Secondary Liability and Safe Harbors for Internet Service Providers

This is the second in a series of blogs comparing copyright and technology provisions in eight trade agreements: TPP, CPTPP, USMCA, CETA, RCEP, EU-Mercosur FTA, EU-Japan FTA and the China-Korea FTA. The previous post discussed provisions calling for copyright ‘balance’ and addressing the circumvention of technological protection measures. This one looks at the provisions requiring secondary liability for internet service providers (ISPs) and allowing-or-requiring safe harbors from such liability. It draws on our table of the agreements’ texts, available here.

Five of the agreements listed above have these types of provisions. The provisions seek to balance online copyright enforcement and the need for ISPs to operate services that are legitimate, but that their customers may use infringe copyrights. Generally, ISPs may be secondarily liable for the actions of their users, but they escape such liability if they take down infringing material when notified of it. Of course, the details vary from one agreement to the next.

Which texts require secondary liability?

TPP, USMCA, CETA, RCEP and the China-Korea FTA each have provisions on secondary ISP liability. Neither the EU-Japan FTA nor the February 27, 2018 leak of the EU-Mercosur FTA have comparable provisions. After the U.S. left the TPP negotiations, the remaining countries opted to suspend the relevant provisions.

TPP required countries to enact “enforcement procedures that permit effective action by rightholders”. USMCA replicates the language, but adds that the procedures must by “expeditious.”

The China-Korea FTA does not explicitly mention ISP liability, but it does require countries to “take effective measures to curtail repetitive infringement of copyright and related rights on the Internet or other digital networks,” which could lead to secondary ISP liability measures in implementation.

Which texts require limitations to secondary liability

CETA approaches secondary ISP liability differently, leading with an obligation for limitations to ISP liability, rather than the obligation to enforce it. Article X: “Each Party shall provide limitations or exceptions in its law regarding the liability of service providers, when acting as intermediaries, for infringements of copyright or related rights that take place on or through communication networks, in relation to the provision or use of their services.”

RCEP makes one mention of ISP liability in a proposed footnote. Article 9^quinquies2 would require online IP enforcement to “be implemented in a manner that avoids the creation of barriers to legitimate activity, including electronic commerce, and, consistent with that Party’s law, preserves fundamental principles such as freedom of expression, fair process, and privacy”. Japan has proposed a footnote to this, which reads “For instance … adopting or maintaining a regime providing for limitations on the liability of, or on the remedies available against, online service providers”.

Activities or functions covered by safe harbors

TPP and USCA each say that Parties’ safe harbor provisions “shall” apply to “transmitting, routing, or providing connections…caching…storage … referring or linking.” TPP contained a footnote clarifying that ‘hosting’ falls under the heading of ‘storage’ and is therefore covered by the provision.

CETA only explicitly identifies hosting and caching as activities that should must be covered by safe harbors, but it has open-list language that allows for a wider range of activities.  CETA article x says that ISP liability limitations “may also cover other functions, including providing an information location tool, by making reproductions of copyright material in an automated manner, and communicating the reproductions.” [emphasis added]

Systems of notice and counter-notice

TPP and USMCA both say that Parties “shall” set “conditions” for ISPs to be protected by the safe harbors, or else set “circumstances” under which ISPs would not be protected by them. The main condition for the safe harbor is for Parties to have a system allowing rightholders to notify ISPs when their services are storing, hosting, referring or linking to infringing content, and requirements that the ISPs remove infringing content when their receive notice of it.

Both TPP and USMCA bind countries to ensure that that safe harbor eligibility is based on a requirement for ISPs “to expeditiously remove or disable access to material residing on their networks or systems upon obtaining actual knowledge of the copyright infringement or becoming aware of facts or circumstances from which the infringement is apparent, such as through receiving a notice[fn] of alleged infringement.”

USMCA requires a system of counter notices in which Parties “shall establish appropriate procedures in its law or in regulations for effective … counter-notices by those whose material is removed or disabled through mistake or misidentification.” ISPs that receive counter notices are to restore the content by default. TPP does not require a counter notice system, but says that if such a system exists in a country’s law then the restoration of content by default will apply.  USMCA also has three conditions for safe harbor eligibility that TPP lacks: ISPs must terminate accounts of repeat offenders, must not interfere with standard technical measures, and must not receive a “financial benefit directly attributable to the infringing activity…”

Both TPP and USMCA require Parties to make monetary remedies available for persons harmed by “knowing material misrepresentation” in a notice or counter-notice. Also, both TPP and USMCA say that Parties cannot require ISPs to monitor users in order to qualify for the safe harbor.

CETA is much less specific, saying that Parties “may” establish conditions for ISPs to be eligible for Safe Harbors, and that they “may” set up a system of notice and counter-notice.