Internet legal developments to look out for in 2019

A bumper crop of pending litigation and legislative initiatives for the coming year (without even thinking about Brexit).

EU copyright reform

-         The proposed Directive on Copyright in the Digital Single Market is currently embroiled in trialogue discussions between Commission, Council and Parliament. It continues to excite controversy over the publishers’ ancillary right and the clash between Article 13 and the ECommerce Directive's intermediary liability provisions. [Directive adopted on 15 April 2019. Implementation by Member States due 24 months after publication in the Official Journal.]

-         Political agreement was reached on 13 December 2018 to a Directive (originally proposed as a Regulation) extending the country of origin provisions of the Satellite and Cable Broadcasting Directive to online radio and news broadcasts. Formal approval of a definitive text should follow in due course. [The Directive was adopted on 15 April 2019.]

EU online business The European Commission has proposed a Regulation on promoting fairness and transparency for business users of online intermediation services. It would lay down transparency and redress rules for the benefit of business users of online intermediation services and of corporate website users of online search engines. The legislation would cover online marketplaces, online software application stores, online social media and search engines. The Council of the EU reached a common position on the draft Regulation on 29 November 2018. [The Parliament and Council reached political agreement on the proposed Regulation on 12 April 2019.]

Telecoms privacy The proposed EU ePrivacy Regulation continues to make a choppy voyage through the EU legislative process.

Intermediary liability The UK government has published its Internet Safety Strategy Green Paper, the precursor to a White Paper to be published in winter 2018-2019 which will include intermediary liability, duties and responsibilities. In parallel the House of Lords Communications Committee is conducting an inquiry on internet regulation, including intermediary liability. A House of Commons Committee examining Disinformation and Fake News has also touched on the topic. Before that the UK Committee on Standards in Public Life suggested that Brexit presents an opportunity to depart from the intermediary liability protections of the ECommerce Directive. [The government published its Online Harms White Paper on 8 April 2019.]

On 12 September 2018 the European Commission published a Proposal for a Regulation on preventing the dissemination of terrorist content online. This followed its September 2017 Communication on Tackling Illegal Content Online and March 2018 Recommendation on Measures to Effectively Tackle Illegal Content Online. It is notable for one hour takedown response times and the ability for Member States to derogate from the ECommerce Directive Article 15 prohibition on imposing general monitoring obligations on conduits, caches and hosts.

The Austrian Supreme Court has referred to the CJEU questions on whether a hosting intermediary can be required to prevent access to similar content and on extraterritoriality (C-18/18 - Glawischnig-Piesczek). The German Federal Supreme Court has referred two cases (YouTube and Uploaded) to the CJEU asking questions about (among other things) the applicability of the ECommerce Directive intermediary protections to UGC sharing sites.

Pending CJEU copyright cases Several copyright references are pending in the EU Court of Justice. Issues under consideration include whether the EU Charter of Fundamental Rights can be relied upon to justify exceptions or limitations beyond those in the Copyright Directive (Spiegel Online GmbH v Volker Beck, C-516/17;  Funke Medien (Case C-469/17) (Advocate General Opinion 25 October 2018 here) and Pelham Case 476/17) (Advocate General Opinion 12 December 2018 here); and whether a link to a PDF amounts to publication for the purposes of the quotation exception (Spiegel Online GmbH v Volker Beck, C-516/17). The Dutch Tom Kabinet case on secondhand e-book trading has been referred to the CJEU (Case C-263/18). The YouTube and Uploaded cases pending from the German Federal Supreme Court include questions around the communication to the public right.

Online pornography The Digital Economy Act 2017 grants powers to a regulator (subsequently designated to be the British Board of Film Classification) to determine age control mechanisms for internet sites that make ‘R18’ pornography available; and to direct ISPs to block such sites that either do not comply with age verification or contain material that would not be granted an R18 certificate. The process of putting in place the administrative arrangements is continuing. [The regime will come into force on 15 July 2019.]

