Skip to Main Content
The Liability of Internet Intermediaries The Liability of Internet Intermediaries


The Liability of Internet Intermediaries The Liability of Internet Intermediaries

The European safe harbour regime 12.04


Territorial scope 12.15


Material scope 12.22


Information society services 12.49


Overview 12.54


‘Normally provided for remuneration’ 12.58


‘At a distance’ 12.67


‘By electronic means’ 12.70


‘At the individual request of a recipient of services’ 12.76


Transmission 12.80


Caching 12.99


Hosting 12.111

12.01 European law recognises various limits on the primary and secondary liability which may be imposed upon internet intermediaries for the acts of third parties. These limits fall into four categories: first, ‘safe harbours’ which insulate passive and neutral information society service providers from monetary liability for transmitting, caching, and storing third parties’ information; second, protection from general duties to monitor third parties’ information and activity; third, limits necessary to protect the fundamental rights of intermediaries and their users; and fourth, miscellaneous general limits on injunctive relief.

12.02 These principles demarcate boundaries around the circumstances in which national liability rules may impose duties upon secondary parties to compensate or prevent internet wrongdoing. In return, such services must publish information about themselves and may be required to act when they acquire knowledge of unlawful activity or material. In this sense, duties not to facilitate wrongful conduct—and the attendant obligations to block, remove, or disable access to unlawful material upon notice—may be thought of as the price to be paid for immunity from substantive liability under safe harbours and other liability-excluding doctrines.

12.03 This chapter considers the first of these categories: the European safe harbour regime by which qualifying internet intermediaries are required to be excused from certain forms of monetary and criminal liability. The second, third, and fourth limitations are the subjects of Chapter 13.

12.04  Origins of the metaphor. The metaphor of a ‘safe harbour’ evokes a battered vessel seeking refuge from stormy seas. The concept appears to derive from a maritime aphorism now attributed to an American author.1 Three ideas are implicit in this claim: first, that internet intermediaries are vulnerable to external forces, such as liability rules; second, that they need protection from those forces; and third, that an immunity from liability offers the safety required to discharge their functions or perhaps to make the risk of a voyage worthwhile. Although these assumptions need to be examined with care,2 the phrase ‘safe harbours’ is used here as a term of art.3 However, there is much to be said for the adoption of terminology which more directly describes the functions and effects of the liability-insulating doctrines discussed in this chapter.

12.05  Objectives of the EU framework. Directive 2000/31/EC (‘E-Commerce Directive’) establishes a European framework for the liability of information society services. It has three main objectives.

12.06Free movement of information. First, the primary aim of the Directive is to ensure the free movement of information society services between member states, and thereby to promote the internal market for these services.4 Indirectly, this objective aims to secure the ‘free flow of information’ and the continued development of electronic networks.5 As Advocate General Maduro explained in Google France, the Directive sought ‘to create a free and open public domain on the internet’. Safe harbours were seen as intrinsic to this objective because of the need for intermediaries to ‘remain neutral as regards the information they carry or host’.6

12.07Enforcement incentives and harmonisation. The E-Commerce Directive also aims to provide a basis for developing ‘rapid and reliable procedures for removing and disabling access to illegal information’.7 In so doing, the Directive seeks to remove disparities between national laws concerning the liability of ‘service providers acting as intermediaries’.8 The Directive provides for both minimum and maximum standards of enforcement: intermediaries are insulated from certain forms of liability for specified activity, but are also required to fulfil various enforcement duties—in particular, by identifying themselves, expeditiously acting upon notices, and complying with injunctions.

12.08Innovation. The resulting legal framework is intended to permit ‘unhampered development of electronic commerce’ by being clear, simple, predictable, and consistent.9 In other words, the Directive was intended to harmonise national approaches to intermediary content liability, minimising legal uncertainty for cross-border service providers, reducing the cost of supplying internet services, and lowering barriers to new entrants.

12.09  Unharmonised areas. Nevertheless, the harmonisation achieved by the E-Commerce Directive is incomplete. For example, other than prohibiting general monitoring duties, it deals with monetary liability but not injunctions. It applies only to three formalistic categories of online activity. It does not harmonise the substantive law of secondary liability. To the contrary, recital (48) encourages member states to develop national ‘duties of care’ to detect and prevent wrongdoing:

This Directive does not affect the possibility for Member States of requiring service providers, who host information provided by recipients of their service, to apply duties of care, which can reasonably be expected from them and which are specified by national law, in order to detect and prevent certain types of illegal activities.

12.10 At the Community level, the E-Commerce Directive is a central pillar of the European framework regulating service providers’ liability. However, it is only one instrument among several that deal with this issue. The relationship between the Directive and these other instruments is unclear. On the one hand, it expressly preserves the status of instruments such as the Information Society Directive and Data Protection Directive, which require national measures (including monetary liability and sanctions) that appear to derogate from the safe harbours provided for in the E-Commerce Directive. On the other hand, the Directive aims to establish a uniform legal framework and to remove disparities between national intermediary liability rules. There is considerable tension between these objectives.

12.11  ‘Defences’ to liability. The safe harbours required by the E-Commerce Directive are not easily described as ‘defences’ to liability. They do not operate to deny or negate an element of a cause of action under which a service provider would otherwise be liable (so they are not ‘absent element’ defences in the sense known to tort lawyers).10 Nor are they affirmative defences that answer an otherwise complete cause of action by providing a substantive excuse (as in the case of a defence of honest opinion to a defamation claim, or a fair dealing with a copyright work for purposes of criticism or review). Such rules prevent liability from ever arising, whereas safe harbours insulate from the effects of prima facie liability.

12.12 In the words of the implementing Electronic Commerce (EC Directive) Regulations 2002 (‘2002 Regulations’), the service provider’s monetary liability is removed ‘if he otherwise would’ be liable. Although it is true that a defendant bears the onus of proving that a safe harbour applies, this is not sufficient to regard them as defences (the same could be said of many procedural rules and presumptions).

12.13  Limitations and exclusions of liability. A further category of rules—sometimes loosely but imprecisely grouped with the defences mentioned in the previous paragraph—operate as limitations upon liability. These rules do not negate liability, and may not even bar relief entirely, but provide some other reason why a claim should be rejected or reduced in value. These rules embody various policies and are sometimes procedural and sometimes substantive. Examples of the former may be limitation periods, laches, res judicata, abuse of process, and the award of damages in lieu of an injunction; examples of the latter may be set-off and (in some jurisdictions) proportionate liability rules.

12.14 Once transposed into national law, safe harbours provide substantive defences to claims for damages but not injunctions. In this respect, they embody elements of both defences and limitations upon liability.11 Their practical effect is to restrict the remedies that may be awarded against an internet service even where the elements of a cause of action or criminal wrong have been proved, yet these rules are not easy to describe as ‘defences’ in either of the senses identified in paragraph 12.11 because they are remedy-restricting, not liability-restricting. Put another way, where a claimant has an otherwise good cause of action, safe harbours operate to preclude an entitlement to damages (whether in lieu of or in addition to an injunction) under section 50 of the Senior Courts Act 1981, but do not prevent a court from ordering an injunction under section 37 of that Act.

12.15  The need for an EU establishment. The E-Commerce Directive applies only to activities undertaken by an internet intermediary that is established in a member state of the European Union. As article 3(1) and recital (58) make clear, it does not apply to service providers established in a third country. Article 3(1) states (emphasis added):

Each Member State shall ensure that the information society services provided by a service provider established on its territory comply with the national provisions applicable in the Member State in question which fall within the coordinated field.

12.16 In other words, the obligations on member states under the Directive apply only insofar as an internet intermediary is established on the territory of a member state. The reason for this is that the Directive is limited to the territorial competence of the European Parliament, and so requires a territorial nexus with the European Union. Although recital (58) expresses a preference for ‘consistency’ with international rules, there is no presumption that the Directive applies extraterritorially.

12.17  Localisation rules. The E-Commerce Directive purports not to establish rules dealing with jurisdiction or choice of law.12 However, it does lay down a method for determining the place at which an internet service is deemed to be established under European law. Recital (19) provides:

The place at which a service provider is established should be determined in conformity with the case-law of the Court of Justice according to which the concept of establishment involves the actual pursuit of an economic activity through a fixed establishment for an indefinite period; this requirement is also fulfilled where a company is constituted for a given period; the place of establishment of a company providing services via an Internet website is not the place at which the technology supporting its website is located or the place at which its website is accessible but the place where it pursues its economic activity; in cases where a provider has several places of establishment it is important to determine from which place of establishment the service concerned is provided; in cases where it is difficult to determine from which of several places of establishment a given service is provided, this is the place where the provider has the centre of his activities relating to this particular service.

12.18  Centre of economic activity. In determining where an internet intermediary is established, the Court should start by considering where the entity ‘pursues its economic activity’. Recital (19) suggests that the focus will be on where the entity carries on trade, concludes and performs contracts for services, targets its advertising and offers at consumers, and so on. In the case of many large internet companies, they may pursue economic activities in numerous places around the world; depending on the facts, the answer may either be that such an intermediary offers different services established in different regions, or a single service from the location that is ‘the centre of his activities’.

12.19  Interpretation. The concept of ‘establishment’ appears to be an autonomous concept of European Union law. This follows from the need for uniform application of the E-Commerce Directive to information society services (which are intrinsically cross-border services) and the fact that article 3(1) does not make ‘express reference to the law of the Member States for the purpose of determining its meaning and scope’; instead, establishment is referred to in the context of imposing a related obligation upon member states.13 Accordingly, the broad meaning of ‘establishment’ adopted in Google Spain arguably also applies to the E-Commerce Directive.14

12.20  Impossibility of localisation. It is frequently the case that an internet intermediary will be anonymous, yet may wish to rely upon a safe harbour to insulate itself from monetary liability. In light of the decision of the CJEU in G v de Visser, it appears that the E-Commerce Directive will not apply where the place of establishment of the service provider is unknown.15

12.21 In de Visser, the defendant was the owner of a domain name which referenced a website containing photographs of the claimant partially naked. The defendant was unknown and had not defended the proceedings for their removal. The CJEU held that because article 3 of the Directive defines its territorial scope in terms of the place of establishment of the service provider, unless that place of establishment can be established by the national court it will not be in a position to determine whether the Directive applies.

12.22  Harmonised areas of activity. The regime of safe harbours established by the E-Commerce Directive is not comprehensive. It does not seek to harmonise all national law related to internet services, but only ‘certain national provisions on information society services’ which relate to defined areas of activity within the coordinated field. This relevantly includes ‘the liability of intermediaries’,16 but is subject to a number of exclusions.

