Rules for liability of the administrator of a website for unlawful content posted by users


Liability for content published on the internet infringing for example personal interests, industrial property rights or copyright may be imposed not only on the author of the content, but also on the administrator of the site where it was published.

The possibility of demanding that the administrator of a website take down infringing content is crucial from a practical point of view. Often it is the only real chance to seek protection of one’s rights. Typically, given the large number of persons posting unlawful content and the inability to identify the authors (as many posts are published under pseudonyms), attempting to enforce one’s rights against the persons posting the content would be impossible or irrational. Meanwhile, making a demand to the administrator of the site allows the person whose rights have been infringed to block the content. If the administrator does not block access to the infringing content, it may be held liable under the Electronic Services Act of 18 July 2002.

The administrator of a website may be released from such liability by promptly preventing access to infringing content after being notified of the content. These rules may seem clear, but the devil is in the details.

Who may be held liable

First it must be determined who is the administrator, in order to learn who is affected by this rule. An administrator (also known as a “web host”) is the entity providing a web hosting service, i.e. providing space for data posted by third-party users to be stored in the memory of servers and providing access to the posted data.

The concept of an administrator is broadly defined. Significantly, to be an administrator it is not necessary to be the owner of the IT system that technically enables publication of the content. Administrators include, for example:

  • Owners of social media sites
  • Owners of sites allowing users to publish content, including owners of sites that are newspapers or journals
  • Organisers of online forums
  • Commercial platforms where users post announcements or auctions.

Such entities are administrators of content published by third parties.

Source and form of information about infringing content

The Electronic Services Act provides that the source of information about infringing content may be an official notice or a reliable report. While the first notion does not present special difficulty in interpretation, it is not so easy to determine what is a “reliable report.”

A report is a notice submitted to the administrator. The determination of whether the report is reliable must be objective. Essentially this means determining whether a reasonable person would regard the report as trustworthy. For this reason as well, for the report to be reliable, it must be substantiated that the circumstances actually occurred. Suppose that we demand that a website take down a post describing an event that did not occur (such as a theft), in which we are presented as persons taking part in commission of a crime. Then we must cite objectively persuasive circumstances showing that the event did not occur. The mere assertion that it was not the case is insufficient, as the administrator has no duty to investigate. The point is that the report must present information making the unlawfulness of the content obvious.

Significantly, the act does not limit the entities who may be the source of such a report. Thus it need not be the person whose rights have been infringed. Essentially it may be anyone, including an employee of the website administrator.

Nor is the form in which a reliable report must be made limited. It could be a letter, an email, or a contact form used by the site administrator. In one case the administrator of a site alleged that the requirement for the form in which it had to receive notice of the infringement was not met. The administrator deemed that the clock started ticking on the period it had to take down the infringing content only when the person reporting the infringement had complied with a certain form for the report. The defendant in that case was the Polish social media site nasza-klasa.pl. According to the terms and conditions for the site, abuses had to be reported via the site’s contact form. But the plaintiff was not a user of the site, and didn’t even use a computer. The plaintiff demanded that nasza-klasa.pl take down a fake account opened by a third party using the plaintiff’s details. The account was used to publish and distribute messages to the plaintiff’s friends offensive to the plaintiff, his wife, and his friends. Nasza-klasa.pl was notified of the situation by the plaintiff’s wife and a friend of the plaintiff by email, by traditional post, and finally using the site’s contact form. The issue in the case was to determine when the site administrator learned of the infringement. The fake account was taken down, but only 39 days after the initial report by post, and 20 days after notification via the contact form. The defendant claimed that it obtained a reliable report of the infringement only upon receipt of the complaint via the contact form, and only knew of the infringement from that moment. But the courts of both instances held that even if the terms and conditions of the site administrator limited the form in which a violation should be reported, that was irrelevant, because an earlier report which the administrator should have been aware of also counted, and the administrator’s awareness was not limited to reports submitted via the contact form (Wrocław Court of Appeal judgment of 15 January 2010, case no. I ACa 1202/09).

Monitoring and filtering of content

The Electronic Services Act provides that administrators of data stored on servers are not required to verify the data.