Cross-border liability and jurisdiction The French CNIL/Google case on search engine de-indexing has raised significant issues on extraterritoriality, including whether Google can be required to de-index on a global basis. The Conseil d'Etat has referred various questions about this to the CJEU [Case C-507/17; Advocate General Opinion delivered 10 January 2019]. C-18/18 Glawischnig-Piesczek, a reference from the Austrian Supreme Court, also raises territoriality questions in the context of Article 15 of the ECommerce Directive.

In the law enforcement field the EU has proposed a Regulation on EU Production and Preservation Orders (the ‘e-Evidence Regulation’) and associated Directive that would set up a regime for some cross-border requests direct to service providers. The UK has said that it will not opt in the Regulation. US-UK bilateral negotiations on direct cross-border access to data are continuing'. The Crime (Overseas Production Orders) Bill, which would put in place a mechanism enabling UK authorities to make cross-border requests under such a bilateral agreement is progressing through Parliament and received Royal Assent on 12 February 2019]. [Meanwhile discussions continue on a Second Protocol to the Cybercrime Convention, on evidence in the cloud]

Online state surveillance The UK’s Investigatory Powers Act 2016 (IP Act), has come almost completely into force, including amendments following the Watson/Tele2 decision of the CJEU. However the arrangements for a new Office for Communications Data Authorisation to approve requests for communications data have yet to be put in place.

Meanwhile a pending reference to the CJEU from the Investigatory Powers Tribunal raises questions as to whether the Watson decision applies to national security, and if so how; whether mandatorily retained data have to be held within the EU; and whether those whose data have been accessed have to be notified.

Liberty has a pending judicial review of the IP Act bulk powers and data retention powers, due to resume in June 2019. It has been granted permission to appeal to the Court of Appeal on the question whether the data retention powers constitute illegitimate generalised and indiscriminate retention.

The IP Act (in particular the bulk powers provisions) may be indirectly affected by cases in the CJEU (challenges to the EU-US PrivacyShield and to the Belgian communications data retention regime), in the European Court of Human Rights (in which Big Brother Watch and various other NGOs challenge the existing RIPA bulk interception regime) and by an attempted judicial review by Privacy International of an Investigatory Powers Tribunal decision on equipment interference powers.

The ECtHR gave a Chamber judgment in the BBW case on 13 September 2018. If the judgment had becomes final it could have affected the IP Act in as many as three separate ways. However the NGOs successfully have lodged an appliedcation for the judgment to be referred to the ECtHR Grand Chamber, as did the applicants in the Swedish Rattvisa case, in which judgment was given on 19 June 2018. The two cases are therefore now pending before the Grand Chamber.

In the Privacy International equipment interference case, the Court of Appeal held that the Investigatory Powers Tribunal decision was not susceptible of judicial review.  [On further appeal the Supreme Court held on 15 May 2019 that the IPT decision was susceptible of judicial review. The litigation will now continue.]

Compliance of the UK’s surveillance laws with EU Charter fundamental rights will be a factor in any data protection adequacy decision that is sought once the UK becomes a non-EU third country post-Brexit.

[Here is an updated mindmap of challenges to the UK surveillance regime:]

[Software - goods or services? Pending appeal to UK Supreme Court as to whether software supplied electronically as a download and not on any tangible medium is goods for the purposes of the Commercial Agents Regulations. Computer Associates (UK) Ltd v The Software Incubator Ltd Hearing  28 March 2019.]

[Updated 28 Dec 2018 to add due date of AG Opinion in Google v CNIL, 2 January 2019 to add the CJEU reference on the Belgian communications data retention regime and the pending Supreme Court decision on ouster; 4 Jan 2019 to add the AG Opinion in Pelham; 14 Jan 2019 to add Rattvisa application to refer to ECtHR Grand Chamber; 15 Jan 2019 to add AG Opinion in Google v CNIL and Computer Associates v Software Incubator appeal; 16 Jan 2019 to add Cybercrime Convention; 14 May 2019, various updates; 21 May 2019, updated to add result of Privacy International Supreme Court appeal and update mindmap.] 

A Lord Chamberlain for the internet? Thanks, but no thanks.

This summer marked the fiftieth anniversary of the Theatres Act 1968, the legislation that freed the theatres from the censorious hand of the Lord Chamberlain of Her Majesty’s Household. Thereafter theatres needed to concern themselves only with the general laws governing speech. In addition they were granted a public good defence to obscenity and immunity from common law offences against public morality.

