Data Protection

This chapter examines the liability of internet intermediaries for contraventions of the data protection regime. Data protection duties, like those upholding rights of privacy and confidentiality, can impose significant burdens upon internet intermediaries. This is because much of the information in which these services deal will contain ‘personal data’, and in some cases sensitive personal data, while almost all of the activities undertaken by them will involve some form of ‘processing’ of those data.

Introduction

Internet intermediaries are essential features of modern commerce, social and political life, and the dissemination of ideas. Some act as conduits through which our transmissions pass; others are custodians of our personal data and gatekeepers of the world’s knowledge. They supply the infrastructure and tools which make electronic communications possible. These services encompass a vast ecosystem of different entities: internet service providers, website operators, hosts, data centres, social networks, media platforms, search engines, app developers, marketplaces, app stores, and others—many of which are household names.

A Taxonomy of Internet Intermediaries

Overview. This chapter introduces the concept of an internet intermediary and situates their activities within the layered, modular network architecture of the internet. The services considered in this work take many forms, ranging from operators of network equipment to administrators of bulletin boards. Not all providers of internet services are properly described as ‘intermediaries’ as such, and are not necessarily to be treated comparably. Services may consist of different activities or contribute in different ways to wrongdoing. Some entities supply many distinct services which vary in their complexity, control, mental state, and degree of passivity. This makes it crucial to describe these activities accurately and with precision. As Arnold J has explained in the context of blocking injunctions, when considering questions of intermediary liability ‘it is important to consider the nature of the infringing act and its relationship with the service in question’.

Trade Marks and Passing Off

This chapter examines the secondary liability of internet intermediaries for trade mark infringement and passing off occurring online. The internet intrinsically relies upon a functioning system of domain names, keyword-based search tools, and advertising. These arenas present ample opportunities for conflict over protected signs. At one extreme are territorial conflicts between legitimate traders who happen to possess parallel rights in different jurisdictions; at the other extreme lie cases of opportunistic squatting on a rivalrous keyword resource, such as a domain name, for commercial gain, or outright counterfeiting. Within the contested space that lies between, the line between honest and unfair competition is becoming increasingly blurred, as traders seek to exploit rivals’ names in keyword advertising, practise aggressive search engine optimisation, and compete for traffic, reputation, and attention. The zone of accepted commercial practices is fluid and extremely nebulous.

De-Indexing and Freezing Orders

This chapter considers the availability of two new forms of injunctive relief against internet intermediaries. The first is a mandatory injunction, likely to be directed at a search engine operator or other aggregator of information, to remove a reference to tortious or unlawful material. Similar relief is already available for the purpose of erasing or blocking access to personal data in the circumstances considered in chapter 10. Equivalent relief may also be available to remove links to copyright infringing material in the form of service provider injunctions under section 97A. In addition to these statutory remedies, wider de-indexing orders are theoretically within the courts’ jurisdiction for at least the purposes of giving effect to fundamental rights or preventing infringements of intellectual property.

Unlawful Material

This chapter addresses the liability of internet intermediaries for publishing and transmitting ‘unlawful material’. That phrase is used as a broad catch-all to describe information which is considered illegal, whose dissemination is normally prohibited under the criminal law of the United Kingdom, or in which dealings may be unlawful if the prescribed regulatory requirements are not satisfied.

Copyright

Copyright, it is said, is one of the great balancing acts of the law. The rights it confers embody the basic tension between encouraging optimal creation and consumption of works; their boundaries reflect delicate compromises between creators, consumers, disseminators, and many other interest groups. These conflicts are exemplified in the enforcement of copyright against internet intermediaries. Copyright owners assert that almost one-quarter of global internet traffic, 80 per cent of YouTube videos, and 97 per cent of BitTorrent transmissions infringe their copyrights. Although the prevalence of unauthorised content appears to be declining with the growth of legitimate services, digital piracy remains widespread. The services responsible for routing, storing, and processing these data deny responsibility for policing infringements, citing the impracticability of monitoring and their inability to adjudicate claims of infringement, while internet users fear disproportionate interferences with privacy, internet access, and innovation.

Costs

Preceding chapters have examined the range of measures which internet intermediaries may be compelled to implement, whether as a result of a court order, an administrative decision, or pursuant to a statutory scheme or code of conduct. The cost and disruption caused by the implementation of such measures vary considerably with the nature of the measure, what it obliges the service provider to do, the scale of the problem, and the particular characteristics of the implementing party. Individual measures may be relatively inexpensive to adopt in a single case, but their aggregate costs over a large number of such cases—and the resulting administrative, legal, and technical overheads—can be very substantial.

Data Retention and Interception

This chapter considers statutory duties that are owed by internet intermediaries to retain communications metadata for periods beyond their ordinary lifespan, and to disclose those data (and in narrower circumstances, the contents of the communications) for use in criminal investigations. These duties serve a range of public purposes—principally the preservation of national security, law enforcement, and public order. Their justification is said to be a rise in the criminal exploitation of internet and communications technologies, in particular to perpetrate cybercrime and to plan and carry out terrorist activities.

Confidentiality and Privacy

This chapter examines the liability of internet intermediaries for breaches of confidence and invasions of privacy. The scope and content of these duties embody delicate compromises between, on the one hand, the rights to data protection and respect for private life and, on the other, the freedoms to express and receive information. The enforcement of that balance against service providers requires further choices about how far to extend responsibility for infringements of those rights by others, and who should be required to police them. The importance of these rights and policy choices continues to grow in light of recent technological and social changes.