Thursday, August 14, 2014

World Intermediary Liability Map - Ireland Entry

I have contributed the Irish entry to the new World Intermediary Liability Map (WILMap) at Stanford Law School Center for Internet and Society (CIS).

The WILMap educates the public about evolving Internet regulation affecting freedom of expression and user rights worldwide. It is managed by Giancarlo Frosio, the Intermediary Liability Fellow at CIS.
The map is a detailed English-language resource comprised of case law, statutes, and proposed laws related to intermediary liability worldwide. It allows visitors to the CIS website to select information on any country of interest through a graphical user interface.

The full entry on Ireland which I contributed is Creative Commons licensed and is available here.

An edited version appears below:



[A report by an expert committee on reform of copyright law, including a draft Bill. Includes proposals concerning intermediaries, e.g.  (1) that a “marshalling” exception be introduced for sites which index, syndicate, aggregate or curate online content and (2) that certain sections of the Copyright and Related Rights Act 2000 concerning transient and incidental copies be amended to come more closely into line with the CJEU’s approach to interpretation of the Information Society Directive.] 
[The Privacy Bill was published by the previous Government in 2006 but has not been enacted.  In 2012, the Minister for Justice stated that he was considering re-introducing a version of this Bill.]  



Supreme Court, EMI v Data Protection Commissioner [2013] IESC 34 
[copyright, privacy, data protection, graduated response]
[A settlement had been reached between record companies and a large ISP, Eircom, instituting a Graduated Response Protocol under which Eircom would issue copyright infringement notices to customers.  The Data Protection Commissioner believed that this Protocol breached EU and Irish data protection law and issued an enforcement notice requiring Eircom to cease its operation of the Protocol. The Supreme Court found that the enforcement notice was invalid because of the absence of reasons.]