The Theatres Act is celebrated as a landmark of enlightenment. Yet today we are on the verge of creating a Lord Chamberlain of the Internet. We won't call it that, of course. The Times, in its leader of 5 July 2018, came up with the faintly Orwellian "Ofnet". Speculation has recently renewed that the UK government is laying plans to create a social media regulator to tackle online harm. What form that might take, should it happen, we do not know. We will find out when the government produces a promised white paper.

When governments talk about regulating online platforms to prevent harm it takes no great leap to realise that we, the users, are the harm that they have in mind.

The statute book is full of legislation that restrains speech. Most, if not all, of this legislation applies online as well as offline. Some of it applies more strictly online than offline. These laws set boundaries: defamation, obscenity, intellectual property rights, terrorist content, revenge porn, harassment, incitement to racial and religious hatred and many others. Those boundaries represent a balance between freedom of speech and harm to others. It is for each of us to stay inside the boundaries, wherever they may be set. Within those boundaries we are free to say what we like, whatever someone in authority may think. Independent courts, applying principles, processes and presumptions designed to protect freedom of speech, adjudge alleged infractions according to clear, certain laws enacted by Parliament.

But much of the current discussion centres on something quite different: regulation by regulator. This model concentrates discretionary power in a state agency. In the UK the model is to a large extent the legacy of the 1980s Thatcher government, which started the OF trend by creating OFTEL (as it then was) to regulate the newly liberalised telecommunications market. A powerful regulator, operating flexibly within broadly stated policy goals, can be rule-maker, judge and enforcer all rolled into one.

That may be a long-established model for economic regulation of telecommunications competition, energy markets and the like. But when regulation by regulator trespasses into the territory of speech it takes on a different cast. Discretion, flexibility and nimbleness are vices, not virtues, where rules governing speech are concerned. The rule of law demands that a law governing speech be general in the sense that it applies to all, but precise about what it prohibits. Regulation by regulator is the converse: targeted at a specific group, but laying down only broadly stated goals that the regulator should seek to achieve.
As OFCOM puts it in its recent discussion paper ‘Addressing Harmful Online Content’: “What has worked in a broadcasting context is having a set of objectives laid down by Parliament in statute, underpinned by detailed regulatory guidance designed to evolve over time. Changes to the regulatory requirements are informed by public consultation.”

Where exactly the limits on freedom of speech should lie is a matter of intense, perpetual, debate. It is for Parliament to decide, after due consideration, whether to move the boundaries. It is anathema to both freedom of speech and the rule of law for Parliament to delegate to a regulator the power to set limits on individual speech.

It becomes worse when a document like the government’s Internet Safety Strategy Green Paper takes aim at subjective notions of social harm and unacceptability rather than strict legality and illegality according to the law. ‘Safety’ readily becomes an all-purpose banner under which to proceed against nebulous categories of speech which the government dislikes but cannot adequately define.

Also troubling is the frequently erected straw man that the internet is unregulated. This blurs the vital distinction between the general law and regulation by regulator. Participants in the debate are prone to debate regulation as if the general law did not exist.

Occasionally the difference is acknowledged, but not necessarily as a virtue. The OFCOM discussion paper observes that by contrast with broadcast services subject to long established regulation, some newer online services are ‘subject to little or no regulation beyond the general law’, as if the general law were a mere jumping-off point for further regulation rather than the democratically established standard for individual speech.

OFCOM goes on that this state of affairs was “not by design, but the outcome of an evolving system”. However, a deliberate decision was taken with the Communications Act 2003 to exclude OFCOM’s jurisdiction over internet content in favour of the general law alone.

Moving away from individual speech, the OFCOM paper characterises the fact that online newspapers are not subject to the impartiality requirements that apply to broadcasters as an inconsistency. Different, yes. Inconsistent, no.

Periodically since the 1990s the idea has surfaced that as a result of communications convergence broadcast regulation should, for consistency, apply to the internet. With the advent of video over broadband aspects of the internet started to bear a superficial resemblance to television. The pictures were moving, send for the TV regulator.

