez ‘centre of interests’ criterion for recovery in respect of the entire harm suffered throughout the EU. The AG Opinion in Ilsjan was delivered on 13 July 2017. [The CJEU gave judgment on 17 October 2017. It held that a claim in relation to rectification, removal and the whole of the damage could be brought in the Member State in which the legal person had its centre of interests. Since an action for rectification and removal is indivisible it cannot be brought in each Member State in which the information is or was accessible.]
The French CNIL/Google case on search engine de-indexing has raised significant issues on extraterritoriality, including whether Google can be required to de-index on a global basis. The Conseil d'Etat has referred various questions about this to the CJEU. [See also C-18/18 Glawischnig-Piesczek. A Swedish court has declined to make a global de-indexing order against Google in a right to be forgotten case, restricting the order to searches from Sweden.]
Online state surveillance The UK’s Investigatory Powers Act 2016 (IP Act), partially implemented in 2016 and 2017, [will] come fully in[to] force [by the end of] 2018. However the government has acknowledged that the mandatory communications data retention provisions of the Act are unlawful in the light of the Watson/Tele2 decision of the CJEU. It launched a consultation on proposed amendments to the Act, including a new Office for Communications Data Authorisation to approve requests for communications data. [The proposed amendments are contained in the draft Data Retention and Acquisition Regulations currently being considered by Parliament.] Meanwhile a reference to the CJEU from the Investigatory Powers Tribunal questions whether the Watson decision applies to national security, and if so how.
The IP Act (in particular the bulk powers provisions) may also be indirectly affected by cases in the CJEU (challenges to the EU-US Privacy Shield), in the European Court of Human Rights (various NGOs challenging the existing RIPA bulk interception regime [- judgment given on 13 September 2018]) and by a judicial review by Privacy International of an Investigatory Powers Tribunal decision on equipment interference powers. However in that case the Court of Appeal has held that the Tribunal decision is not susceptible of judicial review. [A further appeal will be heard by the Supreme Court, following grant of permission to appeal on 22 March 2018.] One of the CJEU challenges to the EU-US Privacy Shield was held by the General Court on 22 November 2017 to be inadmissible for lack of standing.
Liberty's challenge by way of judicial review to the IP Act bulk powers and data retention powers is pending. [A judgment in relation to data retention powers was issued on 27 April 2018, giving the government until 1 November 2018 to amend the IP Act to reflect two conceded grounds of incompatibility with EU law. See above, the draft Data Retention and Acquisition Regulations.]
Compliance
of the UK’s surveillance laws with EU Charter fundamental rights will be a factor in any data protection adequacy decision that is sought once the UK becomes a non-EU third
country post-Brexit.
[Here is an updated mindmap of challenges to the UK surveillance regime.]
[Here is an updated mindmap of challenges to the UK surveillance regime.]
[Update 18 Dec. Replaced 'EU law' in last para with 'EU Charter fundamental rights'.] [Updated 5 March 2018, including addition of mindmap; and 6 March 2018 to add CJEU referral in C-18/18 Glawischnig-Piesczek.]
[Updated 28 March 2018 to correct starting date of Portability Regulation to reflect corrigendum to the Regulation.][Updated 27 April 2018 with updated mindmap. Further updated 13 and 17 May 2018, 1 October 2018; further updated mindmap, 2 October 2018.]
[Updated 1 November 2018 to add three references to the CJEU on copyright and freedom of expression.]
[Updated 28 March 2018 to correct starting date of Portability Regulation to reflect corrigendum to the Regulation.][Updated 27 April 2018 with updated mindmap. Further updated 13 and 17 May 2018, 1 October 2018; further updated mindmap, 2 October 2018.]
[Updated 1 November 2018 to add three references to the CJEU on copyright and freedom of expression.]