12.23 The field coordinated by the E-Commerce Directive is exhaustively defined in article 2(h), in terms of requirements laid down by member states’ legal systems that apply to information society services. The field is not restricted to ‘exceptionalist’ measures that specifically single out internet technologies or service providers; measures can be ‘of a general nature’. Two requirements are mentioned: (1) establishment requirements, such as qualifications and authorisation or notification procedures; and (2) operational requirements affecting the pursuit of the activity of an information society service, such as requirements concerning the behaviour of the service provider, the quality or content of the service, its advertising or contracts, or the liability of the service provider.

12.24 However, the coordinated field does not cover requirements applicable to ‘goods as such’, to the delivery of goods, or to services not provided by electronic means. So, for example, the E-Commerce Directive does not affect member states’ rules governing service providers’ liability for offline activities, such as the provision of accommodation, delivery, or hospitality services, or the implication of warranties arising from the sale of goods.

12.25  Express exclusions. The E-Commerce Directive specifically excludes from its scope a number of areas of national and European Union law. These exclusions are contained in article 1(5) and are absolute, meaning that the safe harbour requirements do not apply within these fields (though of course member states may optionally provide for more extensive protection if they wish). In summary, the exclusions are:




the Data Protection Directive, insofar as it relates to information society services;


the PEC Directive, to the same extent;17


competition law;


activities of notaries and equivalent professions exercising public authority;


legal representation before the courts; and


gambling for money in games of chance.

12.26  Liability in excluded fields. Consequently, member states (and the European Union institutions) are free to impose liability upon internet intermediaries that is more extensive in these areas than permitted in areas harmonised by the Directive. For example, it would be open to a member state to impose general monitoring duties upon a provider of online betting or wagering services, or to impose an absolute duty to report (or even bear liability for) customers of an online payment service who are suspected of tax evasion. Equally, it is clear that internet intermediaries may face liability under national and European competition law if they engage in anticompetitive conduct, irrespective of whether that conduct relates in whole or in part to safe harbour activities.

12.27  Excluded areas of Community law. Article 1(3) of the E-Commerce Directive provides that the Directive is without prejudice to Community measures for the protection of public health and consumers. Recital (11) delimits a wide-ranging acquis by example, including directives which deal with distance selling, misleading and comparative advertising, package tours, consumer credit, and tobacco product advertising. It should be assumed that the E-Commerce Directive does not abrogate liability rules established in these instruments insofar as they apply to internet intermediaries.

12.28  Exclusion of data protection. An important question arises about the relationship between the Data Protection Directive and the E-Commerce Directive. Article 1(5)(b) of the latter states:

This Directive shall not apply to...(b) questions relating to information society services covered by Directives 95/46/EC...

12.29  Possible effects of the exclusion. It is unclear whether this means that information society services cannot avail themselves of any safe harbours where a claimant relies upon a right conferred by the Data Protection Directive, or whether it simply applies where the two directives are inconsistent. There are two possible answers; either the E-Commerce Directive is wholly without prejudice to the Data Protection Directive, such that the latter prevails and overrides the apparently broad limitations upon liability of the former; or the E-Commerce Directive qualifies the Data Protection Directive insofar as the two overlap.

12.30 The answer is important because intermediaries’ duties as data processors under national law are extensive and may well amount to general monitoring duties, as well as duties of care with respect to stored personal data. If the safe harbours and other limitations established by the E-Commerce Directive do not apply to data protection, then member states remain free to impose substantive liability and potentially unlimited injunctive relief to protect privacy rights.

12.31  Judicial consideration. The issue was considered at an interim stage by Mitting J in Mosley v Google Inc.18 Among the defences raised by the defendant search engine to a claim under sections 10 and 14 of the Data Protection Act 1998 were the E-Commerce Directive safe harbours. The judge described the interface between that Directive and the Data Protection Directive as an ‘interesting issue’, but indicated a provisional inclination towards the second answer; namely, that ‘the two Directives must be read in harmony and both, where possible, must be given full effect to.’19 The first answer, as noted previously, is that the Data Protection Directive reflects ‘a comprehensive and exclusive code governing the obligations of internet service providers [sic]’.20 However, as the Court observed, the outcome in Google Spain appears to be consistent with this view and not with the view that a data controller could come under no legal liability.

12.32 Recital (14) arguably favours the first interpretation because it states that the processing of personal data is ‘solely governed’ by the earlier directives dealing with data protection:

The protection of individuals with regard to the processing of personal data is solely governed by [the Data Protection Directive] and [the PEC Directive] which are fully applicable to information society services;21

12.33 Recital (14) goes on to refer specifically to the liability of intermediaries in the context of data protection, noting that the earlier directives ‘already establish a Community legal framework in the field of personal data and therefore it is not necessary to cover this issue in this [E-Commerce] Directive’. The recital continues:

the implementation and application of this [E-Commerce] Directive should be made in full compliance with the principles relating to the protection of personal data, in particular as regards...the liability of intermediaries; this Directive cannot prevent the anonymous use of open networks such as the Internet.

12.34 This strongly suggests that the E-Commerce Directive was intended to harmonise liability only outside the field of data protection. The consequence is that the liability of intermediaries for breaches of data protection rules is solely governed by the Data Protection Directive and PEC Directive. Logically, the same deferential approach would apply to liability arising in other excluded fields.

12.35  Secondary liability not harmonised. Neither the safe harbours nor substantive rules of European Union law purport to harmonise secondary liability.22 Instead, they effect partial harmonisation by stipulating mandatory conditions for the absence of liability. However, the conditions attaching to immunity under articles 12, 13, and 14 mean that they are inherently unlikely to apply in circumstances where an English service provider would otherwise face secondary liability. For this reason, they are not properly described as ‘exceptions to liability’ but rather ‘restatements or clarifications of existing law’.23

12.36  Horizontal application of safe harbours. The safe harbours require member states to ensure that a service provider ‘is not liable’ for protected activities, if it otherwise would be. What it means to be ‘liable’ is not defined (other than negatively, by excluding injunctive relief from the categories of excluded liability). It is a horizontal limitation that applies without any express constraint. As the European Commission’s First Report explained:

The limitations on liability provided for by the Directive are established in a horizontal manner, meaning that they cover liability, both civil and criminal, for all types of illegal activities initiated by third parties.24

12.37  Types of wrongdoing. The safe harbours encompass all forms of liability other than injunctions, and so would include monetary liability and both civil and criminal sanctions regardless of the type of wrongdoing giving rise to the liability. A safe harbour may therefore apply irrespective of whether the primary wrong lies in defamation,25 infringement of intellectual property rights,26 in proscribed terrorism-related materials,27 or otherwise—subject always to the excluded fields noted earlier in this section. This is consistent with the purpose of the E-Commerce Directive, which is, subject to those exclusions, to establish broad horizontal limitations of liability per se and not to regulate liability only in specific areas of law.

12.38  Types of remedies. In the 2002 Regulations, the safe harbours exclude liability ‘for damages or for any other pecuniary remedy or for any criminal sanction’.28 This is consistent with the broad horizontal effect intended by the Directive, but clarifies that the exclusion applies both to damages and to other kinds of monetary remedies (such as accounts of profit).

12.39  Adverse costs as a pecuniary remedy. One so far unexplored possibility is that the safe harbours immunise internet services against adverse costs orders insofar as they are the unsuccessful party but can nevertheless rely upon one or more of the safe harbours. At first blush, this might appear strange: if a defendant succeeds in invoking a safe harbour, how could they ever be the unsuccessful party? However, if an injunction is awarded against an internet service who is immunised only from monetary liability, the claimant might still emerge successful and be entitled to costs (or at least an issue-based costs order) under ordinary principles of national law.

12.40  Substantive character of an award of costs. The Directive is silent on this issue. However, it uses very broad language to define the ambit of the safe harbours: ‘the service provider is not liable’. Similarly, the 2002 Regulations exclude liability ‘for any...pecuniary remedy’. At a very high level, it might be argued that ‘costs’ are a kind of remedy prayed for by the claimant; the old procedure of a bill of costs, like a bill of discovery, was essentially remedial in its function. Similarly, the modern power to award costs, the breadth of which is reflected in section 51 of the Senior Courts Act 1981, operates as a remedy which has a pecuniary effect. Given the very substantive effects of costs orders (which can far outweigh the monetary relief claimed), it seems difficult to draw a principled distinction between costs and other orders traditionally regarded as substantive relief, such as interest29 and litigation or recovery expenses under a contract.30

12.41  Procedural character of an award of costs. Set against this, costs are usually described as a matter of procedure rather than substance.31 Moreover, article 14 of the Enforcement Directive appears to require that costs be ‘borne by the unsuccessful party’, whether or not that party is an infringer.32 There are two possible answers to this. First, recital (31) of that Directive makes the Enforcement Directive subservient to the E-Commerce Directive, by stating that the former ‘should not affect’ the latter. Second, article 14 itself contains an exclusion where ‘equity does not allow’ the unsuccessful party to pay costs. This would avoid direct conflict between the two directives where an innocent party who acted reasonably could not fairly be required to pay the other side’s costs, even if an injunction were ultimately granted.

12.42 Although the E-Commerce Directive is far from clear, the better argument seems to be that articles 12–14 are intended to be applied broadly, to all forms of monetary liability. This is the approach reflected in the 2002 Regulations, which should be construed consistently with their corresponding provisions in the Directive and so include all remedies and penalties other than injunctions. A costs order is an order that one party pay money to the other. However, it is presently unclear whether (1) the safe harbours apply to costs orders at all; and (2) the insulating effect of a safe harbour would be available in proceedings begun after the service provider had received actual knowledge of the primary wrongdoing, since it might be argued that at least the storage safe harbour would not apply to costs incurred from that point.

12.43  Obligations to comply with injunctions. The safe harbours do not prevent injunctions from being ordered against internet intermediaries.33 Recital (45) of the E-Commerce Directive expressly recognises that intermediaries are not relieved of their obligations to comply with ‘injunctions of different kinds’:

The limitations of the liability of intermediary service providers established in this Directive do not affect the possibility of injunctions of different kinds; such injunctions can in particular consist of orders by courts or administrative authorities requiring the termination or prevention of any infringement, including the removal of illegal information or the disabling of access to it.

12.44 To similar effect, regulation 20(1)(b) of the 2002 Regulations provides that the safe harbours do not ‘affect the rights of any party to apply to a court for relief to prevent or stop infringement of any rights’. Regulation 20(2) expressly preserves the powers of administrative authorities to prevent or stop infringement of any rights.

12.45  Scope of injunctions. This has two main consequences. First, even if an internet intermediary is not liable to compensate harm arising from an unlawful or tortious use of their services, it can be ordered to put a stop to it. Sometimes an injunction can be a useful stand-alone remedy; examples of this approach may be seen in blocking injunctions and subject deletion requests.34 Second, subject to the prohibition of general monitoring duties considered in Chapter 13, internet intermediaries may be ordered to prevent any future ‘infringement’ (presumably any form of wrongdoing). Such a remedy has strong coercive potential because it can be used to regulate the ongoing conduct of a service and reallocate the risk of detecting and preventing repeat infringements onto an intermediary in a specific case.

