Brussels, 12 September 2018- Less than one week after the transposition of the Directive on Combatting Terrorism, the European Commission has published its proposal on “preventing the dissemination of terrorist content online”. EuroISPA strongly criticises the steps towards the further privatisation of law enforcement, as the proposal would oblige hosting service providers to proactively decide on the legality of allegedly terrorist content, with profound implications for fundamental rights and freedoms. Malcolm Hutty, Intermediary Liability Chair, stated: "Handing off responsibility for detecting terrorist content to internet intermediaries is passing off one of the State's most fundamental responsibilities. Internet companies can neither identify terrorist content reliably, nor act as guarantors for freedom speech. Only competent public authorities have the ability to protect both our safety and our freedoms. The proper role for Internet companies is simply to act swiftly to remove material that an independent authority has determined to be illegal by due process of law".
With this proposal the Commission mandates a large part of the Internet value chain to proactively decide on the legality and nature of content online, following a risk assessment of their service. Such requirements, combined with vaguely defined duty of care obligations are deeply worrying, raising issues of transparency, legal clarity, accountability and certainty. As a result, fundamental freedoms of expression as well as of sharing and receiving information are endangered.
The proposal’s provision for a one-hour timeframe poses risks to due process and legal clarity. This timeframe, combined with sanctions, is simply not feasible for SMEs, who do not have the resources to provide a 24/7 service. Therefore, an SME exemption should be included, in order not to disadvantage SMEs vis-à-vis larger platforms.
The included data retention obligation, running contrary to existing case-law, is equally concerning. The vast range of data covered by the scope of the Regulation will ultimately endanger European users’ privacy. Moreover, the possibility for competent authorities to renew the data retention obligations an unlimited number of times might prove extremely burdensome for SMEs.
While technological progress and service providers’ efforts have led to a higher rate of removal of terrorist content in recent months, filtering only constitutes a quick fix. It does not solve the root issues of dealing with the perpetrators or providing justice to victims.
Dedicated Single Points of Contact (SPOCs) and referral units, such as Europol’s Internet Referral Unit, work closely in collaboration with Internet Service Providers (ISPs). These existing procedures have dramatically accelerated the removal of terrorist content online. However, EuroISPA expresses its concerns over the tendency in privatising law enforcement activities, placing this responsibility in the hands of ISPs. EuroISPA calls for careful consideration of this proposal, to strive towards greater legal clarity, transparency and accountability in line with legal safeguards. Due consideration should be given to already existing voluntary processes, and the close cooperation between industry and law enforcement. This voluntary approach has proven thus far to be efficient and effective in tackling terrorist content online.