No doubts about the direct civil liability of a Provider of illegal acts performed by the provider itself. But can we talk about provider’s civil responsibility also with regards of the diffusion, by means of its infrastructure, of illegal contents by part of third-parties? Drawing inspiration from a recent sentence of the Corte d’Appello di Roma (appeal court of Rome), in this article we will try to clear things on the civil responsibility of Cloud ISP.


cloud

In the IT language, the term Provider refers to an intermediary entity in communication that offers different services: for instance, access to the network with Internet - Network Provider; or access to Internet services - Internet Provider; Website hosting - Host Provider; and so forth. So, what is the responsibility of a Provider for such “mediatoring” activity? A recent sentence of the aforementioned Corte d’Appello di Roma, sentence n.2833 of April 29, 2017, stated declared the civil liability of a provider for any illegal act committed by third parties using the provided digital platform.

In particular, such third party illegally used and diffused with the platform provided by the provider, some TV shows whose rights holders sued the Provider for compensation.

The appeal court then confirmed the responsibility as it excluded that the activity of the Provider would be classified as only hosting provider and, therefore, mere “storing” of data, which an activity characterized by a “merely technical, automated and passive” aspect, thus ruling out any possible liability. The court instead classified the position of the company as active being a content provider and, anyway, an active aggregating provider because of “several activities performed by the provider in the management of content upload on its own digital platform” (for instance, crawling of audio and video content for ads purposes according to their visualizations, which is an activity that, as for the court, implies “the direct interest of such provider in knowing the nature and the type of content present on its platform” and “there’s an active data management different from the mere provide of a simple technical support for content uploading …”).

Therefore the court recognised “a voluntary activity aimed to concur or cooperate with a third party in the offence”, thus excluding the neutrality of the provider given the characteristics of the services provided. The position of the provider was further worsened by being warned of removing such content by the owner, so it knew about the diffusion of the content, but did nothing.
This recent verdict, which confirmed what also the court ruled in the first instance, gives us the opportunity of going deeper in the subject. As a general rule, art.15 of directive 31/2000/EC (“...on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market”) excludes the existence of “a general obligation on providers [...] to monitor the information which they transmit or store, nor a general obligation actively to seek facts or circumstances indicating illegal activity” with reference to mere conduit (art.12), temporary storage -caching- (art.13) and hosting (art.14) providers.

Art.14 of the same directive in particular, which was recalled in the ruling of the appeal court, deals with hosting, defined as “an information society service is provided that consists of the storage of information provided by a recipient of the service” which implies an exclusion of liability of the service provider, provided that such provider: a) is not actually aware of the illegal nature of the activity or information and, regarding compensation, is not aware of facts or circumstances that show such illegality, or b)as soon as it is aware of such facts, acts immediately removing said information or disable their access.

This indication has to be put in context also with “whereas” 42 of the directive, which clarifies that “the exemptions from liability established in this Directive cover only cases where the activity of the information society service provider is limited to the technical process of operating and giving access to a communication network over which information made available by third parties is transmitted or temporarily stored, for the sole purpose of making the transmission more efficient; this activity is of a mere technical, automatic and passive nature, which implies that the information society service provider has neither knowledge of nor control over the information which is transmitted or stored.

With a further clarification that the exemption from liability doesn’t hold “when the recipient of the service is acting under the authority or the control of the provider” (art.14, clause 2). This european directive has been transposed to the italian laws, regarding hosting and the verdict of the appeal court, with art.16 of the implementing legislative decree n.70 of 9.4.2003, which blindly repeats the content.

In conclusion, a case-by-case exam of the content of the service is needed to verify whether there is a civil liability of the Provider for the diffusion of illegal content; such exam requires a control on the service to determine if it is “merely technical, automated and passive” and, therefore, without a “controlling” capability of any other capability that could acknowledge the nature of the content being stored or transmitted, and to determine whether the aforementioned premises for a Provider’s exemption from liabilities are present.
Otherwise, as ruled in the case examined by the appeal court, “the provider cannot invoke at its own vantage that condition of neutrality and merely technical supports which reflects in a liability exemption ex art. 14 of the aforementioned CE directive and of art.16 of the related implementing decree.”