12.46  Injunctive remedies to prevent wrongdoing. Consistent with the preservation of injunctive relief, article 18 of the E-Commerce Directive positively requires member states to make available remedies that allow for measures to be adopted for the purpose of terminating wrongdoing and preventing further impairment of the same interests:

Member States shall ensure that court actions available under national law concerning information society services’ activities allow for the rapid adoption of measures, including interim measures, designed to terminate any alleged infringement and to prevent any further impairment of the interests involved.

12.47 A good example of such measures is Norwich Pharmacal relief. As a form of injunction, it is exempted from the safe harbour regime. Disclosure is also arguably necessary to give effect to article 18,35 since without a means of obtaining the identity of the primary wrongdoer, measures designed to prevent further impairment of the applicant’s interests may be ineffective.

12.48  Safe harbours and interim injunctions. Another example is the decision in Papasavvas v O Fileleftheros Dimosia Etairia Ltd. There the Court of Justice was asked to consider whether safe harbours could be relied upon by a website operator as positive defences to a claim for an interim injunction. The Court answered this question in the negative. The purpose of the safe harbours is not to impose conditions upon remedies against service providers: as the Court explained, ‘in the absence of any specific provision of EU law, [judicial remedies] come under the sole competence of the Member States, subject to the principles of equivalence and of effectiveness.’36 The safe harbours do not of themselves create specific defences that can be invoked in response to claims; member states must first transpose them into national law. In the absence of proper transposition, it would be necessary to attempt a Marleasing interpretation of national law, so far as possible.

12.49  Definition. The safe harbours apply only to natural or legal persons who supply an ‘information society service’. This is a slightly narrower category than the field of internet services at large, but it remains a very broad genus, and may be wider than the class of persons who can be said to act as ‘internet intermediaries’. The basic elements of the definition were considered in Chapter 2:37 the service must be (1) normally provided for remuneration, (2) supplied at a distance, (3) supplied by electronic means, and (4) supplied at the individual request of a recipient.38 These requirements are discussed in the following paragraphs.

12.50  An autonomous concept. The concept of an information society service provider is laid down in the Technical Standards Directive and the wider acquis communautaire. As such, this is an autonomous concept that should be interpreted in a uniform and purposive manner throughout the EU. A purposive construction suggests that ‘information society service’ should be construed broadly.

12.51  The need for a broad interpretation. First, as Eady J remarked in Bunt v Tilley, one of the main purposes of the E-Commerce Directive was to target ‘existing and emerging disparities in Member States’ legislation and case-law concerning liability of service providers acting as intermediaries’.39 A wide definition of information society services gives full effect to that harmonisation.

12.52  Technological neutrality. Second, the Technical Standards Directive recognises the need to ‘adapt the existing national rules and regulations applicable to services available at the present so as to take account of new Information Society services’.40 The definition must therefore be adaptable. Equally, that Directive aims ‘to ensure real and effective protection of the general-interest objectives involved in the development of the Information Society’.41 Those objectives are best protected with wide and technologically-neutral limitations upon liability that take account of new services.

12.53  Guidance from the EU acquis. Third, the acquis treats the definition loosely. In the Technical Standards Directive, recitals (16) and (18) omit the requirement of remuneration entirely. Recital (18) of the E-Commerce Directive simply states that information society services ‘span a wide range of economic activities which take place on-line’.

12.54  Examples of information society service providers. It is helpful to enumerate the various examples of services that either have been held to fall within the scope of the Directive, or are specified in the examples given in recital (18):


selling goods online (but not their delivery or provision offline);42


operating an online marketplace;43


ISPs or any transmission of information via a communication network;44


providing access to a communication network;45


hosting information provided by a recipient of the service;46


point-to-point transmissions;47


video-on-demand services and media-sharing platforms;48 and


email or equivalent individual communications, when used commercially.49

This list is obviously not exhaustive. It is suggested that any ‘economic activity’ which takes place on the internet or using remote electronic infrastructure will suffice.

12.55  Outer limits of information society services. There are some indications that the limits of the coordinated field should not expand beyond recognition. Recital (11) of the Technical Standards Directive refers to ‘the other still little known fields of the Information Society’, which it would be ‘premature’ to harmonise at the EU level since not enough about the form and nature of these services is known. However, even bearing in mind this caution, it is apparent that new or little-known services can still be considered ‘information society services’ if they are relevant economic activities. Similarly, there seems to be no bar on a service falling within the definition despite the fact that no example of it existed in 2001.

12.56  Relationship between ‘intermediaries’ and ‘service providers’. Providers of information society services are sometimes described as ‘intermediaries’ in the E-Commerce Directive and the 2002 Regulations. For example, section 4 of the Directive is entitled ‘Liability of intermediary service providers’ and sets out the three safe harbours and limitation on general monitoring which apply to qualifying information society services.50 In the Regulations, section titles are omitted but the explanatory note confirms that the defences are intended to shield ‘intermediary service providers’. This inconsistent terminology is apt to cause confusion. It appears that ‘intermediary’ is intended to describe a subset of information society service providers who satisfy the preconditions of passivity and neutrality required to enjoy safe harbour protection. This overlap is discussed further in Chapter 2.51

12.57  Indicative exclusions. Annex V to the Technical Standards Directive sets out a number of ‘indicative’ services which are not covered by the definition. Some guidance can be taken from these exclusions, since they may be interpreted ejusdem generis to exclude other similar services from its scope.52

12.58  The need for an economic activity. An information society service must be normally provided for remuneration. This is a broad concept and does not require any direct payment to be made by the recipient. Recital (18) of the E-Commerce Directive clarifies that information society services can

in so far as they represent an economic activity, extend to services which are not remunerated by those who receive them, such as those offering on-line information or commercial communications, or those providing tools allowing for search, access and retrieval of data...

12.59 This indicates very clearly that even free-to-use services such as search engines, websites, and social networks may be considered information society services, provided they ‘represent an economic activity’. Given the multi-billion dollar profits enjoyed by large internet firms that supply such services, and the significant advertising and other revenue enjoyed by many website operators, it is not credible to suggest that these are anything other than ‘economic activities’.

12.60  Advertising-supported services. In Papasavvas, the Court of Justice clarified that the concept of an ‘information society service’ includes a service for which the service provider is remunerated by advertising income from a website, even though access to the website is free.53 In that case, the defendant was a Cypriot daily newspaper which published articles online on two of its websites and was subsequently sued for defamation. The Court cited recital (18) and also the definition of ‘services’ under article 57 TFEU,54 which does not require the service to be paid for by the recipient of the services.55

12.61  Private and personal activities. Activities which involve ‘natural persons acting outside their trade, business or profession’ are unlikely to be information society services because they are not economic activities. For example, emails sent privately between individuals will not involve the provision of an information society service; neither will sending personal photographs or videos. It is suggested that even sending or remitting money in a private capacity, although economic in a sense, will not be a relevant service if it occurs outside of trade. Conversely, a service provider whose business it is to facilitate such transactions electronically is very likely to supply an information society service.

12.62  Commercial websites. Websites supported by advertising, sponsorship, or other commercial arrangements—or which themselves promote commercial services—pose no difficulty and are likely to be relevant service providers. For example, in Interflora Inc v Marks & Spencer plc, it was assumed that the operator of <> was an information society service provider.56 Similarly, in the Irish case of Mulvaney v Sporting Exchange Ltd, the operator of supplied information society services comprising a betting exchange and online chat room.57 In L’Oréal SA v eBay International AG, the CJEU pointed out that the operator of an online marketplace supplies information society services.58 In one Spanish case, YouTube was considered to supply an information society service.59

12.63  Personal weblogs. The position of a hobbyist blogger who operates a website or discussion forum outside the course of his normal trade, business, or profession is more difficult. There is an argument that such activity is not relevant economic activity or normally provided for remuneration and, as such, cannot be an information society service. Many personal websites have no profit motive or obvious revenue model. However, the better view is that this activity is not purely private or personal (unlike an email sent among friends); it is a public activity which may carry with it reputational benefits, networks of followers or associates, and have other indirect economic effects. For example, in Kaschke v Gray, Stadlen J held that the proprietor of a political website which hosted user-generated content was unquestionably providing an information society service.60 Given that many professional bloggers derive a substantial income from maintaining their websites, it is suggested that such activities are self-evidently capable of constituting a relevant economic activity.

12.64  Search engines. Where search engines and other gateways store, process, and communicate user-created content in their indices and search results, they are likely to be information society service providers. This follows from recital (18) of the E-Commerce Directive, which lists among its examples ‘those providing tools for search, access and retrieval of data’. This is also consistent with the revenue model of many search engines, which are supported by advertising, by linked commercial services provided in the same context (such as business-to-business services), or by the aggregation and mining of users’ data for commercial purposes. These are paradigmatic economic activities, even if no remuneration is charged to the end user directly.

12.65 In DesignTechnica, Eady J concluded that the 2002 Regulations ‘are apt to cover those providing search engine services’.61 His Lordship conceded that it was ‘a distortion of language’ to describe advertising revenue as evidence that search engines were normally operated ‘for remuneration’. Despite this, the Court adopted the extended definition embraced by recital (18) of the Directive. However, Eady J cautioned that this conclusion was not free from doubt. Several other member states have expressly extended the definition to search engines—a practice encouraged by the Commission and desirable for legal certainty.62 It is suggested that where a search engine service also supplies paid advertising in the context of operating that service, it is likely to be a relevant service provider.

12.66 In Google France, the Advocate General reasoned that both the Google search engine and its AdWords advertising service should be considered information society services. Although search services are provided freely, that occurs ‘in the expectation of remuneration under AdWords’.63 Although article 21(2) refers to the need to consider ‘proposals concerning the liability of providers of hyperlinks and location tool services’, this is not an exclusion from the concept of information society services, but rather a call to assess whether any extension of the Directive is necessary. The Court of Justice agreed, concluding that a ‘referencing service’ such as Google satisfies all elements of the definition.64

12.67  Physical absence of the recipient. Information society services must be supplied at a distance. This is a condition based on the physical location of service provider and recipient. The Technical Standards Directive explains that the service must be supplied ‘without the parties being simultaneously present’. Annex V defines services ‘not provided “at a distance”’ as the obverse of this, namely, services that take place in the physical presence of the provider and the recipient. This is so even if the service also involves electronic devices, such as a computer.

12.68  Examples of services not supplied ‘at a distance’. Annex V gives four examples of services that will not be considered to be provided ‘at a distance’. As can be seen, they share in common the feature that the customer is physically located in the presence of the service provider:


medical examinations or treatment at a doctor’s surgery using electronic equipment where the patient is physically present;


consultation of an electronic catalogue in a shop with the customer on site;


plane ticket reservation at a travel agency in the physical presence of the customer by means of a network of computers; and


electronic games made available in a video arcade where the customer is physically present.