EU legislators have been especially prone to this non-sequitur. They are currently enacting a revision of the Audiovisual Media Services Directive that will require a regulator to exercise some supervisory powers over video sharing platforms.

However broadcast regulation, not the rule of general law, is the exception to the norm. It is one thing for a body like OFCOM to act as broadcast regulator, reflecting television’s historic roots in spectrum scarcity and Reithian paternalism. Even that regime is looking more and more anachronistic as TV becomes less and less TV-like. It is quite another to set up a regulator with power to affect individual speech. And it is no improvement if the task of the regulator is framed as setting rules about the platforms’ rules. The result is the same: discretionary control exercised by a state entity (however independent of the government it may be) over users’ speech, via rules that Parliament has not specifically legislated.

It is true, as the OFCOM discussion paper notes, that the line between broadcast and non-broadcast regulation means that the same content can be subject to different rules depending on how it is accessed. If that is thought to be anomalous, it is a small price to pay for keeping regulation by regulator out of areas in which it should not tread.

The House of Commons Media Culture and Sport Committee, in its July 2018 interim report on fake news, recommended that the government should use OFCOM’s broadcast regulation powers, “including rules relating to accuracy and impartiality”, as “a basis for setting standards for online content”. It is perhaps testament to the loss of perspective that the internet routinely engenders that a Parliamentary Committee could, in all seriousness, suggest that accuracy and impartiality rules should be applied to the posts and tweets of individual social media users.

Setting regulatory standards for content means imposing more restrictive rules than the general law. That is the regulator’s raison d’etre. But the notion that a stricter standard is a higher standard is problematic when applied to what we say. Consider the frequency with which environmental metaphors – toxic speech, polluted discourse – are now applied to online speech. For an environmental regulator, cleaner may well be better. The same is not true of speech. Offensive or controversial words are not akin to oil washed up on the seashore or chemicals discharged into a river. Objectively ascertainable physical damage caused by an oil spill bears no relation to a human being evaluating and reacting to the merits and demerits of what people say and write.

If we go further and transpose the environmental precautionary principle to speech we then have prior restraint – the opposite of the presumption against prior restraint that has long been regarded as a bulwark of freedom of expression. All the more surprising then that The Times, in its July Ofnet editorial, should complain of the internet that “by the time police and prosecutors are involved the damage has already been done”. That is an invitation to step in and exercise prior restraint.

As an aside, do the press really think that Ofnet would not before long be knocking on their doors to discuss their online editions? That is what happened when ATVOD tried to apply the Audiovisual Media Services Directive to online newspapers that incorporated video. Ironically it was The Times' sister paper, the Sun, that successfully challenged that attempt.

The OFCOM discussion paper observes that there are “reasons to be cautious over whether [the broadcast regime] could be exported wholesale to the internet”. Those reasons include that “expectations of protection or [sic] freedom of expression relating to conversations between individuals may be very different from those relating to content published by organisations”.

US district judge Dalzell said in 1996: “As the most participatory form of mass speech yet developed, the internet deserves the highest protection from governmental intrusion”. The opposite view now seems to be gaining ground: that we individuals are not to be trusted with the power of public speech, that it was a mistake ever to allow anyone to speak or write online without the moderating influence of an editor, and that by hook or by crook the internet genie must be stuffed back in its bottle.

Regulation by regulator, applied to speech, harks back to the bad old days of the Lord Chamberlain and theatres. In a free and open society we do not appoint a Lord Chamberlain of the Internet – even one appointed by Parliament rather than by the Queen - to tell us what we can and cannot say online, whether directly or via the proxy of online intermediaries. The boundaries are rightly set by general laws.

We can of course debate what those laws should be. We can argue about whether intermediary liability laws are appropriately set. We can consider what tortious duties of care apply to online intermediaries and whether those are correctly scoped. We can debate the dividing line between words and conduct. We can discuss the vexed question of an internet that is both reasonably safe for children and fit for grown-ups. We can think about better ways of enforcing laws and providing victims of unlawful behaviour with remedies. These are matters for public debate and for Parliament and the general law within the framework of fundamental rights. None of this requires regulation by regulator. Quite the opposite.