About the Author

Veronica Morlacchi

Laureata a pieni voti in giurisprudenza, è Avvocato Cassazionista, iscritta all’Albo degli Avvocati di Busto Arsizio dal 2004 e all’Albo degli Avvocati abilitati al Patrocinio davanti alla Corte di Cassazione e alle altre Giurisdizioni superiori. Si occupa principalmente, nell’interesse di Privati, Professionisti, Aziende ed Enti pubblici, di diritto civile, in particolare responsabilità civile e risarcimento danni, diritto delle nuove tecnologie e privacy, contratti, persone e famiglia. Ha conseguito un master in Responsabilità civile e un corso di perfezionamento in Tecniche di redazione dei contratti e, da ultimo, si è perfezionata in Data Protection e Data Governance all'Università degli Studi di Milano e in Strategie avanzate di applicazione del GDPR. Pubblica periodici aggiornamenti e articoli nelle materie di cui si occupa sul suo sito www.studioavvmorlacchi.it e da giugno 2016 collabora con Guru Advisor

banner eng

fb icon evo twitter icon evo

Word of the Day

In the field of Information Technology, the term piggybacking refers to situations where an unauthorized third party gains access to...

>

The acronym GDPR indicates the new General Data Protection Regulation, which will come into force on 25 May 2018. This...

>

The acronym DPO (Data Protection Officer) indicates the person or persons who, within the company context, are responsible for the...

>

InfiniBand is an input / output architecture for the transmission of data between high performance systems composed of CPUs, processors...

>

A Zero Day Exploit describes a situation in which specific and unknown vulnerabilities are disclosed to the public simultaneously with...

>
Read also the others...

Download of the Day

Netcat

Netcat is a command line tool that can be used in both Linux and Windows environments, capable of...

>

Fiddler

Fiddler is a proxy server that can run locally to allow application debugging and control of data in...

>

Adapter Watch

Adapter Watch is a tool that shows a complete and detailed report about network cards. Download it here.

>

DNS DataView

DNS DataView is a graphical-interface software to perform DNS lookup queries from your PC using system-defined DNS, or...

>

SolarWinds Traceroute NG

SolarWinds Traceroute NG is a command line tool to perform advanced traceroute in Windows environment, compared to the...

>
All Download...

Issues Archive

  • GURU advisor: issue 18 - April 2018

    GURU advisor: issue 18 - April 2018

  • GURU advisor: issue 17 - January 2018

    GURU advisor: issue 17 - January 2018

  • GURU advisor: issue 16 - october 2017

    GURU advisor: issue 16 - october 2017

  • GURU advisor: issue 15 - July 2017

    GURU advisor: issue 15 - July 2017

  • GURU advisor: issue 14 - May 2017

    GURU advisor: issue 14 - May 2017

  • GURU advisor: issue 13 - March 2017

    GURU advisor: issue 13 - March 2017

  • GURU advisor: issue 12 -  January 2017

    GURU advisor: issue 12 - January 2017

  • GURU advisor: issue 11 -  October 2016

    GURU advisor: issue 11 - October 2016

  • 1
  • 2
  • 3
  • BYOD: your devices for your firm

    The quick evolution of informatics and technologies, together with the crisis that mined financial mines, has brought to a tendency inversion: users that prefer to work with their own devices as they’re often more advanced and modern than those the companies would provide. Read More
  • A switch for datacenters: Quanta LB4M

    You don’t always have to invest thousands of euros to build an enterprise-level networking: here’s our test of the Quanta LB4M switch Read More
  • Mobile World Congress in Barcelona

    GURU advisor will be at the Mobile World Congress in Barcelona from February 22nd to 25th 2016!

    MWC is one of the biggest conventions about the worldwide mobile market, we'll be present for the whole event and we'll keep you posted with news and previews from the congress.

    Read More
  • 1