12.69  Employees. Finally, the E-Commerce Directive clarifies that the relationship between an employee and his employer is not an information society service.65 In an age of telecommuting and online employment, this may be open to question: it is clearly economic activity, normally provided for remuneration, and may now occur at a distance and electronically. However, to extend the safe harbours of the Directive to employers who engage employees at a distance may have unintended effects upon the national law of vicarious liability, which may explain the approach taken in the Directive.

12.70  Use of electronic equipment. Information society services can be provided in any medium, provided that it is electronic. This requires electronic data processing, storage, and transmission to be used. The Technical Standards Directive defines ‘by electronic means’ as follows:

the service is sent initially and received at its destination by means of electronic equipment for the processing (including digital compression) and storage of data, and entirely transmitted, conveyed and received by wire, by radio, by optical means or by other electromagnetic means...66

12.71  Medium of transmission. The broad definition of ‘by electronic means’ makes clear that information society services can be delivered using any electronic means for conveying data. ‘Wire’ clearly encompasses all forms of physical media for the conduction of signals, which is consistent with its broad meaning in the acquis. ‘Optical’ would include optic fibre cables. ‘Radio’ would include wireless transmissions or those made over a mobile telecommunications network. The electronic means is not specific to any protocol, and therefore does not require the service to be supplied over the Internet Protocol (though in practice, many services will). Multiple means could be used to convey information, but all of them must be electronic, since the service must be ‘entirely transmitted, conveyed and received’ that way.

12.72  Examples of services not provided ‘by electronic means’. Annex V defines services ‘not provided “by electronic means”’ as services which have a ‘material content’, even if they are provided using electronic devices. It gives two examples of excluded services:


automatic cash or ticket dispensing machines (banknotes, rail tickets); and


access to road networks, car parks, etc, charging for use, even if there are electronic devices at the entrance or exit controlling access or ensuring the correct payment is made.

12.73  Identifying the means. The focus must be on the means of provision of the service to the recipient. Although a service such as a cash machine may depend on a complex back end of electronic infrastructure (to check the recipient’s bank balance and credit limit, to authorise a withdrawal, to record the transaction with the interchange bank, and so on), the means of providing the service to the consumer is predominantly physical: the insertion of a card, entering numbers through a keypad, and receiving banknotes.

12.74  ISPs. Commercial ISPs clearly supply information society services. Their equipment fetches, routes, and transmits data at the direction of subscribers. In Bunt v Tilley, for example, Eady J held that it was ‘certainly the case’ that the defendant ISPs fell within the definition.67 By analogy, so would mobile network operators. Similarly, Arnold J accepted that British Telecommunications plc supplies an information society service to its subscribers, who are the recipients of that service who request transmission of data.68 Whether the providers of free wireless hotspots in coffee shops or hotels supply such a service is more doubtful; although often attached to a related retail business, the economic component of the activity is not supplied ‘at a distance’—so too for internet cafés.

12.75  E-commerce services. Selling goods online is an archetypal information society service, which encompasses all steps leading to the formation of a contract of sale with a consumer. However, it does not include delivery of the goods. For example, Ker-Optika bt v ÀNTSZ Dél-dunántúli Regionális Intézete, concerned the lawfulness of national legislation which prohibited the sale of contact lenses through websites. This was done to ensure that purchasers first attended a physician for ophthalmological examination. The Court of Justice held that the Directive applied to online sales, but would not apply to national regulations concerning the ‘supply of goods’, since the means of conveyance would involve a physical operation, namely postage. The ratio may be taken as: where a service involves multiple activities, some of which fall within the Directive and some do not, the test is whether the activities are ‘inseparable’. As the Court explained:

if medical advice requiring a physical examination of a customer is inseparable from the selling of contact lenses, the fact that such advice is required means that such selling does not, ultimately, fall within the scope of that directive.69

In Ker-Optika, it was possible to separate the activity of selling lenses via the internet from the activity of attending for a medical examination or sending the lenses by post. Consequently, sale was an information society service even though the other activities were not.70

12.76  The need for a ‘request’. Information society services are distinguished from broadcast services which are provided indiscriminately to anyone capable of receiving them. The Technical Standards Directive defines ‘individual request’ to mean that the service is ‘provided through the transmission of data on individual request’.71 This suggests that a relevant service must (1) involve some transmission of data, and (2) transmit data upon receiving a request from the user.

12.77  Examples of services not supplied at ‘individual request’. Annex V defines services not supplied ‘at the individual request of a recipient of services’ as services ‘provided by transmitting data without individual demand for simultaneous reception by an unlimited number of individual receivers (point to multi-point transmission)’. It gives three examples of such excluded services:


television broadcasting services (including near-video on-demand services), covered by point (a) of article 1 of Directive 89/552/EEC;


radio broadcasting services; and


(televised) teletext.

12.78  Television and radio broadcasting. Broadcasting services are not information society services for the simple reason that they are not provided at individual request, but instead involve one-to-many transmissions of data without distinction between those who have requested them and those who have not. Although broadcasting services may also be provided by electronic means and at a distance, they are not information society services within the meaning of the E-Commerce Directive. (Confusingly, for the purposes of national law certain internet transmissions may be considered ‘broadcasts’ in which copyright may subsist.72)

12.79  Hosts. Almost all hosts of electronic data would qualify for protection, on the basis that these are services which are supplied at the individual request of a subscriber. Similarly, requests are made for stored material by individual internet users. These services are also normally provided for remuneration. Even free hosting services—such as image or video storage platforms, and incidental storage provided as part of a social network—would satisfy the economic activity test if supported by advertising or other commercial services.

12.80  Overview. Article 12 of the E-Commerce Directive is entitled ‘mere conduit’ and provides for a safe harbour in respect of information transmitted by an internet intermediary. Article 12(1) provides:

Where an information society service is provided that consists of the transmission in a communication network of information provided by a recipient of the service, or the provision of access to a communication network, Member States shall ensure that the service provider is not liable for the information transmitted, on condition that the provider:


does not initiate the transmission;


does not select the receiver of the transmission; and


does not select or modify the information contained in the transmission.

12.81  National transposition. Regulation 17(1) of the 2002 Regulations transposes article 12 of the Directive. The transposed regulation is almost identical to article 12, subject to the following differences. The limitation is upon liability ‘for damages or for any other pecuniary remedy or for any criminal sanction’ (rather than liability at large). Additionally, the liability must arise ‘as a result of that transmission’ (rather than ‘for the information transmitted’). It is suggested that there is no material distinction between this language and the intended effect of the Directive.

12.82  Incidental storage. Both article 12(2) and regulation 17(2) permit the internet intermediary to engage in acts of storage during the course of transmission or providing access. Such storage must be automatic, intermediate, transient, and for no longer a period than is reasonably necessary for the transmission. This reflects the inevitable need for data to be buffered and stored in some form of random access memory in order for it to be received and processed for onwards transmission to a recipient of the service. In most cases, the total period of storage will be measured in milliseconds.

12.83  Conditions of mere conduit activity. To benefit from the conduit safe harbour, an internet intermediary must satisfy three negative requirements: first, non-authorship—the intermediary must be ‘in no way involved’ in authoring the transmitted information; second, non-initiation of transmission—the relevant data must be sent or requested by a third party; third, non-interference in transmission—those data must reach their destination without being deliberately modified by the conduit.

12.84 These requirements largely restrict the safe harbour to passive and temporary transmissions by network-layer intermediaries, such as relaying IP datagrams to a remote system.73 However, it will apply despite automated technical steps being carried out that do not affect data integrity, such as encryption and error checking.74 In essence, this safe harbour confirms that mere assistance by passively transmitting will not be sufficient for liability.

12.85  A passive medium. It follows from the wording of article 12(1) that an internet intermediary must be wholly passive in order to benefit from the ‘mere conduit’ limitation—a true intermediary whose role is limited to providing a medium for transmitting or passing on information. As a result, it is most commonly applied to network-layer and physical-layer services. Certain application-layer services, such as destructive messaging platforms, may qualify in respect of some of their activities, but many others will store information beyond the period needed for transmission.

12.86  ISPs. Suppliers of internet access services—such as ISPs, network backbones, and mobile data gateways—are archetypal mere conduits. They provide access to a communications network, namely their own networks which are interconnected to the internet. They also transmit information provided by recipients. Importantly, ISPs will remain mere conduits notwithstanding that they may possess the capacity, through deep packet inspection appliances, to inspect or examine the contents of unencrypted packets transmitted by their subscribers. Article 12(1) does not have a mental element and, unlike articles 13 and 14, does not hold conduits to a fault-based standard of liability. Even if an ISP could theoretically have ascertained the content of a communication they transmit, they are not liable for it if they did not initiate or select it, and did not modify or materially store its contents.

12.87  Suppliers of wireless hotspots. In McFadden, the Court of Justice has been asked to consider whether an ISP can be liable for facilitating the transmission of copyright-infringing files in circumstances where it enables access by means of a free wireless hotspot.75 In that case, Mr McFadden (an elected member of the German Pirate Party) operated an unsecured wireless network in his business premises as a promotional service designed to attract customers. An anonymous user connected to the network and used it to make available infringing copies of musical works. Among the questions referred to the Court of Justice were whether Mr McFadden qualified as an information society service provider in light of the fact that access was freely given, whether his activities constituted a ‘mere conduit’ service within the meaning of article 12(1), and whether injunctive relief was available to prevent him from operating the connection or to require him to use technical measures or monitoring to prevent the infringements. At the time of writing, the outcome of the reference is not yet known.

12.88  Blocking of network traffic. An ISP who intervenes in network transmissions so as to block access to material is unlikely to lose its conduit status for unblocked traffic. This is because, in respect of the unblocked network traffic, there would be no modification to the contents of users’ requests, while in respect of blocked traffic there would not be modification of the contents of the packets, only redirection of the communication as a whole to the ISP’s blocking systems. The same logic applies whether blocking is carried out voluntarily or pursuant to a court order.

12.89 Greater difficulty may arise where a claimant sought to hold an ISP liable for incorrectly blocking access to an internet location: there the liability would arise from an act of transmission in respect of which the ISP had intervened so as to change its recipient (eg from the original recipient to a blocking system or ‘blackhole’). It is suggested that such an ISP would still not have selected the initial recipient of the communication, and so would satisfy article 12(1)(b). For similar reasons, the ISP would not have modified the information contained in the transmission (only the metadata associated with it) and so would be likely to satisfy article 12(1)(c). However, this is not free from doubt. The contrary argument is that the ‘transmission’ includes all data sent across the ISP’s network, including packet headers designating a recipient; this would mean that modifying the headers (eg to redirect blocked traffic to a two-stage proxy server or border gateway router) would count as modifying the information contained in the transmission.

