ISP liability in lieu of website blocking: The German national strategy vs. the EU’s Digital Single Market strategy
By Gabriele Engels, LL.M.
A clear divergence has arisen between the approaches of the EU and Germany with respect to illegal content on the internet. Whereas the EU is tightening its grip on internet service providers (ISPs) with regard to third-party infringements and increasingly laying the onus on them to police themselves, the German legislator seems to be shifting the responsibility back to intellectual property owners to ensure the protection of their rights, at least with regard to access/Wi-Fi providers. This leads to contrasting approaches at a time when attempts are being made to harmonize protection in the Digital Single Market.
EU: Proposal for a directive on copyright in the Digital Single Market
By proposing a new Directive on copyright in the Digital Single Market (COM  593, the “Directive”), the EU Commission has taken a step toward shifting the responsibility for preventing access to infringing materials from rightholders to ISPs. Currently, there is neither an obligation at EU level for ISPs to monitor websites, users, etc., nor are they liable for any content which is transmitted using their services (Article 12-15 E-Commerce Directive 2000/31) as their liability is generally limited as long as they do not play an active role in the third party infringement or do not act upon receiving knowledge of it. Ultimately, this means that right holders have to monitor potential violations themselves. Only upon receiving notice of illegal activity could a duty be imposed on ISPs to remove or disable access to the unlawful content (notice and take-down procedure). The new Directive, however, is intended to extend the liability of ISPs and oblige them to take more proactive measures to prevent the availability of protected content. How extensive these measures would have to be remains unclear as they are not detailed as such, merely described as having to be appropriate and proportionate.
There have been calls for amendments and clarifications from the committees, also against the backdrop of the differences in national practices applied to the liability regime of ISPs engaging in content distribution. The European Parliament Committee on Legal Affairs (JURI) has released a draft report echoing the wording of the E-Commerce Directive and explaining that the obligation must be restricted to ISPs whose activities are more than merely technical, automatic and passive in nature, i.e., not including access providers. Additionally, the Committee on the Internal Market and Consumer Protection (IMCO) stipulates that right holders should be required to provide an ISP with accurately identified content to be blocked. Changes made to this extent would minimize the far-reaching consequences intended by the original text of the Directive and would merely try to convert years of case law and statutory interpretation into written legislation.
The proposal is currently under discussion, with the opinions of various committees still outstanding and a vote in the plenum of the European Parliament not expected before late November.
Judicial background: Website blocking against access providers
Not only through its legislation is the EU moving toward tightening the obligations of ISPs, but also in its jurisprudence. The Court of Justice of the European Union (CJEU) expanded and specified its understanding of what constitutes the responsibilities of ISPs.
Accordingly, it held in the L’Oréal/Ebay case (C-324/09) that national courts must have the possibility to order an ISP to take measures aimed not only at bringing to an end infringements already committed, but also preventing further similar infringements. These injunctions must be effective, proportionate and dissuasive and must not create barriers for legitimate trade. Thus, simply taking down the content might not be enough.
Yet it requires no general monitoring, and national courts may not impose an obligation to use specific (filtering) technologies as a general preventive measure. Nevertheless, European law does not conflict with an obligation imposed by national courts to prevent further infringements arising from a specific third party infringement (C-360/10 SABAM) and in particular with a blocking injunction prohibiting access to a website containing unlawful content – even when that injunction does not specify the measures to be taken (C-70/10 Scarlet Extended; C-314/12 UPC Telekabel Wien).
In Germany, the Federal Supreme Court (Bundesgerichtshof, BGH) developed the concept of Störerhaftung (liability for duty of care) outside the E-Commerce Directive, which nevertheless meets its liability privilege for ISPs and CJEU case law. The BGH accordingly sees an obligation of an ISP to take appropriate measures that are technically and commercially reasonable to prevent similar infringements in the future (such as keyword filters and manual [re]checks, etc.). Moreover, right holders can proceed as ultima ratio and secondary against access providers and request the blocking of websites (I ZR 3/14 3dl.am; I ZR 174/14 Goldesel). Yet this applies only after the rightholder has made all reasonable efforts to take action against the content provider that initially committed the infringement and/or the host provider that has contributed to it by providing its services.
The CJEU strengthened the position of right holders with its recent Pirate Bay case (C-610/15). By ruling that the services “making available and management of an online sharing platform” provided by Pirate Bay fall within the scope of the InfoSoc (Copyright) Directive 2001/29, the CJEU set the course for the responsibility of this ISP.
Member States are to ensure that authors have the exclusive right to grant or deny authorization of any communication of their works to the public (Article 3  InfoSoc). In turn, either unlawful content can be removed or access to a website/IP address can be blocked by the ISP. The latter was requested by the applicant to be imposed as a protective measure on Pirate Bay as the access provider.
Though not explicitly addressed by the CJEU, by determining that such ISPs are liable for copyright infringement for communicating unlawful material to the public, the CJEU has opened the door for Member States to impose blocking obligations on such providers to (generally) hinder access to websites with illegal content.
Germany: Website blocking in lieu of ISP liability
The Telemedia Act (Telemediengesetz, TMG) is the implementation of the
E-Commerce Directive into German law. Amendments to it recently entered into force, drastically limiting the liability of ISPs, meaning that right holders no longer have a claim to injunctive relief against access providers. Neither may they claim assertion and enforcement costs (Section 8  sentence 2 TMG). These remedies were initially derived from the Störerhaftung concept established by the BGH. With just one sentence, the German legislator has essentially abolished this carefully developed legal institution concerning access-provider liability, which has proven to be effective for years. It has been replaced with a seemingly hastily drafted alternative in order to provide legal certainty to Wi-Fi operators. In effect, it will encompass all access providers, but not host providers. In lieu of withdrawing their claim for injunctive relief, rightholders are given a claim for website blocking, but only against Wi-Fi operators (Section 7  TMG).
Access providers will welcome these changes: No injunctive relief means no contractual fines where the order to cease and desist is ignored, and no obligation to bear the right holders’ out-of-court costs. Additionally, and contrary to the established national and EU case law, only Wi-Fi providers will be obliged to block websites; begging the question why other access providers are privileged.
Yet by abolishing costs, the German legislator has followed the CJEU’s approach in the McFadden case (C-484/14) concerning open-access Wi-Fi operators. By stipulating that such providers may not be legally required to provide injunctive relief or set up password protection (Section 8  TMG), however, it has gone distinctly against the McFadden ruling, which decreed that password requirements are an admissible legal obligation to impose.
The only remedy provided, i.e. the blocking of a website by Wi-Fi providers, may only be ordered if reasonable and proportionate and as a last resort. This goes along with the BGH Goldesel decision. However, in comparison with injunctive relief, this is a drastic reduction in access provider liability as non-compliance will have far less extensive consequences.
It remains to be seen how German courts will interpret, enforce and resolve these changes to the Telemedia Act (TMG), the recent developments in EU case law and the apparent clash of the two approaches. The well-established liability regime seems to be shaken, though it might not result in excluding all access providers from possible blocking injunctions (except for Wi-Fi operators) – in addition to abrogating claims for injunctive relief.
If the Directive is passed as proposed, access providers in Germany will be faced with the obscure situation of being required, under EU law, to take more proactive steps to police their services for infringements and barely suffer any consequences should they not abide by this rule at the national level. This calls for a resetting of the TMG. Barring access to intellectual property-rights infringements online is increasingly more arduous for right holders in Germany, obliging them to bear the potential costs of a rightful claim while stripping them of the future protection provided by an injunction.