CG v Facebook Ireland and Joseph McCloskey delivered on 20/02/2015 by the High Court of Justice in Northern Ireland has not always been warmly welcome… in particular by those concerned about the roles and responsibilities of Internet intermediaries in relation to distribution and access to information.

Oh Well… Strangely, the CG v Facebook litigation seems reminiscent of pre-2012 French cases trying to make sense of Article 6 of the French Statute n° 2004-575 on confidence in the digital economy [described at length here].

You might remember from Alison’s earlier post that a certain individual (anonymised as CG) had been convicted of a number of sex offences and subsequently released on licence. He then brought an action against Facebook and the operator of a contentious profile/page entitled “Keeping our Kids Safe from Predators” on the grounds of, in particular, [as the list is long and includes e.g. Article 2 and 3 of the European Convention of Human Rights] misuse of private information, harassment, negligence and breach of the Data Protection Act 1998.

Assessing Facebook’s behaviour in relation to availability of the profile/page at issue, the Court had regard to Regulation 22 of the Electronic Commerce (EC Directive) Regulations 2002. The judge, Stephens J., stated that:

1. “I do not accept the contention on behalf of the first defendant [Facebook] that there is any requirement to give notice in any particular manner or from any particular person”.
2. “[T]he first defendant [Facebook] in this case has considerable resources at its disposal and does not require to have spelled out to it on each occasion with inappropriate precision the particular laws of the UK which are in issue and which are being contravened”.

As a reminder, Regulation 22 provides that:

“In determining whether a service provider has actual knowledge for the purposes of regulations 18(b)(v) and 19(a)(i), a court shall take into account all matters which appear to it in the particular circumstances to be relevant and, among other things, shall have regard to—

(a) whether a service provider has received a notice through a means of contact made available in accordance with regulation 6(1)(c), and

(b) the extent to which any notice includes—

(i) the full name and address of the sender of the notice;

(ii) details of the location of the information in question; and

(iii) details of the unlawful nature of the activity or information in question”.

The expression “all matters” is what matters here, so to speak! Just like the French legislator, the UK legislator had refused in 2002 to adopt a solution of automatic take-down upon reception of a compliant notification (i.e. following the model of the US Digital Millennium Copyright Act of 1998, (DCMA)). Such a solution had, indeed, been criticised by advocates of free speech as giving too much weight to the interests of copyright holders.

In CG v Facebook, the plaintiff’s solicitors had written to Facebook both at its corporate address in Dublin and via its solicitors asking for the removal of the contentious profile/page and had enclosed a copy of the profile/page. Facebook replied by asking the plaintiff to use the online tool for complaint and to identify the exact URLs to be removed. (As regards the second series of postings on the contentious profile/webpage, the main URL had been identified in a subsequent letter by the plaintiff).

In finding for the plaintiff, the Court found that Facebook had actual knowledge pursuant to Regulation 22, despite the non-inclusion of an exhaustive list of URLs and other insufficiency of details in relation to the potential causes of action claimed (within the letters sent to Facebook).

Such a determination is not completely at odds with the spirit of the US notice-and-take-down procedure set forth by the US legislator for dealing with online copyright infringement (and online copyright infringement only). Indeed, under the DMCA – in the absence of notification – online hosting providers can still lose their immunities, in particular when the infringement is manifest, i.e. when the material amounts to a ‘red flag’ and they do not react. [But obviously copyright infringement is not the same thing as misuse of private information or breach of data protection law, although the EU legislator does not seem to be concerned with such a distinction given the “horizontality” of the e-commerce Directive]

Coming back to CG v Facebook, the contentious webpage could be seen as constituting just such a red flag, especially once its existence was highlighted in the first letter sent to Facebook. To quote Stephens J., at [51], “it was apparent to anyone looking at the post and the comments that CG had been named, that he was a convicted sex offender, that the area in which he lived had been identified, that a picture had been posted of him on the internet, that it was expressly suggested that the photo be used to identify him and that it was being expressly suggested that he should be physically harmed”.

Moreover, Stephens J. added, another way in which Facebook acquired actual knowledge of unlawful activity was by virtue of the previous ‘XY litigation’, which concerned the same contentious profile/webpage eventually enriched and moved to a different URL [XY had been granted an interim injunction requiring Facebook to remove, by 10am on 3rd December 2012, from its site facebook.com the page entitled “Keeping Our Kids Safe From Predators” having the URL http://www.facebook.com/pages/keeping-our-kids-safe-from predators/341148705971600]. At [95] Stephens J. opined that, “By looking at the postings, with the knowledge of the XY litigation the first defendant would have been aware of facts or circumstances from which it would have been apparent to it that the activity or information was plainly unlawful being misuse of private information and harassment of the plaintiff”.

In this sense, therefore, Facebook, as the hosting provider, was not really being asked to act as a judge and decide whether the content at stake was indeed unlawful.

In addition, if one looks at the term of the injunction itself – described as a “mandatory injunction requiring the first defendant to terminate the profile/page “Keeping our Kids Safe from Predators 2” – it would seem that what Stephens J. was asking Facebook was to make sure that the same content did not re-appear at another page location, i.e. to ensure that the webpage did stay down.

Is such an order problematic in the light of Article 15 of the e-commerce Directive prohibiting the imposition of a general obligation to monitor one’s system or network on intermediary providers? Given the way Article 15 has been interpreted essentially in the framework of disputes concerning copyright and trade mark infringement, not necessarily so. As long as such an obligation is prescribed through the means of an injunction (i.e. a judicial order which has assessed the behaviour at stake and characterised it as unlawful) strictly speaking the obligation is a “mere” obligation of “monitoring and enforcement” but not of “standard-setting”. [For an explanation as to what monitoring could entail within the meaning of Article 15 see here]. Once again, Facebook was not being asked to act as a judge and to decide whether the content at stake was unlawful.

Do these considerations render CG v Facebook more acceptable? It depends on its costs of implementation one might say…or on the degree of intrusiveness of the monitoring practices one might venture….

In any case this decision confirms, as argued elsewhere, that the true originality of the e-commerce Directive lies in the distinction it draws between monetary compensation and injunction! [It is thus an over-simplification to say that the e-commerce Directive is a transplant of the DMCA at least in the field of copyright law!]

Sophie Stalla-Bourdillon