Intermediary Liability in Civil Law
Written by
Equipe IRIS-BH (See all posts from this author)
2 de June de 2016
Bruno Tavares e Francisco Rogério
A provider is the natural or legal person responsible for offering services related to the Internet and its functioning. Law no. 12.965/14 (Civil Rights Framework for the Internet) distinguishes access providers f application providers. However, the doctrine uses more rigorous distinctions, important to characterize more precisely the civil liability, the extension of legal damages, as well as the relation between the victim and the providers involved.
Internet providers
The provider is the natural or legal person responsible for offering services related to the Internet and its functioning. There are various kinds of providers, but these can be classified two types: application providers and access providers.
Application providers
Application providers allow access to software, apps and files such as e-mail, hosting, chats, music, etc. These providers enable content on the Internet.
Access providers
Access providers are responsible for the access to the Internet, ensuring its technical functioning, composing the “framing” or the “invisible part” of the Internet. As their function is restrained to the connection and transmission of information, they usually end up acting as the intermediate between the client/user and the contracted service operator.
Technological advancement, along with the Internet, increasingly facilitates the propagation of information. However, the copy and distribution of copyrighted material just as easy. Besides, through digital means, crimes and conducts such as slander, defamation, injury, hate speech, terrorism, child pornography, prostitution, human trafficking, invasion of privacy, amongst others receive a new action field, raising questions about the true extension of providers’ liability over such conducts or contents.
Liability by omission
All following providers, with the exception of the backbone provider, can be liable for omission. Omission happens when the provider, after being notified of a user practicing illegal activities through its service, does nothing in order to remove that content or prevent that activity.
This notification v, depending on the case and the kind of provider involved, ranging from user flagging to warrants sent by judges. The latter usually happens in situations in which the illegal activity practiced by the user is certain.
The exception for backbone providers is due to the nature of its function, which doesn’t regard specific users, only server activity. Therefore, measures against backbone providers would affect various consumers that didn’t practice any illegal activity.
Providers and their many websites are responsible for the everyday transmission of news and information. Just like television (and other communication means, such as radio and newspapers), the Internet can be defined, according to the jurisprudence, as a mean of information and disclosure, and in light of its propagation and diffusion scope, it is subject to Law no. 5250/67 (Press Law). In its article 12, the Law specifies that means of communication abusing freedom of speech will be responsible for the loss they eventually cause.
Because of that, it’s very important to have a precise definition of providers, as it is to have clear rules regarding their respective liabilities. Otherwise, we’d face an old problem from before the Civil Rights Framework, with providers removing more content than necessary in order to avoid being liable for the content users would post through their services. That limits freedom of speech, a principle protected not only by the framework, but also by the Federal Constitution.
Provider types
Backbone provider
The backbone provider, also known as the “body” or “spine” of the Internet, is the one responsible for the massive transmission of data between various connectivity points. This provider grants the infrastructure so access providers can connect individual Internet users.
As its function is that of a simple information transmitter, it can’t delete any content, nor oversee the information traveling through its equipment, only being capable of informing which providers used its structures in given dates.
Knowing the function of the backbone provider, it’s easy to understand that it can’t be liable for the content transmitted by users or companies which utilize its services, considering that, just like telephony services, its function is limited to creating the necessary environment as to transmit information between connectivity points.
Due to the great content volume, it’s difficult to properly supervise such data. However, in case the final user is affected by service flaws caused by the backbone provider to the service providers, the backbone provider will be liable for the damage caused based on the article 931 of the Civil Code, considering the relation between backbone and service providers is not considered consumerist, due to the lack of a direct contract nexus between the user and the backbone provider.
Access provider
The access provider is the legal person able to offer connection access to its users. The access provider, in connecting with the backbone provider through a line, resells this connectivity to other smaller providers, institutions, and users, acting as a sort of retailer of Internet connection.
The access provider can be commercial or gratuitous, having the user as the final receiver of the service, and consequently being subjected to the Consumer Defense Code. These contracts are usually accession contracts. It’s not uncommon for access providers to, besides offering the connection, also offer its services of e-mail, chat, news and etc.
It’s up to the access provider to ensure a stable, safe and continuous connection for the client. Thus, it will be liable in case of connection failures, drop in speed and transient or permanent connection impossibility for certain websites, from services to free Internet access.
Such liability is objective, or in other words, it doesn’t depend on bad faith, according to the articles 14 and 20 of the Consumer Defense Code. Even if an eventual connection problem suffered by a user had its origin in the backbone provider used by the access provider, the liability belongs to the latter. In this case, if the liable company considers itself impaired, it’s up to this company to recourse legally against the backbone provider.
E-mail provider
The e-mail provider allows the user to send, receive and store electronic messages through a computing system and an access key. The provider is capable of defining the user’s storage limit, as well as offering antivirus, filters, message blockers and automatic safety copies.