Nor is it appropriate to frame these matters of debate as (in the words of The Times) “an opportunity to impose the rule of law on a legal wilderness where civic instincts have been suspended in favour of unthinking libertarianism for too long”. People who use the internet, like people everywhere, are subject to the rule of law. The many UK internet users who have ended up before the courts, both civil and criminal, are testament to that. Disagreement with the substantive content of the law does not mean that there is a legal vacuum.

What we should be doing is take a hard look at what laws do and don’t apply online (the Law Commission is already looking at social media offences), revise those laws if need be and then look at how they can most appropriately be enforced.

This would involve looking at areas that it is tempting for a government to avoid, such as access to justice. How can we give people quick and easy access to independent tribunals with legitimacy to make decisions about online illegality? The current court system cannot provide that service at scale, and it is quintessentially a job for government rather than private actors. More controversially, is there room for greater use of powers such as ‘internet ASBOs’ to target the worst perpetrators of online illegality? The existing law contains these powers, but they seem to be little used.

It is hard not to think that an internet regulator would be a politically expedient means of avoiding hard questions about how the law should apply to people’s behaviour on the internet. Shifting the problem on to the desk of an Ofnet might look like a convenient solution. It would certainly enable a government to proclaim to the electorate that it had done something about the internet. But that would cast aside many years of principled recognition that individual speech should be governed by the rule of law, not the hand of a regulator.

If we want safety, we should look to the general law to keep us safe. Safe from the unlawful things that people do offline and online. And safe from a Lord Chamberlain of the Internet.

Internet legal developments to look out for in 2018

A preview of some of the UK internet legal developments that we can expect in 2018. Any future EU legislation will be subject to Brexit considerations and may or may not apply in the UK.

EU copyright reform In 2016 the European Commission published proposals for

-         a Directive on Copyright in the Digital Single Market. As it navigates the EU legislative process the proposal continues to excite controversy, mainly over the proposed publishers’ ancillary right and the clash between Article 13 and the ECommerce Directive's intermediary liability provisions.  

-         a Regulation extending the country of origin provisions of the Satellite and Cable Broadcasting Directive to broadcasters' ancillary online transmissions. Most of the Commission’s proposal was recently rejected by the European Parliament.

-         legislation to mandate a degree of online content portability within the EU. The Regulation on cross-border portability of online content services in the internal market was adopted on 14 June 2017 and will apply from 20 March 1 April 2018.

EU online business As part of its Digital Single Market proposals the European Commission published a proposal for a Regulation on "Geo-blocking and other forms of discrimination". It aims to prevent online retailers from discriminating, technically or commercially, on the basis of nationality, residence or location of a customer. Political agreement was reached in November 2017 [and the Regulation was adopted on 28 February 2018. The Regulation will apply from 3 December 2018]. 

Telecoms privacy The proposed EU ePrivacy Regulation continues to make a choppy voyage through the EU legislative process.

Intermediary liability On 28 September 2017 the European Commission published a Communication on Tackling Illegal Content Online.  This is a set of nominally voluntary guidelines under which online platforms would adopt institutionalised notice and takedown/staydown procedures and proactive content filtering processes, based in part on a system of 'trusted flaggers'. The scheme would cover every kind of illegality from terrorist content, through copyright to defamation. The Commission aims to determine by May 2018 whether additional legislative measures are needed. [The Commission followed up on 1 March 2018 with a Recommendation on Measures to Effectively Tackle Illegal Content Online and with a public consultation open until 25 June 208. On 12 September 2018 the Commission published a Proposal for a Regulation on preventing the dissemination of terrorist content online.]

Politicians have increasingly questioned the continued appropriateness of intermediary liability protections under the Electronic Commerce Directive. The UK Committee on Standards in Public Life has suggested that Brexit presents an opportunity to depart from the Directive. The government has published its Internet Safety Strategy Green Paper. More to come in 2018 or 2019. [The House of Lord Communications Committee is conducting an inquiry on internet regulation, including intermediary liability.] The hearing of the appeal to the UK Supreme Court in Cartier on who should bear the cost of complying with site blocking injunctions [was] heard [at the end of February] 2018. [Judgment was given on 13 June 2018. The Supreme Court held that the rightsowner claimants should bear the ISPs' costs of complying with the injunction. The Court reviewed the basis on which site blocking injunctions are granted and found that they have a domestic basis in the equitable jurisdiction of the courts, independent of EU legislation.]  