12.90  VPNs, proxies, and DNS servers. For similar reasons, operators of virtual private networks (‘VPNs’), proxy servers, and Domain Name System (‘DNS’) servers will normally be mere conduits. Those intermediaries supply access to a communications network: in the case of a VPN, to the connection gateway and hosts accessible through the gateway; in the case of a DNS server or proxy, to the hosts described by the answer to a DNS query or relayed requests. As such, these intermediaries will not ordinarily face monetary liability for the information they transmit, even if they are aware that a user of the service is carrying out unlawful activity. However, one may speculate that a service whose main purpose is to facilitate or conceal wrongdoing, which is promoted for that use, and which has actual knowledge of such use, may be considered not to be ‘neutral’ and so may be argued to fall outside the purpose of protection under article 12. Alternatively, injunctive relief may be available.

12.91  Websites, social networks, and aggregators. Platforms which publish information supplied by their users may be responsible for transmitting that information, but they are not mere conduits if they store such information beyond the period needed to transmit it. This is true of almost all major application-layer services, which operate a persistent repository of messages, status updates, media files, and associated metadata. Consequently, these services will very rarely be mere conduits that can rely upon article 12. However, insofar as liability is said to arise from the act of transmission (as distinct from the act of storage), the mere conduit safe harbor may operate to exclude monetary liability to that extent only.

12.92 As noted in paragraph 12.86, the mere conduit safe harbour is not defeated by showing that the service provider had knowledge of wrongdoing or of the unlawful status of information. The protection it confers is, within its boundaries, absolute. Provided the criteria for the safe harbour are satisfied in relation to the transmission which would otherwise give rise to liability, the limitation applies and the service provider’s mental state is irrelevant. This makes article 12 and regulation 17 particularly powerful sources of protection, since they cannot be displaced by actual or constructive knowledge.

12.93  Post-notification protection. Because a service provider’s mental state is immaterial to regulation 17, this safe harbour therefore affords considerably broader protection than section 1 of the Defamation Act 1996. Despite this, there are few examples of its application in defamation cases. Tilley appeared to treat the safe harbour as applicable to retail ISPs, but it was unnecessary to reach a conclusion.76

12.94  Liability for acts of ‘publication’. In DesignTechnica, Eady J remarked that (unlike other member states) Parliament had chosen not to extend conduit protection to search indices,77 which are permanently stored.78 However, because it is the display of results, rather than the antecedent generation of an index, that might constitute publication, it is suggested that the mere conduit safe harbour may apply in this respect. This would be because the act giving rise to liability is the act of publication—ie conveyance of the defamatory matter by its transmission from the search engine to a third party. Insofar as a search engine has participated in publication, that arises from acts of transmission. Therefore, if the other requirements of article 12 are satisfied, it may in principle exonerate search engines from monetary liability.79

12.95  Liability ‘for’ transmitted information. Shortly after its enactment, a challenge was brought to the Digital Economy Act 2010 based on its alleged incompatibility with article 12 of the E-Commerce Directive. The Court rejected that challenge, chiefly because article 12 was said to protect service providers from liability arising ‘for the information transmitted’, as might be the case under doctrines of secondary copyright liability, but does not protect from obligations to act ‘in respect of’ the information which arise for reasons unrelated to the transmission. The Court adopted a narrow interpretation of article 12.80 Any penalties imposed by the 2010 Act were liabilities arising from an ISP’s own misconduct under the Act rather than for transmitted information.81 The Court of Appeal upheld this reasoning.82

12.96  Duties to notify. While this distinction appears fine, it is correct for three reasons. First, on a proper understanding of the phrase ‘not liable’, a non-monetary obligation to forward notices is not relevantly a ‘liability’, even if it imposes an economic burden. It is analogous to obligations under Norwich Pharmacal orders, which are obligations arising only under the relevant court orders rather than for wrongdoing by the defendant or any other party.83 The burden of notification is imposed independently of the information transmitted by the conduit, and therefore is not a liability ‘for’ that information. Similarly, obligations to contribute to the scheme’s costs and any penalties for contraventions of the Act are ‘essentially parasitic’ obligations arising from the regulatory scheme and not from the information transmitted.

12.97 Second, the work done by article 12 relates to service providers’ liability as primary and secondary infringers. However, it does not prohibit any obligation from being imposed on them simply by virtue of their being mere conduits.

12.98 Third, the competing interpretation—that article 12 immunises service providers from any burden which would not have arisen without the transmission of information—is unsustainably broad. As Parker J explained in BT, such an interpretation would do violence to the language of article 12, which is conditioned on liability arising from the acts of transmission and provision of access. Technical measures are also defensible, since article 12(3) expressly preserves the ability of courts and administrative authorities to require service providers to terminate or prevent infringements; technical measures may fall under this heading, but only if ordered by a public authority.

12.99  Overview. Article 13 of the E-Commerce Directive is entitled ‘caching’ and insulates temporary storage activities from all forms of monetary liability, subject to conditions. Article 13(1) states:

Where an information society service is provided that consists of the transmission in a communication network of information provided by a recipient of the service, Member States shall ensure that the service provider is not liable for the automatic, intermediate and temporary storage of that information, performed for the sole purpose of making more efficient the information’s onward transmission to other recipients of the service upon their request, on condition that:


the provider does not modify the information;


the provider complies with conditions on access to the information;


the provider complies with rules regarding the updating of the information, specified in a manner widely recognised and used by industry;


the provider does not interfere with the lawful use of technology, widely recognised and used by industry, to obtain data on the use of the information; and


the provider acts expeditiously to remove or to disable access to the information it has stored upon obtaining actual knowledge of the fact that the information at the initial source of the transmission has been removed from the network, or access to it has been disabled, or that a court or an administrative authority has ordered such removal or disablement.

12.100  National transposition. Regulation 18, which transposes article 13 of the Directive, protects service providers from liability for ‘automatic, intermediate and temporary storage’ of information being transmitted in order to increase the efficiency of onward transmission of the information.84 Essentially, this safe harbour is directed at caching, which involves creating local copies of third parties’ data to reduce bandwidth utilisation and access times.85 To qualify for protection, several conditions must be satisfied.

12.101 First, caching must be automatic. In other words, it must not be undertaken manually, but carried out as part of an automatic and technical process in the intermediary’s systems.

12.102 Second, the service provider must not be the source or destination of the transmission: it must be an intermediate participant in the chain of transmission. Thus, both the origin and ultimate recipient of the information must be external to the service provider (and, by extension, not under its direction or control).

12.103 Third, caching must not be permanent. This reflects the normal use of caching as a mechanism for improving performance on a temporary basis, with cached information being flushed periodically or progressively overwritten with newer data.

12.104 Fourth, cached material must not be modified by the caching agent. It is submitted that ‘modify’ should be construed narrowly so as not to disentitle a service provider from relying upon the caching safe harbour by reason of automatic changes made to the cached data as part of the technical process of storing it (eg adding an expiry time to cached packets or converting cached files into a different file format).

12.105 Fifth, material must not be cached in violation of access or storage conditions contained in industry-standard metadata.86 This appears to refer to standard mechanisms intended to prevent data from being cached. An example may be the ‘NOARCHIVE’ meta tag in the Robots Exclusion Protocol, which allows a website operator to direct search engines and archival tools (such as not to cache a copy of the page in search results or an internet archive. Similarly, the ‘NOSNIPPET’ meta tag can be used to prevent extracts from a website from being cached and displayed.87

12.106 Sixth, the service provider’s caching must not interfere with lawful use of industry-standard technology to obtain data on use of the information.88 In Tilley, Eady J accepted evidence that an ISP’s proxy web cache would satisfy the requirements of regulation 18 where it temporarily stored defamatory newsgroup materials.89

12.107  Actual knowledge of removal at source. Unlike conduits, caches are subject to the further requirement that they act expeditiously to remove or disable access to cached information upon obtaining actual knowledge that the original copy has been removed or its removal ordered by a competent authority.90 This would appear to include knowledge that a court had ordered that access to the original material be blocked by another intermediary. In assessing whether a service provider has the necessary knowledge, the Court must have regard to whether valid notice was received, and whether the notice included certain mandatory information.91

12.108 Regulation 18 has a broader operation than section 1 of the 1996 Act, since a defendant who has been put on notice of defamatory material could not satisfy section 1(1)(c), but may still attract caching protection until a reasonable period after acquiring knowledge that the source material was removed or made subject to a removal order.

12.109  Preservation of injunctions. Article 13(2) clarifies that this safe harbour does not prevent a court or administrative authority from requiring an internet service ‘to terminate or prevent an infringement’. This proviso is arguably unnecessary, since it simply restates the intention of recital (45) that injunctive relief not be precluded by the safe harbours. The consequence is that a service provider may be ordered to remove information from a cache even if it has not yet expired, such that the safe harbour does apply, and may order the provider not to re-cache the tortious material.

12.110 The caching safe harbour has been described as a ‘half way house between mere transmission and “hosting”’.92 Protection is not absolute, because caching agents must comply with access conditions and removal requests, which may require manual deletion of data. However, because most caching tools are either designed for storage of extremely limited duration or designed to read metadata and remove expired pages automatically, it is suggested that the tension is not all that significant in practice. Like the mere conduit safe harbour, it excludes liability for passive and technical assistance.

12.111  Overview. Article 14 of the E-Commerce Directive is entitled ‘hosting’ and describes what is by far the most important of the three safe harbours. The hosting safe harbour insulates internet intermediaries from liability insofar as their services involve ‘storage of information’. Article 14(1) states:

Where an information society service is provided that consists of the storage of information provided by a recipient of the service, Member States shall ensure that the service provider is not liable for the information stored at the request of a recipient of the service, on condition that:


the provider does not have actual knowledge of illegal activity or information and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or information is apparent; or


the provider, upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information.

12.112  National transposition. Regulation 19, which transposes article 14 of the Directive, protects service providers when they store third parties’ tortious material while having neither actual knowledge of the ‘unlawful activity or information’ nor an awareness of facts or circumstances from which that ‘would have been apparent’.93 It provides ‘a powerful and clear defence’ to intermediaries,94 subject to satisfying four main conditions.

12.113  Scope of storage activity. First, the hosting safe harbour applies only to storage activity as such. Activities which go beyond storage—such as curation or creation of content—are unprotected, subject to other defences or safe harbours. Only limited forms of network-layer assistance are immunised, while more interventionist application-layer activities are not. Put another way, what article 14 deals with is storage of third-party content; it does not supply a wider shield that protects the service provider from liability arising as a result of its own obligations, its own content, or its operation of other aspects of the service.

