The Google Three: Italy's Personal Attack on Intermediary Liability
This week, an Italian magistrate convicted three Google employees for an Internet video that none of them had produced, uploaded, or even seen. The case arose from an Italian video that was uploaded in 2006 to Google Video, which showed a disabled child being bullied by other schoolchildren. An advocacy organization and the boy's father in Milan pushed for a criminal prosecution; a local prosecutor decided to pursue a case against four individual Google employees. In the decision, a defamation charge was dropped, but three of the named executives were found guilty of a charge related to Italy's privacy laws, and each sentenced to a six month suspended sentences.
We may not see the Italian decision stand for long, and cannot imagine a similar case happening in most Western countries. But it represents a growing temptation of courts and lawmakers worldwide: to find excuses to strip away the protection the law grants to Internet intermediaries. It's also an intimation of the very serious consequences to the Net and free speech if those safe harbors are weakened.
Europe has, in theory at least, at the EU level, strong protections for Internet intermediaries in its E-Commerce Directive: Article 14 of that directive provides that hosting providers are not responsible for the content they host, as long as they are not informed of its illegal character, and they act promptly when informed of it. Article 15 clarifies that hosts do not need to monitor hosted content for potentially illegal content.
This judgement guts both these principles. The court dismissed the allegation of criminal defamation but upheld a charge of illegally handling personal data on the basis that a video is personal data, and that under EU data protection law, Google needed prior authority before distributing that personal data.
This interpretation of the law means that Google is co-responsible for the legality of content containing the images of persons -- before anyone has complained about the content. That effectively means to comply with the decision, any intermediary working within Italy must now pre-screen every piece of video with anyone who appears within it, or risk prosecution. As the judgement stands, it also presents such a wide definition of personal data that it might effectively require that all hosts pre-screen all content be it video, text, audio or data.
The unconscionable fact that this prosecution is of individuals, while devastating for those involved, is only part of the problem. The whole Internet relies on the fact that third-parties can carry messages without having to self-police, interfere with those messages or take responsibility for millions of others' communications.
The Net is made of intermediaries, and attacks on the safe harbor protections for those intermediaries is under way across the world. In China, it's called ISP "self-discipline". In the United States, it's rightsholders demanding secondary or even tertiary liability for infringement by users, or loopholes in net neutrality, or attempts to weaken the protections of CDA 230. Italy may choose to unfairly victimize three American executives in this case, but the openness of the entire Internet risks becoming a victim if the safe harbors are compromised elsewhere.