High Court, Schrems v Data Protection Commissioner [2014] IEHC 310 
[privacy, data protection, Facebook, transfers of personal data to USA]
[(1) The Data Protection Act 1988 as amended prohibits transfers of personal data outside the state unless adequate privacy protections are in place.  In 2000, the European Commission had decided that the USA ensured an adequate level of privacy protection for data.  A Safe Harbour framework had been put in place between Europe and the USA regarding transfers of personal data.
(2) In light of the Snowden revelations, Mr Schrems, an Austrian lawyer who runs the “Europe v Facebook” group, made a complaint to the Data Protection Commissioner arguing that the Commissioner should direct that transfers of personal data from Facebook Ireland to Facebook in the USA should cease.  Facebook Ireland is responsible for millions of Facebook users outside the USA and Canada.
(3) The Commissioner decided that the request was unsustainable in law.  Mr Schrems sought Judicial Review of the Commissioner’s decision.  
(4) In the High Court, Hogan J. said that much had changed since 2000, including for example the entry into force of the EU Charter of Fundamental Rights.  As a result, he referred questions of EU law to the Court of Justice of the EU (CJEU).  He also noted that mass and indiscriminate surveillance of communications as shown by the Snowden revelations would, as a matter of Irish law, be unconstitutional, but that Irish law on this matter had effectively been pre-empted by EU law.]  
High Court, Schrems v Data Protection Commissioner (No.2) [2014] IEHC 351
[privacy, data protection, Facebook, transfers of personal data to USA, amicus curiae]
[The High Court ordered that Digital Rights Ireland (DRI) be added as amicus curiae in the proceedings, which will now proceed to the CJEU.  DRI had stated that it would not adopt a position of partisanship. Hogan J. distinguished this case from the case of EMI v UPC [2013] IEHC 204, where DRI was not added as amicus curiae. The court also noted DRI’s successful case before the CJEU – Case 293-12, Digital Rights Ireland v Minister for Communications ECLI:EU:C:2014:238. The court did not permit DRI as amicus to alter the nature of the questions which it had already proposed should be transmitted to the CJEU.] 
High Court, Cummins v Twitter, February 2014 
[defamation, libel, hosting provider, Twitter]
[The High Court ordered that Twitter remove defamatory posts concerning the mayor of Waterford.  The order was made under s.33 of the Defamation Act 2009.]  
High Court, EMI v UPC [2013] IEHC 274
[copyright, access provider, ISP, torrent, ThePirateBay, blocking order]
[Record companies successfully applied for an order against various ISPs blocking access to the Pirate Bay website, based on the amended s.40 of the Copyright and Related Rights Act 2000. Later in 2013, the record companies successfully applied to the High Court for Kickass Torrents to be blocked.]
High Court, EMI v UPC [2013] IEHC 204
[copyright, access provider, ISP, torrent, ThePirateBay, blocking order, amicus curiae]
[Record companies had instituted proceedings seeking an order against various ISPs blocking access to the Pirate Bay website.  Digital Rights Ireland (DRI) applied to be added as an amicus curiae.  The Court refused to add DRI to the case.  Considering Irish cases on criteria for joining an amicus curiae, the court found that this case did not involve novel principles and DRI was not a neutral party.]  
High Court, Tansey v Gill [2012] IEHC 42
[defamation, hosting provider, preliminary injunction, interlocutory order]
[The plaintiff claimed he had been defamed on the website  He successfully sought interlocutory orders under s.33 of the Defamation Act 2009 against certain defendants prohibiting publication of the defamatory statements.  The court noted that, since the arrival of the internet, judicial hesitation in granting interlocutory orders of this type should be eased. One of the defendants was the host of the website, Dotster, located in the USA.  Dotster had not made an appearance in the case and the court made a final order in default of appearance.]   
High Court, McKeogh v Doe [2012] IEHC 95 
[defamation, privacy, right to good name, video removal, Norwich Pharmacal orders.]
[The plaintiff had wrongly been identified as the taxi fare evader shown in a video posted on various websites.  The judgment primarily concerns the issue of whether the plaintiff could be named on newspaper websites reporting the court case and the court ordered that he could be named.  The court noted that it had earlier granted interim orders that social media sites such as YouTube and Google should remove the video and provide the identities of web users who had defamed the plaintiff.  The orders regarding identities of web users were granted applying the UK tort case of Norwich Pharmacal v Customs & Excise [1973] UKHL 6. According to media reports, there have been further developments in this case in 2013 and 2014.] 
High Court, EMI v UPC [2010] IEHC 377 
[copyright, access provider, mere conduit, ThePirateBay, E-Commerce Directive]
[Record companies sought orders (1) restraining UPC, an ISP, from making available to the public copies of sound recordings which breach copyright and (2) requiring UPC to block access to the Pirate Bay site. The court found that s.40(4) of the Copyright and Related Rights Act 2000 only covered “removal” of infringing material and therefore an injunction could not be granted.  Charleton J. also reconsidered his previous decision in EMI v Eircom [2009] IEHC 411 (see below), in which he granted an order requiring an ISP to block access to the Pirate Bay, and stated that his previous decision in that case had been incorrect. Following this case, s.40 of the 2000 Act was amended by Statutory Instrument in 2012 (see above).] 
[privacy, data protection, data retention, access providers, ISP, telephony providers, Directive 2006/24/EC, referral, ECJ, invalidity]
[This litigation concerned the validity of the data retention requirements imposed on ISPs and telephony providers. This case led to a decision by the CJEU (Grand Chamber) that the Data Retention Directive (Directive 2006/24/EC) was invalid, Case 293-12, Digital Rights Ireland v Minister for Communications ECLI:EU:C:2014:238.]
High Court, EMI v Eircom [2010] IEHC 108  
[copyright, data protection, graduated response]
[Record companies had reached a settlement with a large ISP (Eircom) instituting a graduated response system.  Charleton J. held that the settlement did not breach data protection laws as IP addresses in the hands of the record companies which do not identify subscribers are not “personal data”. He said that copyright is flagrantly violated by music theft and the sanction of terminating access is not excessive. Eircom’s terms and conditions stated that copyright must not be infringed and subscribers have agreed to these terms.]
High Court:  Irish Red Cross v UPC and Google (Unreported, 2010) [see news coverage here and here]
[confidentiality, breach, privacy, disclosure, alleged infringer, hosting provider, blog, liability of blog host]
[According to website reports, it appears that the High Court ordered that UPC and Google reveal the name of an anonymous blogger who allegedly breached confidentiality on the Blogger website.  Originally Google Ireland was named as defendant but the court permitted Google Inc to be substituted.] 
High Court, EMI v Eircom [2009] IEHC 411
[copyright, access provider, ISP, torrent, ThePirateBay, website blocking order, graduated response]
[Record companies had reached a settlement with a large ISP (Eircom) instituting a graduated response system. The court ordered, on application by the record companies, that Eircom should block access to the Pirate Bay website. The court based its decision on s.40(4) of the Copyright and Related Rights Act 2000 and the Information Society Directive 2001.]  
High Court, Mulvaney v Sporting Exchange trading as Betfair [2009] IEHC 133 
[defamation, libel, hosting provider, gambling, chatroom, forum, E-Commerce Directive, hosting defence]
[Betfair was a gambling site which also operated internet forums (chatrooms) where users could discuss sports events and other issues. The plaintiffs alleged defamation by forum users. As a preliminary issue, Betfair successfully relied on the hosting defence in the E-Commerce Directive as implemented by the 2003 Regulations. The court found that the gambling exception to the Directive and Regulations did not apply as the forums were not directly connected to the gambling part of the site.] 
High Court, Ryanair v Johnston, 2005/514P, July 12, 2006 
[bullying, intimidation, privacy, hosting provider, bulletin board, website operator, moderator, members, liability, disclosure, identities, alleged infringers, Norwich Pharmacal order]
[This was an action against the operators and moderator of an internet site and bulletin board set up to facilitate discussions by Ryanair pilots.  Ryanair alleged that bullying and intimidation of pilots was taking place on the site and sought ‘Norwich Pharmacal’ orders to disclose the identities of certain users of the bulletin board. On reviewing the evidence, Smyth J. found that there was no evidence of bullying or intimidation or that Ryanair had suffered loss. He distinguished this case from EMI v Eircom, 2005 (see below) and the English case of Totalise v Motley Fool [2001] EWCA Civ 1897.  He also stated that a balance needed to be struck between justice and privacy.]   
High Court, EMI v Eircom [2005] IEHC 233 
[copyright, privacy, confidentiality, access provider, disclosure, identities, alleged infringers, Norwich Pharmacal order]
[Record companies requested Eircom, a large ISP, to provide identities of 17 customers who were allegedly infringing copyright. The High Court ordered that customers’ identities should be passed to the ISP, based on the UK tort case of Norwich Pharmacal v Customs & Excise [1973] UKHL 6. The court also relied on the Canadian case of BMG Canada v Doe 2004 FC 488.] 


A Guide to the European Communities (Directive 2000/31/EC) Regulations 2003,
Data Protection Commissioner,
Data Protection Commissioner, Final report of Audit of Facebook Ireland (2011) and Facebook Ireland Audit Review Report (2012), 
Digital Rights Ireland,
Information Technology Law in Ireland – Denis Kelleher and Karen Murray,
Information Technology Law in Ireland – TJ McIntyre Blog,
Internet Content Governance Advisiory Group, Report of the Internet Content Governance Advisory Group (2014),
Internet Hotline,  
Joint Committee on Transport and Communications, Addressing the Growth of Social Media and Tackling Cyberbullying (2013),
Office for Internet Safety,


Darius Whelan
Lecturer in Law, University College Cork