Instructive in this context is the judgment of the Supreme Court of Poland in the case of an article about politician Roman Giertych posted on the tabloid website fakt.pl which attracted numerous defamatory comments (judgment of 30 September 2016, case no. I CSK 598/15). The website sued in the case claimed that it learned of the content of the posts only when it received a copy of the statement of claim in the lawsuit. It was found in the proceeding that the defendant filtered comments published on the site, using an automated system flagging vulgarities (although this system could be faulty due to misspelling of the offensive words), and also manually by its own employees. In this case, the Supreme Court found that the site administrator’s knowledge of the comments defaming Giertych arose from earlier reports to the administrator connected with operation of the site and its awareness that offensive comments could appear under content such as the article in question, which was a magnet for offensive comments. By accepting this and not taking appropriate actions, even though it employed staff for this purpose and knew that its filtering system was not entirely effective, the administrator bore liability for infringement of the plaintiff’s personal interests. The court recognised the administrator of fakt.pl as the moderator of the site, i.e. it had a real influence over the content published there. In such a situation, according to this judgment, the administrator must prove that it did not know of the infringing content. But in practice, evidence to show this may not exist.

The responsibility of sites that do not moderate content works differently, as they are not subject to a duty to filter and track content in real time (as held for example in the judgment cited above by the Wrocław Court of Appeal).

Another equally notorious and interesting case was the litigation against the site chomikuj.pl (Kraków Regional Court judgment of 27 May 2015, case no. IX GC 791/12, and Kraków Court of Appeal judgment of 18 September 2017, case no. I ACa 1494/15). This site provides its users IT infrastructure enabling them to share files and charges users a fee for downloading files. Users whose files enjoy a lot of interest receive a fee from the site. The Polish Filmmakers Association (SFP) and the distributors of three Polish films submitted to the site a demand to block access by third parties to files containing these films, which had been uploaded to the site. But the defendant, chomikuj.pl, did not take down all the files. It alleged that some of the notices it received indicated only the titles of the films to be taken down, and did not identify the specific files (i.e. the addresses allowing them to be located on the site). The platform explained that if it complied with the demand from SFP and the distributors, it would have to verify the data across the entire site. And that is what the court made it do in the final judgment, ordering it to seek out and block access to all files with these films located on the site. According to the court, chomikuj.pl could not claim the exemption from liability under the Electronic Services Act, because that exemption was available only to an administrator that is neutral in its treatment of stored or accessed data. But the business model of the chomikuj.pl platform showed that it took an active part in administering files uploaded by third parties, for example by encouraging sharing of a greater number of files.

Harsher liability under Copyright Directive

Soon we can anticipate changes in the rules governing the liability of administrators who store on their sites and provide access to copyrighted works uploaded by third parties. Pursuant to Directive (EU) 2019/790 on copyright and related rights in the Digital Single Market (also known as “ACTA 2”), administrators who play an active role in connection with such content will not be able to rely on the exemption from liability under the Electronic Services Act. They will have to obtain licences from the copyright holders. We discussed this more extensively in an article on the EU’s upcoming reform of copyright law.

The member states have until 7 June 2021 to transpose the directive into their national legal systems.

Conclusions

The time when the administrator of a website learns of infringing content and blocks access to the content is crucial for determining the administrator’s liability. The administrator is not liable for infringing content as long as it has no knowledge that the content has been published on its site. It has no general obligation to monitor and filter content posted by third parties. However, this state of knowledge will be evaluated differently in the case of an administrator who moderates content than in the case of an administrator who does not do so.

In the latter case, the mere possibility of learning of the infringement does not give rise to liability.

But in the former case, i.e. for an administrator who moderates posts, the court may conclude that the administrator had knowledge of infringing content based on an earlier takedown notice. An administrator who moderates content should carefully consider the procedure and method for documenting content where it has intervened. Otherwise, in court the administrator may find itself unable to prove that it had no knowledge of the infringing posts.

If the administrator already knows of such content, it is required to promptly block access to the content. The administrator’s liability is determined by the state of its knowledge of the unlawfulness of the content. The source of knowledge may be anyone, and the report can take any form. In this respect, a quick reaction by the administrator is hugely important, and thus it is vital from the administrator’s perspective to implement failsafe mechanisms allowing it to take the necessary steps in a reasonable time.

It should also be borne in mind that not every administrator can take advantage of the exemption from liability under the Electronic Services Act. According to the courts, the ability to claim this exemption may be determined by the administrator’s business model, that is, the role played by the administrator in storing and accessing content.

Ewa Górnisiewicz-Kaczor, adwokat, Intellectual Property practice, Wardyński & Partners