TV-like regulation of the internet The review of the EU Audio Visual Media Services Directive continues. The Commission proposal adopted on 25 May 2016 would further extend the Directive's applicability to on-demand providers and internet platforms. [The European Parliament, Council and Commission have reached a preliminary political agreement on the main elements of revised rules.]

Pending CJEU copyright cases More copyright references are pending in the EU Court of Justice. Issues under consideration include whether the EU Charter of Fundamental Rights can be relied upon to justify exceptions or limitations beyond those in the Copyright Directive [(Spiegel Online GmbH v Volker Beck, C-516/17;  Funke Medien (Case C-469/17) (Advocate General Opinion 25 October 2018 here) and Pelham Case 476/17)]; and whether a link to a PDF amounts to publication for the purposes of the quotation exception (Spiegel Online GmbH v Volker Beck, C-516/17). Another case on the making available right (Renckhoff, C-161/17) is pending [Judgment was given on 7 August 2018.]. It is also reported that the Dutch Tom Kabinet case on secondhand e-book trading has been referred to the CJEU [Case C-263/18].    

ECommerce Directive Two cases involving Uber are before the CJEU, addressing in different contexts whether Uber’s service is an information society service within the Electronic Commerce Directive. Advocate General Szpunar gave an Opinion in Asociación Profesional Élite Taxi v Uber Systems Spain, C-434/15 on 11 May 2017 and in Uber France SAS, Case C‑320/16 on 4 July 2017. [The CJEU gave judgment in Uber Spain on 20 December 2017, holding that the service was a transport service and not an information society service. It followed up with a similar judgment in Uber France on 10 April 2018.][The Austrian Supreme Court has referred to the CJEU questions on whether a hosting intermediary can be required to prevent access to similar content and on extraterritoriality (C-18/18 - Glawischnig-Piesczek).]

Online pornography The Digital Economy Act 2017 grants powers to a regulator (recently formally proposed to be the British Board of Film Classification) to determine age control mechanisms for internet sites that make ‘R18’ pornography available; and to direct ISPs to block such sites that either do not comply with age verification or contain material that would not be granted an R18 certificate. The DCMS has published documents including draft guidance to the Age Verification Regulator.

Cross-border liability and jurisdiction Ilsjan (Case C-194/16) is another CJEU reference on the Article 7(2) (ex-Art 5(3)) tort jurisdiction provisions of the EU Jurisdiction Regulation. The case concerns a claim [by a legal person] for correction and removal of harmful comments. It asks questions around mere accessibility as a threshold for jurisdiction (as found in Pez Hejduk) and the eDate/Martinez ‘centre of interests’ criterion for recovery in respect of the entire harm suffered throughout the EU. The AG Opinion in Ilsjan was delivered on 13 July 2017. [The CJEU gave judgment on 17 October 2017. It held that a claim in relation to rectification, removal and the whole of the damage could be brought in the Member State in which the legal person had its centre of interests. Since an action for rectification and removal is indivisible it cannot be brought in each Member State in which the information is or was accessible.]

The French CNIL/Google case on search engine de-indexing has raised significant issues on extraterritoriality, including whether Google can be required to de-index on a global basis. The Conseil d'Etat has referred various questions about this to the CJEU. [See also C-18/18 Glawischnig-Piesczek. A Swedish court has declined to make a global de-indexing order against Google in a right to be forgotten case, restricting the order to searches from Sweden.]

Online state surveillance The UK’s Investigatory Powers Act 2016 (IP Act), partially implemented in 2016 and 2017, [will] come fully in[to] force [by the end of] 2018. However the government has acknowledged that the mandatory communications data retention provisions of the Act are unlawful in the light of the Watson/Tele2 decision of the CJEU. It launched a consultation on proposed amendments to the Act, including a new Office for Communications Data Authorisation to approve requests for communications data. [The proposed amendments are contained in the draft Data Retention and Acquisition Regulations currently being considered by Parliament.]   Meanwhile a reference to the CJEU from the Investigatory Powers Tribunal questions whether the Watson decision applies to national security, and if so how.