12.114  Activities of application-layer services. The dividing line that separates protected acts of storage from unprotected acts of intervening in content can be difficult to discern. In practice, almost all application-layer intermediaries do more than merely record third parties’ material in a computer storage medium; they apply technical processes to make it accessible and searchable by visitors, to allow access to the data from mobile devices (eg via mobile apps), and to facilitate users to share, embed, review, remix, or curate such material on playlists, profiles, and other platforms. More advanced platforms may offer automated content recommendations, the identification of related or relevant content, or the processing of content to convert it into different file formats automatically. Many of these activities are technical and automatic processes that are applied neutrally to hosted information. It is suggested that they too ought to be treated as examples of ‘storage’ activity.

12.115  Moderation conduct going beyond storage. Voluntary content moderation which goes beyond storage activity is not protected. In Kaschke, Stadlen J doubted whether regulation 19 would apply to a defendant who ‘on a few occasions’ removed offensive or inappropriate postings from hosted weblogs. While it did not matter that the defendant supplied other non-storage services (such as self-published material), the ‘particular information’ in respect of which protection is sought must consist solely of storage.95

12.116 This approach is clearly problematic for application-layer intermediaries who voluntarily moderate content and arguably frustrates the purpose of the Directive by discouraging efforts to remove harmful and offensive internet content.96 Conversely, in Newsquest the Court concluded that regulation 19 applied even though the defendant had authored other, non-tortious content on the webpage concerned, and had the capability to moderate comments.97

12.117  Activities by search engines. For similar reasons, it is unlikely without statutory intervention that regulation 19 would protect all activities by Google and other search engines.98 Although search engines are ‘hosts’ in respect of third parties’ information automatically stored on their servers, peripheral data processing, advertising, and curated content can involve selecting or modifying data in ways that preclude protection in respect of those additional activities.

12.118 Second, as the Court of Justice clarified in Google France, storage must be ‘of a mere technical, automatic and passive nature’, in the sense that the intermediary is ‘neutral’ as regards stored data and does not play an ‘active role’ which confers knowledge or control of those data.99

12.119  Requirement of neutrality. The neutrality requirement probably stems from a mistaken reading of recital (42) (which applies only to caching and transmission). However, it was upheld by the Court of Justice in eBay: if an intermediary optimises or promotes users’ stored content, it may not be neutral100—at least in respect of the content being promoted or optimised. Conversely, neutrality is less likely to be defeated by a technical mechanism which automatically guides recipients of the service in creating stored data.

12.120  Active and passive service providers. In Google France, the requirements for safe harbour protection under article 14 were said to be satisfied if the gateway in question has not played an ‘active role of such a kind as to give it knowledge of, or control over, the data stored’.101 In that case, Google provided the service over a communications network and stored data supplied by advertisers in its system (the keywords selected, the content of the advertising message, and the link to the advertiser’s website) at their request.102 The vital criterion was said to be whether storage is ‘of a mere technical, automatic and passive nature’.103 In other words, it must be asked ‘whether the role played by that service provider is neutral’,104 as opposed to active.

12.121  The use of neutral algorithms. The Advocate General in Google France explained that intermediaries who seek to benefit from a liability exemption under articles 12 to 15 of the Directive ‘should remain neutral as regards the information they carry or host’. As to the position of Google:

Google’s search neutral as regards the information it carries. Its natural results are a product of automatic algorithms that apply objective criteria in order to generate sites likely to be of interest to the internet user. The presentation of those sites and the order in which they are ranked depends on their relevance to the keywords entered, and not on Google’s interest in or relationship with any particular site. Admittedly, Google has an interest—even a pecuniary interest—in displaying the more relevant sites to the internet user; however, it does not have an interest in bringing any specific site to the internet user’s attention.105

Conversely, the Advocate General explained that Google was not neutral as regards the ‘content’ featured in AdWords advertisements, and so could not benefit from article 14 in respect of any liability arising from their display. This was because Google displayed such content pursuant to its commercial relationship with advertisers, and had a direct interest in users clicking on the advertisements.106 However, this distinction is difficult to sustain, given that Google displays advertising according to neutral criteria and in accordance with advertisers’ instructions, and has no interest in users clicking on any particular advertising link as distinct from any other.

12.122  Mere display of content insufficient. The CJEU expressed its reasoning in slightly different terms to the Advocate General. The Court’s judgment makes clear that the mere fact that Google sets payment terms or displays advertising is not sufficient to deprive it of protection under article 14. Conversely, what would be relevant was any role played by Google in drafting the text of the commercial message contained in advertising.107

12.123  Determining ‘passivity’. Assessing a service’s eligibility under article 14 therefore necessitates an examination of its conduct (whether passive, reactive, and insufficient to amount to control over stored data) and mental state (whether it knew of the unlawful nature of stored data).

12.124 It is curious why the test is ‘control of the data’ being stored, rather than the test of control over the recipient mentioned in article 14(2) and regulation 19(b). The Court seemed to accept that Google had control over the display of infringing advertisements, since it determined the conditions under which they were published and ordered for display to users. Although it was this display which constituted the essence of the primary wrongdoing (and the potential source of Google’s liability), the CJEU did not consider this control fatal to immunity under article 14. Instead, the Court confirmed that providing ‘general information to its clients’ or accepting payment cannot deprive Google of immunity.108 The control the Court had in mind appears instead to relate to the content of the underlying data supplied by the recipient.

12.125 Google was not taken to have actual knowledge of all search terms or advertising data simply because its system automatically matched the two sets of data in response to search queries.109 Google did not necessarily have control over the advertising data—even though it was stored in memory on server equipment within its possession—since those data had been ‘entered into its system by advertisers’. However, if Google plays some role in drafting the text appearing alongside sponsored links, this may be relevant to the issue of neutrality or control.110 Ultimately, the Court left this assessment to be resolved by the national court.

12.126  Involvement in creating stored content. This analysis raises doubts about the viability of keyword suggestion tools, human screening or optimising of advertisements, and potentially even filtering or rule-based checking of link text. Where text analysis is limited or non-existent, it appears that article 14 will shield an intermediary from liability for third parties’ trade mark infringement in keyword advertisements. However, if an intermediary takes more active steps to influence the content of advertising, it may lose its neutral status. Paradoxically, this may discourage attempts to prevent trade mark infringement (eg by filtering trade marks from advertising text) and may retard the efficiency of advertising technology (eg by suggesting keywords based on aggregate search volumes).

12.127  Removal obligations. Although the Court confirmed that Google is not liable for its clients’ use of trade marks in advertising, it does not follow that search intermediaries have no duties whatsoever in relation to infringing advertisements. Under the text of article 14, an intermediary must act expeditiously to remove or disable access to the data constituting or giving rise to a trade mark infringement once it has actual knowledge of their unlawful nature. The Court expressly affirmed this obligation, but did not elaborate its content.111 In practice, these obligations may prove almost as burdensome as prima facie liability.

12.128 Third, like mere conduit protection, article 14(2) and regulation 19(b) require the stored information to have been provided by a third party over whom the service provider lacked authority or control. This excludes most situations of primary or relational secondary wrongdoing.

12.129  Authorship by the service provider. An example of primary wrongdoing that was not within the safe harbours arose in Papasavvas. There the allegedly defamatory information was being stored by the defendant because it was a newspaper publisher who had posted an online version of an article it had previously published in its own newspaper. In those circumstances, the safe harbours were inapplicable for three overlapping reasons. First, it was not an ‘intermediary service provider’ in the sense required by articles 12 to 14. It was instead acting as a primary party. Second, the information was not provided by someone over whom the defendant lacked authority or control. Third, and most importantly, it had actual knowledge of the information from the moment it was posted.112 Accordingly, it could not rely upon any of the safe harbours.

12.130 Finally, the service provider must not have the necessary knowledge or awareness of the unlawful activity or information. Upon obtaining knowledge or awareness, protection is lost unless the service provider acts expeditiously to ‘remove or disable access’ to the unlawful information.113 Although disputed,114 the better view is that article 14, read in conjunction with article 15(1), refers to actual rather than constructive knowledge (but includes wilful blindness), and to past or ongoing rather than future tortious activity.115

12.131  Knowledge of unlawfulness. The actual knowledge required is of unlawful activity or information. This means knowledge that material (or the relevant use or publication of material) is actionable rather than simply conferring upon the claimant a prima facie case to answer. The distinction is particularly important in defamation cases,116 where knowing that a statement is defamatory is far from the same thing as knowing that it is unlawful (eg it may be true or a statement of honest opinion).117

12.132 Similarly, in actions for copyright infringement, knowing that certain material is a copyright work may not be enough to know that the dealing is an actionable infringement; the purpose and character of the dealing would also need to be known, as well as whether or not the act was done without the consent of the copyright owner. Context may also be very important in an action for trade mark infringement, where—depending on the type of infringement being alleged—it may be necessary to know the goods or services in relation to which a sign is used, or that such use creates a likelihood of confusion.

12.133 Because unlawfulness requires material to be actionable, regulation 19 appears to require knowledge of both the stored material and the facts or circumstances which render it unlawful. Unless a notice provides sufficient information from which the unlawfulness of the information or activity could be ascertained (eg falsity or confidentiality), the defendant will lack actual knowledge; in effect, this acts as a double-reversal of the onus of proof in defamation claims.

12.134  Removal upon notification. In Karim v Newsquest Media Group Ltd the Court granted summary dismissal where the defendant (‘Newsquest’) had stored defamatory comments alongside an article reporting on the claimant solicitor’s disciplinary proceedings.118 Before notification, Newsquest did not have actual knowledge; thereafter, it expeditiously removed the articles and their associated comments. The main difficulty with this outcome is that the article was held to be protected by qualified privilege, yet pre-emptively removed (along with public debate) to preserve safe harbour protection. This suggests that regulation 19 does little to remove the incentive for over-compliance faced by intermediaries who are unable (or unmotivated) to plead substantive defences.

12.135 Short of granting absolute immunity, this incentive cannot be completely removed. However, it can be minimised by adopting a default position which absolves intermediaries from the onerous task of passing judgment on impugned materials. The prevailing approach is to require, as part of giving valid notice, sufficient details of why a statement is unlawful.

12.136  Failure to provide sufficient details. In Amazon, the claimant failed to specify the specific book reviews and comments about which he complained, which made it impossible for Amazon to perform the ‘exercise of discrimination’ required to separate legitimate criticism from defamatory statements. The claimant also failed to explain why each posting was unlawful, so that Amazon could not ‘investigate or adjudicate upon it’.119 This reflects a proper understanding of the way in which regulation 19 shifts the burden onto complainants to justify their allegations. Adopting a higher threshold of actual knowledge reduces the risk of wrongful removal without prejudicing genuine claims.

