When are content-sharing and file-hosting platforms liable for infringing content uploaded by their users?
Published on 1st Oct 2021
CJEU decision brings good news for platforms not deliberately seeking to facilitate copyright infringement
The European Court of Justice (CJEU) has issued its long awaited decision on the extent to which content-sharing and file-hosting platforms are liable for copyright infringing content uploaded by their users (YouTube (C-628/18) and Cyando (C-683/19)). The decision is largely one that is favourable to platforms provided they are not deliberately seeking to facilitate copyright infringement. However, the decision concerns the liability of such platforms prior to the implementation of Article 17 of the Digital Copyright Directive – discussed in an earlier Insight – which seeks to impose greater obligations on platforms if they are to avoid liability for copyright infringements uploaded by their users.
Despite the decision dealing with what is now, or will shortly be, old law (Article 17 was supposed to be implemented by EU member states by 7 June 2021, although several member states have missed this deadline) it is still of importance to platforms and rightsholders because:
- Article 17 is not being implemented in the UK but the previous EU law on these issues continues to form part of UK law. Although this CJEU judgment will not be binding on UK courts, it will be given significant weight given that it draws upon previous CJEU case law that does continue to apply in the UK.
- The decision will continue to apply to platforms that do not fall within Article 17 (perhaps due to their size or because they do not deal with "large amounts" of user generated content) and to any activities that occurred before Article 17 was implemented.
- The CJEU's reasoning also provides some guidance on how Article 17 will be interpreted in future.
The CJEU was asked to decide several questions referred by the German Federal Court of Justice in respect of two cases on copyright infringement. The German court cases involved infringement claims relating to content uploaded by users to YouTube, and content on files stored on Cyando's Uploaded service by users and made available to others by users distributing links to the stored files. The copyright holders in each case claimed that YouTube and Cyando were also liable, in one way or another, for copyright infringement – even though it was the platforms' users who uploaded the infringing content to the platforms.
Although a number of specific and detailed questions were referred to the CJEU, they were effectively the following principal questions:
- Did the platforms make a "communication to the public" of the copyright protected works when they were not aware of the specific infringing content and deleted or blocked the content when they were notified of it.
- Did the hosting "safe harbour" liability exemption under Article 14(1) of the E-commerce Directive apply?
Communication to the public
Although the CJEU left it to the German courts to decide whether the platforms were making a "communication to the public" of the content uploaded by their users, it gave a very clear steer that this was not the case. In particular, the CJEU distinguished its judgment in Stichting Brein, C-610/15 where it found The Pirate Bay platform was making a communication to the public on the basis that an important factor to consider was whether or not the platform was deliberately intervening to make the infringing content available to the public – and that this must go beyond merely making its platform available. In the Cyando decision, the court emphasised that there needs to be an element of deliberateness, or intervening "in full knowledge of the consequences" of doing so, for an operator to be found to commit an infringing act.
The court went on to confirm that such deliberate intervention would include circumstances where the platform operator:
- has "specific knowledge" (rather than merely general knowledge) that infringing content is available on its platform and does not expeditiously delete or block access to it; or
- has general knowledge that users are making infringing content available via the platform and does not put in place appropriate technological measures that can be expected from a reasonably diligent operator in its situation to counter credibly and effectively copyright infringements on that platform; or
- participates in selecting the infringing content; or
- provides tools on its platform specifically intended for the illegal sharing of infringing content; or
- knowingly promotes illegal sharing of infringing content – this would be demonstrated by the fact that that operator has adopted a financial model that encourages users to illegally communicate protected content to the public via the platform.
The requirement that, in order to avoid liability for communicating to the public, a platform needs to put in place "appropriate technological measures" once it has general knowledge that users are making infringing content available on its platform, has echoes of the similar requirement in Article 17(4)(b) of the Digital Copyright Directive. It therefore seems that even prior to the implementation of Article 17 platforms were under an obligation to put in place certain technical measures to combat copyright infringements that went beyond simply operating a notice-and-takedown policy.
The language used by the CJEU to prescribe the measures that a platform needs to put in place seems to impose a lighter burden on platforms – the CJEU talks about "appropriate technological measures" and a "reasonably diligent operator" whereas the obligation under Article 17(4)(b) is to make "in accordance with high industry standards of professional diligence, best efforts to ensure the unavailability of specific works and other subject matter for which the rightholders have provided the service providers with the relevant and necessary information" (emphasis added). However, the requirements on platforms under Article 17 are subject to the principle of proportionality and it may well be that the wording used by the CJEU in this judgment reflects its view on the proportionate obligations that can be placed on platforms.
When does the hosting safe-harbour exemption apply?
Article 14(1) of the E-commerce Directive provides that, where an "information society service" consists of storing information by a user, the service operator is not liable for the information stored by the user on the service, provided that: (1) the service operator does not have actual knowledge of illegal activity/information (and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or information is apparent); or (2) the operator, on obtaining such knowledge or awareness, acts expeditiously to remove or disable access to the information. This is known as a safe harbour provision, because it provides a safe harbour from liability for infringing acts to "information society service" providers.
The CJEU made it clear that any platform which was found to be making a communication to the public would not fall within the Article 14(1) exemption. However, whether platforms fall within this exemption or not would still be of critical importance to ensure they were not liable under national law provisions regarding accessory liability and the like.
The CJEU held that a content-sharing platform operator's activity will fall within the hosting safe-harbour, provided that the operator does not play an active role of such a kind as to give it knowledge of or control over the content uploaded to its platform. The court noted that neither YouTube nor Cyando create, select, view or monitor content uploaded to their platforms and that automatically indexing content and the provision of search and recommendation functions were not sufficient for platforms to fall outside the hosting safe-harbour. In addition, the court said that implementing technological measures aimed at detecting infringing content does not mean the operator has knowledge or control over that content. So using technological measures to counter infringement should not prevent an operator from being able to take advantage of the safe harbour provision.
Osborne Clarke comment
The decision is generally good news for content-sharing and file-hosting platforms – provided they are not deliberately seeking to facilitate copyright infringement.
However, even when the new Article 17 of the Digital Copyright Directive does not apply, platform operators are expected to:
- expeditiously delete or block access to infringing content once they do have specific knowledge of the content (in effect a notice-and-takedown procedure which platforms have usually been adopting anyway to ensure they fall within the hosting safe harbour); and
- put in place additional appropriate technological measures to counter infringement once they know that users are making infringing content available on the platform.