The IP Act (in particular the bulk powers provisions) may also be indirectly affected by cases in the CJEU (challenges to the EU-US Privacy Shield), in the European Court of Human Rights (various NGOs challenging the existing RIPA bulk interception regime [- judgment given on 13 September 2018]) and by a judicial review by Privacy International of an Investigatory Powers Tribunal decision on equipment interference powers. However in that case the Court of Appeal has held that the Tribunal decision is not susceptible of judicial review.  [A further appeal will be heard by the Supreme Court, following grant of permission to appeal on 22 March 2018.] One of the CJEU challenges to the EU-US Privacy Shield was held by the General Court on 22 November 2017 to be inadmissible for lack of standing.

Liberty's challenge by way of judicial review to the IP Act bulk powers and data retention powers is pending. [A judgment in relation to data retention powers was issued on 27 April 2018, giving the government until 1 November 2018 to amend the IP Act to reflect two conceded grounds of incompatibility with EU law. See above, the draft Data Retention and Acquisition Regulations.]

Compliance of the UK’s surveillance laws with EU Charter fundamental rights will be a factor in any data protection adequacy decision that is sought once the UK becomes a non-EU third country post-Brexit.

[Here is an updated mindmap of challenges to the UK surveillance regime.]

 

[Update 18 Dec. Replaced 'EU law' in last para with 'EU Charter fundamental rights'.] [Updated 5 March 2018, including addition of mindmap; and 6 March 2018 to add CJEU referral in C-18/18 Glawischnig-Piesczek.]
[Updated 28 March 2018 to correct starting date of Portability Regulation to reflect corrigendum to the Regulation.][Updated 27 April 2018 with updated mindmap. Further updated 13 and 17 May 2018, 1 October 2018; further updated mindmap, 2 October 2018.]
[Updated 1 November 2018 to add three references to the CJEU on copyright and freedom of expression.]

Internet legal developments to look out for in 2017

A preview [updated with developments as at 7 October 2017] of some of the UK internet legal developments that we can expect in 2017. Any proposed EU legislation will be subject to Brexit considerations and so may never happen in the UK.

EU copyright reform In 2016 the European Commission published proposals for a Directive on Copyright in the Digital Single Market (widely viewed as being in the main internet-unfriendly), for a Regulation extending the country of origin provisions of the Satellite and Cable Broadcasting Directive to broadcasters' ancillary online transmissions and for a proposal to mandate a degree of online content portability within the EU. The legislative processes will continue through 2017. [EU Regulation on cross-border portability of online content services in the internal market adopted 14 June 2017. Applies from 20 March 2018.] 

EU online business As part of its Digital Single Market proposals the European Commission has published a proposal for a Regulation on "Geo-blocking and other forms of discrimination". It aims to prevent online retailers from discriminating, technically or commercially, on the basis of nationality, residence or location of a customer. 

[Intermediary liability The European Commission has published a Communication on Tackling Illegal Content Online.  This is a set of (in name) voluntary guidelines under which online platforms would adopt institutionalised notice and takedown/staydown procedures and proactive content filtering processes, based in part on a system of 'trusted flaggers'. The system would cover every kind of illegality from terrorist content, through copyright, to defamation. The Commission aims to determine by May 2018 whether additional legislative measures are needed.]
UK criminal copyright infringement The Digital Economy Bill is about to start its Lords Committee stage. Among other things the Bill implements the government’s decision to seek an increase in the maximum sentence for criminal copyright infringement by communication to the public from two years to ten years. The Bill also redefines the offence in a way that, although intended to exclude minor infringements, has raised concerns that it in fact expands the scope of the offence. [The Digital Economy Act 2017 received Royal Assent on 27 April 2017. The amendments to the criminal copyright offence come into force on 1 October 2017.]