12.137  The hybrid subjective–objective test. It is sufficient to have actual knowledge of facts or circumstances from which a ‘diligent economic operator should have identified the illegality in question’,120 which suggests a hybrid standard of knowledge that assesses what the defendant actually knew according to the standards of a reasonable service provider in the defendant’s position. In this respect, it invites comparison to concepts of ‘dishonesty’ in equity. Once knowledge has been acquired, the safe harbour will not apply to repeated infringements by the same user of the same right.121 Specific notice-and-takedown procedures are delegated to member states,122 and remain far from uniform.123

12.138  Competing allegations. In Davison, HHJ Parkes QC applied Tilley and Kaschke to conclude that a platform must know sufficient facts to assess the strength of available defences. Without information one way or the other, it could not be aware of facts from which unlawfulness would have been apparent.124 This is consistent with the approach taken in eBaythat protection is only displaced by knowledge of facts or circumstances from which ‘a diligent economic operator should have identified the illegality in question’.125 For such knowledge to arise, a notice must not be ‘insufficiently precise or inadequately substantiated’.126 In Davison, Google received correspondence from both claimant and primary author in which each attempted to substantiate their allegations against the other; faced with two irreconcilable notices, it had ‘no possible means one way or the other to form a view as to where the truth lies’.127 In those circumstances, Google could not be said to meet the threshold of knowledge required to divest it of immunity.

12.139Davison suggests that an intermediary will be able to rely on the storage safe harbour notwithstanding its receipt of notice from the claimant in three circumstances. First, if the notice is invalid, in the sense of being imprecise or unsubstantiated, it will not be effective to confer actual knowledge or awareness. Second, if the notice makes allegations of unlawfulness, which are disputed by the primary author on some credible basis, then unlawfulness could not be inferred. In effect, disputation would operate analogously to a counter-notification.128 Third, if the claimant gives notice, but the intermediary otherwise becomes aware of facts suggesting that the material is justified or lawful, or that the claim would fail, then the intermediary will not have knowledge of unlawfulness. These circumstances sensibly reflect the fact that an intermediary is normally ‘in no position to adjudicate’ a complex factual and legal dispute between prospective litigants.129

12.140  Imprecise notifications. Tamiz provides another example of notices which failed to confer knowledge of actionability. Applying eBay, the trial judge held that notices alleging defamation—without giving any details of falsity or the inapplicability of obvious defences—were neither sufficiently precise nor substantiated that a diligent host should have identified the statements’ unlawfulness. While it was ‘implicit’ in the complaints that Mr Tamiz denied the allegations of theft and drug dealing, Google was not required to accept complaints at ‘face value’ to retain protection.130 This is clearly consistent with the ratio legis of regulation 19, which is designed to immunise hosts unless they have actually acquired sufficient evidence of unlawfulness.

12.141  Failures to investigate. One difference between regulation 19 and article 14(1) relates to the second knowledge ‘limb’, awareness of facts or circumstances indicating unlawful activity or information. Article 14(1)(a) requires that the provider ‘is not aware of facts or circumstances from which the illegal activity or information is apparent’. Regulation 19(a) requires that the provider ‘is not aware of facts or circumstances from which it would have been apparent to the service provider that the activity or information was unlawful’ (emphasis added). Both provisions apply an objective standard (of apparentness) to the subjective awareness of the service provider.

12.142 Collins suggests that the English standard may in fact be higher, since it may extend knowledge to a situation where the service provider has negligently failed to make inquiries.131 Under the Directive, the relevant illegality needs to be apparent from the facts or circumstances which are known to the service provider. Under the 2002 Regulations, the illegality can be one that would have been apparent to that service provider had it acted reasonably, for example, made further inquiries or acted as a reasonable service provider in its position would have acted.

12.143 Nevertheless, it is suggested that the difference in language is unlikely to matter in most cases. Under both provisions, the question to be asked is whether the defendant service provider actually had knowledge of matters from which a reasonable economic operator in the position of the defendant would have concluded that the material or activity in question was unlawful.

12.144 Both the Directive and the 2002 Regulations are silent as to what is required of a service provider who ‘acts expeditiously’. Three uncertainties arise.

12.145  Period for responding. First, the relevant period within which activity will be expeditious is unclear. It is submitted that what is expeditious will depend upon all the circumstances, and in particular upon: the nature of the unlawful activity or information; the clarity of the claimant’s notification; the circumstances in which an employee of the service provider first became aware of the material in question; any refusal by the service provider to act; the volume of complaints received by the service provider; and the resources available to the service provider to deal with those complaints. Expedition is an objective standard that invites an assessment of whether the particular service provider’s reaction met the standard to be expected of a reasonable economic operator supplying the same information society services.

12.146  Attempts to remove. Second, it is unclear whether acting expeditiously ‘to remove or to disable access to the information’ actually requires that the attempt be successful. Another interpretation is that the service provider must take reasonable steps directed at achieving that objective—for example, by deleting the material in question and taking appropriate action against the responsible user. Should the same material be re-uploaded to the same service at a later point in time, this does not necessarily mean that the service provider has failed to act expeditiously, though it would need to remove the material a second time upon receiving actual knowledge of it. The competing view is that a service provider would be responsible for preventing future infringements of the same right by the same user.

12.147 It is submitted that an interpretation which required an absolute prohibition of outcome would be unreasonable and inconsistent with the purpose of article 14, since it would limit the storage safe harbour to the first detected instance of unlawful material, and effectively amount to a ‘notice and stay-down’ condition. That may also amount to a monitoring duty, and would be inconsistent with the principle of neutrality which service providers are expected to observe and which is codified in article 15 of the Directive.

12.148 Further, any subsequent upload of the same material would technically be a separate unlawful act and the information would be a fresh legal wrong. Accordingly, it might be argued that the storage safe harbour could be relied upon in respect of that legal wrong, provided the service provider acted expeditiously to remove the later material.

12.149  Unspecific knowledge. Third, it is not clear whether article 14 requires a service provider to act expeditiously where it obtains knowledge of unlawful activity, rather than stored information. The literal words used in article 14(b) refer only to removal or disabling of access ‘to the information’. If users of a service are engaging in unlawful activity that results in unspecified information being stored or made accessible, arguably there is no obligation to seek out and remove that information. For example, unlawful activity may take the form of cartel agreements concluded by means of a secure messaging platform in circumstances where the service provider cannot view the agreements or identify the parties.

12.150 Left unanswered by the decision in Google France is the question of whether a search engine’s automated indexing activities are within the scope of article 14. It is suggested that they should be. The search engine consists of storage (and selective retrieval) of information. That information is provided by both (1) end users of Google, and (2) website operators who allow their sites to be indexed by Google. Both of those classes of third parties could be considered recipients of Google’s search and search indexing services, respectively. The service is neutral as regards what is being stored and retrieved.

12.151  The need for a ‘request’. The difficulty arises from the fact that information is not stored in a search engine’s index at the ‘request’ of any end user, but rather by operation of the indexing robot. One possible way around this issue may be to characterise website operators as making an implied request to index their websites by not uploading a Robots Exclusion Protocol file (which may contain a request not to index part or all of a website).132 In a sense, this would be treating website operators as ‘opt-out’ recipients of the search service. This arguably accords with modern practice and is consistent with the fact that Google has not specifically requested storage of any particular website either.

12.152  Recipients of a search engine service. Mindful of this difficulty, the Advocate General in Google France thought that Google’s search engine would not be covered by the hosting safe harbour because storage of information was not ‘at the request of the sites that provide it’.133 Interestingly, this condition is omitted from the United Kingdom transposition of article 14, which simply requires that information is ‘provided by a recipient of the service’. On this basis, if website operators are sensibly regarded as recipients of a search indexing service, then Google’s search engine could be covered by the hosting safe harbour, in addition to the caching safe harbour identified by the Advocate General in Google France.

12.153  Need for clarification. Regardless of whether these arguments are accepted, it would be desirable to clarify the legal protection of search engines from liability in any future version of the E-Commerce Directive or in extended national legislation. Search engines serve an important public interest in permitting efficient navigation of large volumes of information, and it is critical that they are able to continue to identify relevant information neutrally and without risk of monetary liability arising from the indexing of unlawful material.

12.154  Neutrality and passivity. Based on the guidance in Google France, it appears that what matters is whether a website operator (1) is neutral, and (2) lacks knowledge or control of the stored data that would give rise to liability. A general purpose news website that hosts a comment published by a user would probably fall within the exception. Conversely, a site dedicated to infringing content or which promotes or solicits the uploading of unlawful material would not be neutral and could not rely on the hosting safe harbour. Assessing ‘control’ will always be more fine-grained, but the control should relate to the content of the information that is stored, rather than the manner in which it is displayed or processed.


‘A ship in harbor is safe, but that is not what ships are built for’: see John Shedd, Salt from My Attic (1928); Fred Shapiro (ed), The Yale Book of Quotations (2006) 705.


Not least because many cases attest to the unfortunate ills that can befall vessels in harbour: see, eg, Overseas Tankship (UK) Ltd v Morts Dock & Engineering Co Ltd [1961] AC 388, 390–1 (‘The Wagon Mound [No 1]’).


The safe harbours considered by this chapter should be distinguished from the confusingly named ‘data protection safe harbor’, which until 2015 allowed United States organisations to self-certify that they provide ‘adequate’ data protection within the Data Protection Directive for the purposes of international data transfers under art 25(1): see United States Department of Commerce, ‘US–EU Safe Harbor Framework Documents’ (2 August 2013) <>. The ‘safe harbors’ have since been annulled: see Schrems v Data Protection Commissioner, C-362/14, EU:C:2015:650, [98].


E-Commerce Directive recital (8).


European Commission, First Report on the Directive on Electronic Commerce (2003) 12–13.


Google France SarL v Louis Vuitton Malletier SA, Joined Cases C-236/08 to C-238/08, EU:C:2009:569 [2011] Bus LR 1, [142]–[143] (Advocate General) (‘Google France’).


E-Commerce Directive recital (40).


E-Commerce Directive recitals (40), (5); Bunt v Tilley [2007] 1 WLR 1243, 1252 (Eady J) (‘Tilley’).


E-Commerce Directive recital (60).


See James Goudkamp, ‘A Taxonomy of Tort Law Defences’ in Simone Degeling, James Edelman, and James Goodkamp (eds), Torts in Commercial Law (2011) 467, 468–9.


They are described as both ‘liability exemptions’ and ‘limitations of liability’ in the E-Commerce Directive: see recitals (44) and (45), respectively.


E-Commerce Directive recital (23).


R v Secretary of State; ex parte Yiadom, Case C-357/98, EU:C:2000:604 [2000] ECR I-09265, [26].


See Chapter 10, section 1.3.


Case C-292/10, EU:C:2012:142 [2013] QB 168, [69]–[72].


E-Commerce Directive art 1(2) (emphasis added).