The service can be chargeable or for free. Firmed contracts are usually accession ones, having as a final service receiver the user, therefore these providers are also subject to the Consumer Defense Code.
The e-mail provider, like the correspondence service, has the duty to maintain the secrecy of the messages, allowing only the receiver to have access them through a system of individual accounts and passwords. It’s also equally responsible for the print, recording for further use, resending and privacy. E-mail is treated similarly to conventional mail, also being sheltered by the article 5, item XIII of the Federal Constitution regarding its secrecy.
As the e-mail provider possesses a user registry in order for the users to access its service, the provider should answer for any damage caused by a potential unauthorized user data leak, considering such thing has proper evidence.
At last, as the e-mail provider doesn’t have editing powers regarding the content of electronic messages, there is no liability for the provider over the messages’ content. Similarly, in the case of spam, in which users receive excessive and frustrating ad messages, the damages should be compensated by the company or person that sent such messages.
Hosting provider
The hosting provider offers file storage in a certain server (using space of a given hard drive in remote access), as well as the possibility to access such files, according to previously agreed conditions by the content provider, which is capable of defining which persons can or cannot access the files.
These providers can also offer other services such as domain registry, safety backups for the stored websites, server and equipment attorning, security systems, amongst others.
Basically, the hosting provider is capable of offering the user space to divulge information and content in two ways: storage and access possibility. Accordingly, the provider is liable for the service’s maintenance, be it paid for or gratuitous, as well as for the proper functioning and connection of the user’s website and its public.
The content provider is the final user, leaving to the hosting provider the liability for the eventual damage caused by failures in access and connection. As the hosting provider is a service caterer, it’s subject to the Consumer Defense Code with users that firm contract with it. However, it has no liability over the content of information, except in cases of omission, as previously mentioned.
Content provider
The content provider, both in legal doctrine and in cyber literature, is commonly used as a synonym for information provider. Though they are closely related, it’s important to distinguish them, because depending on the case, the content provider might or might not be the information provider.
The content provider is responsible for providing information created by information providers, such as sites and blogs. The information provider, on the other hand, is the very author of that content which will be provided by the content provider.
In their majority, content providers possess creative and editing tools over information they intend to disclose, deciding the content to be presented before allowing their users to access it.
They can also decide who is going to have permission to access such information, whether providing a free of charge service to everyone or charging for it through a membership.
The mere access to a website is not enough to characterize a consumer relation and doesn’t qualify the content provider as a caterer and the user, which is free to roam through various content providers in search of a given information, as a consumer. However, if the content is paid for, there is a consumer relation.
At times, both situations occur in certain content provider websites in which a part of the information is for free and another part is paid for. In this case, the access to gratuitous content is not characterized as a consumer relation, while paid content does characterize it.
Content and information providers answer differently, depending on the existence of a previous editorial control over the provided content. If such control exists, the provider is liable for it as soon as it’s available for access. The existence of “moderators” is not enough to consider the provider liable, considering the control they exert comes after the content is posted, not before it.
If there is no previous editing control, as in the case of Facebook, and the provider, even after being notified by the victim, doesn’t remove a given content, such provider can be liable for omission following legal analysis. If content providers are responsible for providing product sales ads on your web site (known as pages of “virtual auction”, but it would be more authentical to call them “e-market”, because there’s no auction activity), the provider will have responsibility for the damage caused to third parties.
As the content provider served as a mediator between the company and the user, and earns part of the profit (by charging ads, commission, advertisements or other paid services to help mediate between the customer and the company), the provider, based on the article 942 of the Brazilian Civil Code, will assume the business risks. Thus, he assumes responsibility with the company, because he has offered the customer a false advertising or untrustworthy company in its virtual storefront.
Finally, in situations where the provider obtains profit due to criminal activity directly related to the conduct of its members, it shall be bound by the article 932, V, of the Brazilian Civil Code. He will have to answer for damage repair, even without fault (read article 933 of the Code) to the extent of the gains made.
About the authors
Bruno de Pinheiro Tavares has a degree in Law by Universidade da Amazônia (UNAMA). Is a member of the Grupo de Estudos Internacionais em Internet, Inovação e Propriedade Intelectual (GNeT-UFMG) and is interested in Public International Law, Economic Law, Cyberlaw, Internet Governance and Intellectual Property.
[dt_gap height=”5″ /]
Francisco Rogério Moreira Campos is an undergraduate student at Universidade Federal de Minas Gerais and a member of the Grupo de Estudos Internacionais em Internet, Inovação e Propriedade Intelectual (GNet-UFMG). Is interested in: International Public Law, International Humanitarian Law, Constitutional Criminal Law and Cyber-Criminal Law.