On March 19, 2019 the Italian Supreme Court of Cassation issued a landmark decision in the field of internet service provider (ISP) liability, reversing the Milan Court of Appeals judgment in the RTI (Reti Televisive Italiane S.p.A., one of the main Italian broadcasters) v. Yahoo! case. The Supreme Court recognized a distinction between active hosting providers, which are subject to the ordinary rules of civil liability, and passive hosting providers, which can benefit from the "safe harbor" defense covered by Article 16 of the E-commerce decree (Italian Legislative Decree no. 70 of 2003) and Article 14 of the E-commerce directive (2000/31/EC). Previously, this distinction was denied by the Milan Court of Appeals, which had instead ruled that all hosting providers can benefit from the "safe harbor" defense if they are just intermediaries and are not aware of the user's uploaded content. The Milan Court of Appeals held that this was valid despite the fact that some providers could be considered "advanced" hosting providers due to their technical capabilities, which were unforeseen when the directive was issued.

This is the first time that the highest Italian court has made a final decision on this debate. Previously, the lower courts were divided. On one side, the Court of Rome denied the safe harbor protection for all hosting providers that benefit financially from the uploading of content, even if uploaded by a third party (see the Break Media, Kewego, Megavideo and Vimeo cases). On the other hand, the Court of Turin (see the DeltaTV/YouTube case) and the Milan Court of appeals focused their attention on the specific activity of the hosting provider, which would become "active" only if it performs any operation on the hosted content, insomuch as it cannot be later deemed unaware of it.

Factual Background

The case arose in 2009 when RTI sued Yahoo! Italia S.r.l. and Yahoo! Inc. (collectively, "Yahoo!"), as providers of the Yahoo! Video service in Italy, requesting that the Court of Milan condemn Yahoo! for copyright infringement for hosting several of RTI's videos that had been uploaded by users onto the Yahoo! Video platform without RTI's consent.

In the first instance, the judge upheld RTI's demands, declaring Yahoo! liable for copyright infringement for hosting RTI's content. However, in 2015, the Milan Court of Appeals reversed the ruling, stating that Yahoo! was merely an intermediary and, as such, could benefit from the safe harbor defense. Most importantly, the Court of Appeals did not recognize any distinction between active and passive hosting providers, determining that it was senseless under EU law. The Milan appellate panel, instead, identified the category of "advanced" hosting providers, which falls within the boundaries of the "safe harbor" defense provided by the E-commerce legislation.

As mentioned above, the Court of Cassation reversed the decision on ISP liability and remanded the Court of Appeals to decide whether the content's URL is required in the ex parte communication to lawfully put the provider "on notice."

The Distinction Between Active and Passive Hosting Providers

Considering the prevailing interpretation of the Court of Justice of the European Union and the new legislative developments at EU level, including the new directive on copyrights, the Court of Cassation recognized a well-settled distinction between active and passive hosting providers. The Court ruled that the active hosting provider is the provider of information society services that carries out an activity beyond a mere technical, automatic and passive service. Indeed, it carries out an active conduct, thus it cooperates with others in the commission of the illicit activity. As such, the active hosting provider cannot benefit from the safe harbor liability regime enshrined in Article 16 of the Decree and its liability shall be ascertained on the basis of the general rules on liability.

To this end, the Court referred to some signs that suggest the hosting provider has an active role (not all of these must be present): (i) filtering, (ii) selection, (iii) indexing, (iv) organization, (v) cataloging, (vi) aggregation, (vii) evaluation, (viii) use, (ix) modification, (x) extraction, or (xi) promotion of content, if made in the context of a business-oriented management of the service.

The techniques for profiling users may also play a role when they are employed to increase user loyalty with the purpose completing and enriching, in a non-passive way, the fruition of content by indeterminate users.

Effects of the Distinction on the Liability Regime

In the context of liability, focusing its analysis on Article 16 of the E-commerce decree, the Court ruled that, in the context of the information society services, the hosting provider is liable pursuant to Article 16 of the E-commerce decree, if it failed to immediately remove the unlawful pieces of content and kept hosting them, if all the following conditions are met:

  1. the provider is aware of the illicit activity committed by the recipient of the service, because it received notice from the right-holder or from third sources;
  2. the unlawfulness of the recipient's conduct is reasonably verifiable with the same degree of diligence that it is reasonable to expect from a professional Internet operator in a certain historical moment, insomuch as the provider is grossly negligent if it fails to ascertain the unlawfulness of the content; and
  3. the provider has the possibility to usefully act, because it was made aware in a sufficiently specific way of the unlawful pieces of content that shall be removed.

In other words, a passive hosting provider's liability is based on two specific elements: (a) the unlawfulness of the content hosted, which in turn derives from the infringement of others' rights by means of a civil or criminal offence, such as a copyright infringement; and (b) the actual knowledge of this unlawfulness, meaning that the hosting provider's liability can exist only if the latter culpably neglects to take down the unlawful information or disable access to its service, thus failing to stop the infringement of third parties' rights. The actual knowledge can derive from any type of communication, not exclusively by means of a cease and desist letter.

As anticipated, the Court of Cassation remanded to the Milan Court of Appeals the decision as to whether the communication shall mandatorily include the URLs of the content concerned or whether other details suffice for the purpose of putting the provider on notice.

To determine the liability of an active hosting provider, the Supreme Court said the judge shall apply the theory of tort law. Under Section 2043 of the Italian Civil Code, illicit conduct may consist of an act or omission that causes damages to another party. In this context, if all the legal requirements are met, the active hosting provider may be considered liable as an active participant in the third party's unlawful conduct. In turn, the active hosting provider is not automatically (i.e. objectively) liable for the content hosted. The court must ascertain the existence of the general elements under tort law and must determine that, at some point, the "active" hosting provider became aware of the unlawful content.

Hosting Provider Obligation to Cooperate with the Authorities

Finally, the Court of Cassation clarified that the purpose of Article 17 of the E-commerce decree (or Article 15 of the E-commerce directive) is to improve cooperation between hosting providers and national judicial/administrative authorities in identifying and preventing unlawful activities. The general principle of Article 17 provides that hosting providers, either active or passive, cannot be deemed liable for failure to preventatively monitor their services. However, they shall promptly inform the authorities when they become aware of potentially unlawful activities relating to their services. Thus, the Court outlined a distinction as to when the content is clearly unlawful or only potentially unlawful. Only in the first case is the hosting provider exempt from liability if it promptly removes the content, while in the second case, the hosting provider's liability is to report it to the authorities and wait for their decision.

***

Is this the final word on the issue? The Court of Cassation's rulings are not binding on lower courts, so it is likely that the debate will continue. Given the different views, in order to protect both the ISP's position, providing clear rules, and the user's freedom, which requires a constant balance of conflicting rights, a final clarifying intervention from the Court of Justice or from the European legislator is not only desirable, but can no longer be postponed.

Corte di Cassazione, I sezione civile, sentenza n. 7708/2019 pubblicata il 19 marzo 2019 (Court of Cassation, First civil division, ruling no. 7708/2019, published March 19, 2019) http://www.cortedicassazione.it/cassazione-resources/resources/cms/documents/7708_03_2019_no-index.pdf

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.