Pending CJEU copyright cases Several copyright references are pending in the EU Court of Justice. Issues under consideration include communication to the public and magnet links (BREIN/Pirate Bay C-610/15 [CJEU judgment delivered 14 June 2017]), links to infringing movies in an add-on media player (BREIN/Filmspeler C-527/15 [CJEU judgment delivered 26 April 2017]), site blocking injunctions (BREIN/Pirate Bay), applicability of the temporary copies exception to viewing infringing movies (BREIN/Filmspeler) and cloud-based remote PVR (VCAST C-265/16) [Advocate-General Opinion delivered 7 September 2017].

Online pornography The Digital Economy Bill would grant powers to a regulator (intended to be the British Board of Film Classification) to determine age control mechanisms for internet sites that make ‘R18’ pornography available; and to direct ISPs to block such sites that either do not comply with age verification or contain material that would not be granted an R18 certificate. These aspects of the Bill have been criticised by the UN Special Rapporteur on freedom of expression, by the House of Lords Delegated Powers and Regulatory Reform Committee and by the House of Lords Constitution Committee. [The Digital Economy Act 2017 received Royal Assent on 27 April 2017.  The DCMS has published surrounding documents including draft guidance to the Age Verification Regulator.]

Net neutrality and parental controls The net neutrality provisions of the EU Open Internet Access and Roaming Regulation potentially affect the ability of operators to choose to provide network-based parental control filtering to their customers. A transitional period for existing self-regulatory schemes expired on 31 December 2016. The government has said that although it does not regard the Regulation as outlawing the existing UK voluntary parental controls regime, to put the matter beyond doubt it will introduce an amendment to the Digital Economy Bill to put the parental controls scheme on a statutory basis. [Enacted as S.104 of the Digital Economy Act 2017 'Internet filters', which came into force on 31 July 2017.]

TV-like regulation of the internet The review of the EU Audio Visual Media Services Directive continues. The Commission proposal adopted on 25 May 2016 would further extend the Directive's applicability to on-demand providers and internet platforms.

Cross-border liability and jurisdiction Ilsjan (Case C-194/16) is another CJEU reference on the Article 7(2) (ex-Art 5(3)) tort jurisdiction provisions of the EU Jurisdiction Regulation. The case concerns a claim for correction and removal of harmful comments. It asks questions around mere accessibility as a threshold for jurisdiction (as found in Pez Hejduk) and the eDate/Martinez ‘centre of interests’ criterion for recovery in respect of the entire harm suffered throughout the EU. Meanwhile significant decisions on extraterritoriality are likely to be delivered in the French Conseil d'Etat (CNIL/Google) and Canadian Supreme Court (Equustek/Google). [AG Opinion in Ilsjan delivered 13 July 2017. Canadian Supreme Court judgment in Equustek delivered 28 June 2017.  (For commentary see here.) In the French CNIL/Google case the Conseil d'Etat has referred questions on territoriality and remedies to the CJEU.]

Online state surveillance The UK’s Investigatory Powers Act 2016 is expected to be implemented in stages throughout 2017 [and 2018]. The Watson/Tele2 decision of the CJEU has already cast a shadow over the data retention provisions of the Act, which will almost certainly now have to be amended. The Watson case, which directly concerns the now expired data retention provisions of DRIPA, will shortly return to the Court of Appeal for further consideration in the light of the CJEU judgment. [In September 2017 the Investigatory Powers Tribunal decided to make a reference to the CJEU asking questions about the applicability of Watson to national security.] The IP Act (in particular the bulk powers provisions) may also be indirectly affected by pending cases in the CJEU (challenges to the EU-US Privacy Shield), in the European Court of Human Rights (ten NGOs challenging the existing RIPA bulk interception regime) and by a judicial review by Privacy International of an Investigatory Powers Tribunal decision on equipment interference powers. [Judicial review application dismissed 2 February 2017; under appeal to Court of Appeal.] Finally, Liberty has announced that it is launching a direct challenge in the UK courts against the IP Act bulk powers.[The challenge also relates to the IP Act data retention powers. Permission to proceed granted.] [New revised and simplified mindmap of legal challenges as at 7 October 2017 (previous version here):

 [Updated 3 March 2017 with various developments and new mindmap. Further updated 9 August 2017 and 7 October 2017.]