The E-Commerce Directive refers to Directive 97/66/EC of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector [1998] OJ L 24/1. However, that Directive was repealed and replaced by Directive 2002/58/EC on privacy and electronic communications [2002] OJ L 37 (‘PEC Directive’), art 19 of which provides that references to the repealed Directive 97/66/EC ‘shall be construed as being made to’ the PEC Directive. See chapter 10, section 2.3 for an overview of intermediaries’ obligations under the PEC Directive.


[2015] EWHC 59 (QB) (‘Mosley v Google’).


Mosley v Google, [46], [48] (Mitting J).


Mosley v Google, [45] (Mitting J).


E-Commerce Directive recital (21) (emphasis added).


L’Oréal SA v eBay International AG [2009] EWHC 1094 (Ch); [2009] RPC 21, [1], [344] (Arnold J) (‘eBay’). See also L’Oréal SA v eBay International AG, Case C-324/09, ECLI:EU:C:2011:474 [2012] Bus LR 1369, [55] (Advocate General) (‘eBay (CJEU)’).


eBay (CJEU), [136] (Advocate General).


European Commission, First Report to the European Parliament, the Council and the European Economic and Social Committee, COM(2003) 702 final, [4.6].


Papasavvas v O Fileleftheros Dimosia Etaireia Ltd, C-291/13, EU:C:2014:2209, [50].


Scarlet Extended SA v Société belge des auteurs, compositeurs et éditeurs SCRL (SABAM), C-70/10, EU:C:2011:771 [2011] ECR I-11959, [40].


See also Terrorism Act 2000 sch 8A; chapter 11, section 2.4.


Electronic Commerce (EC Directive) Regulations 2002 regs 17(1), 18, 19.


Sempra Metals Ltd v Commissioners of Inland Revenue [2008] 1 AC 561, [16]–[17] (Lord Hope), [94]–[100] (Lord Nicholls) (Lord Scott and Lord Walker agreeing).


See, eg, Firma C-Trade SA v Newcastle Protection and Indemnity Association [1991] 2 AC 1, 35–6 (Lord Goff).


Eg, national costs rules themselves: see chapter 18, section 1.1.


Enforcement Directive art 14. Cf Directive 2011/7/EU on late payments [2011] OJ L 48/1 art 6(3), which expressly provides that an unpaid creditor should be entitled to compensation for its recovery expenses, including the cost of ‘instructing a lawyer’.


E-Commerce Directive recitals (40), (41), (47), (48), (52).


See Information Society Directive art 8(3); Enforcement Directive art 11; Data Protection Directive art 14. See also chapter 10, section 3.2; chapter 14, section 3.


See also Anti-Counterfeiting Trade Agreement, opened for signature 1 May 2011 (not entered into force), arts 2.18(4) (disclosure against internet intermediaries), 27.4 (disclosure of ISPs’ subscriber information).


C-291/13, EU:C:2014:2209, [53] (‘Papasavvas’).


See chapter 2, section 1.2.


See E-Commerce Directive art 2(a). The definition derives from art 1(2) of Directive 98/34/EC (as amended by Directive 98/48/EC).


E-Commerce Directive recital (40); Tilley, [40] (Eady J).


Directive 98/48/EC amending Directive 98/34/EC laying down a procedure for the provision of information in the field of technical standards and regulations [1998] OJ L 217/18, recital (7) (‘Technical Standards Directive’).


Technical Standards Directive recital (9).


Ker-Optika [2011] 2 CMLR 15, [24]; E-Commerce Directive recital (18).


eBay (CJEU), [109].


Tilley, 1253 (Eady J); Twentieth Century Fox Film Corporation v British Telecommunications plc [2011] EWHC 1981 (Ch), [113] (Arnold J); E-Commerce Directive recital (18).


E-Commerce Directive recital (18).


Karim v Newsquest Media Group Ltd [2009] EWHC 3205 (QB), [15] (Eady J); Kaschke v Gray [2010] EWHC 690 (QB), [67] (Stadlen J); E-Commerce Directive recital (18).


E-Commerce Directive recital (18).


Case No 11/2014, Gestevision Telecinco SA v Youtube LLC [2014] 2 CMLR 13 (Court of Appeal of Madrid (Civil Division), 14 January 2014), [26]; E-Commerce Directive recital (18).


E-Commerce Directive recital (18).


E-Commerce Directive arts 12–15.


See chapter 2, section 1.2.


See E-Commerce Directive recital (17), which confirms that these exclusions also apply to that Directive.


Papasavvas, [30].


See Treaty on the Functioning of the European Union [2012] OJ C 326/1 art 57 (‘TFEU’) (defining services as those ‘normally provided for remuneration’ and including industrial and commercial services, and activities of craftsmen and professions).


See Bond van Adverteerders, C-352/85, EU:C:1988:196, [16] (free-to-air television); Papasavvas, [29].


[2009] RPC 21, [437] (Arnold J).


Mulvaney v Sporting Exchange Ltd (t/a Betfair) [2009] IEHC 133, [5.14] (Clarke J).


Case C-324/09 [2012] Bus LR 1369, [109].


Case No 11/2014, Gestevision Telecinco SA v Youtube LLC [2014] 2 CMLR 13 (Court of Appeal of Madrid (Civil Division), 14 January 2014), [26], [35] (‘YouTube (ES)’).


[2010] EWHC 690 (QB), [43] (Stalden J) (‘Kaschke’).


Metropolitan International Schools Ltd v DesignTechnica Corp [2009] EWHC 1765 (QB) , [84] (Eady J) (‘DesignTechnica’).


European Commission, First Report on the Directive on Electronic Commerce (2003) 13.


Google France, [131] (Advocate General).


Google France, [110]–[111].


E-Commerce Directive recital (18).


Technical Standards Directive art 1(2)(a).


Tilley, 1253 (Eady J).


Twentieth Century Fox Film Corp v British Telecommunications plc [2012] Bus LR 1461, [113] (Arnold J).


[2011] 2 CMLR 15, [24], [31], [34] (‘Ker-Optika’).


Ker-Optika, [34], [37]–[39].


Technical Standards Directive art 1(2)(a).


See Copyright, Designs and Patents Act 1988 s 6(1A) (which includes within the definition of ‘broadcast’ internet simulcasts of conventional broadcasts or other streaming services which are not on-demand). It appears that this definition is concerned with subsistence conditions rather than any technical characteristics of the medium.


See Matthew Collins, Collins on Defamation (1st ed, 2014), [17.09]; Patrick Milmo et al (eds), Gatley on Libel and Slander (11th ed, 2010), [6.28].


E-Commerce Directive recital (43).


See Case C-484/14, McFadden (reference from the Landgericht München I, 3 November 2014).


See Tilley, 1254–5, 1260 (Eady J).


Department of Trade and Industry, Consultation Paper on the Electronic Commerce Directive (June 2005) [4.2]–[4.7] <>.


DesignTechnica, [89] (Eady J).


Cf the operator of a website or a web host, who may also publish the defamatory matter by storing it on the website, in addition to transmitting it when accessed by a user.


R (British Telecommunications plc) v Secretary of State [2011] EWHC 1021 (Admin), [101] (Parker J) (‘BT’).


BT, [107] (Parker J).


R (British Telecommunications plc) v Secretary of State [2012] EWCA Civ 232, [53], [59] (Richards LJ) (Arden and Patten LJJ agreeing) (‘BT (CA)’).


See BT, [104] (Parker J) (drawing the same comparison).


Electronic Commerce (EC Directive) Regulations 2002 reg 18(a). See Tilley, 1256–7 (Eady J).


See Blue Coat, ‘A Technical Review of Caching Technologies’ (, 17 December 2007) <>.


Electronic Commerce (EC Directive) Regulations 2002 reg 18(b)(i), (ii), (iii).


See Dan Crow, ‘The Robots Exclusion Protocol’ (Google Official Blog, 22 February 2007) <>.


Electronic Commerce (EC Directive) Regulations 2002 reg 18(b)(iv).


Tilley, [52]–[53] (Eady J).


Electronic Commerce (EC Directive) Regulations 2002 reg 18(b)(v).


Electronic Commerce (EC Directive) Regulations 2002 reg 22.


Gatley on Libel and Slander, 169, [6.29]; Tilley, [51] (Eady J).


Electronic Commerce (EC Directive) Regulations 2002 reg 19(a)(i).


Tamiz, [57]; Davison, [64].


Kaschke, [71]–[72], [74]–[75] (Stadlen J).


Cf Kaschke, [87]–[88] (Stadlen J).


Newsquest, [15] (Eady J).


DesignTechnica, [112] (Eady J).


Google France, [113]–[114].


Cf eBay (CJEU), [140]–[146] (Advocate General).


Google France, [120].


Google France, [111].


Google France, [114].


Google France, [112].


Google France, [144] (Advocate General).


Google France, [145] (Advocate General).


Google France, [118].


Google France, [116].


Google France, [117].


Google France, [118].


Google France, [120].


Papasavvas, [45]–[46].


E-Commerce Regulations r 19(a)(ii). See chapter 4, section 3.2.


Cf Søren Sandfeld Jakobsen, ‘Mobile Commerce and ISP Liability in the EU’ (2010) 19 International Journal of Law and Information Technology 29, 46.


eBay (CJEU), [162]–[163] (Advocate General).


In this respect, the scope of protection under reg 19 is far broader than under the Defamation Act 1996: the object of knowledge is narrower—unlawful rather than merely defamatory material—and the immunity continues until a reasonable interval after notification: cf chapter 8, section 3.1.


Kaschke, [100]–[102] (Stadlen J).


[2009] EWHC 3205 (QB), [15] (Eady J) (‘Newsquest’).


Amazon, [47]–[48] (HHJ Moloney QC).


eBay (CJEU), [120], [124].


eBay (CJEU), [168] (Advocate General).


E-Commerce Directive recital (46), art 14(3).


European Commission, Online Services, Including E-Commerce, in the Single Market (2012) 39–46.


Davison, [63] (HHJ Parkes QC). Cf Brian Neill and Richard Rampton (eds), Duncan & Neill on Defamation (2nd ed, 1983) [20.20].


eBay (CJEU), [120] (emphasis added).


eBay (CJEU), [122].


Davison, [66] (HHJ Parkes QC).


Cf Digital Millennium Copyright Act 1998, 17 USC § 512(g).


Davison, [68] (HHJ Parkes QC).


Tamiz, [59]–[60] (Eady J).


Matthew Collins, Collins on Defamation (1st ed, 2014) 359.


See fn 87 and accompanying text.


Google France, [144] (Advocate General). (noting that Google may instead fall within the caching safe harbour).

This Feature Is Available To Subscribers Only

Sign In or Create an Account


This PDF is available to Subscribers Only

View Article Abstract & Purchase Options

For full access to this pdf, sign in to an existing account, or purchase an annual subscription.