EU to require take-down of online terrorist content within 1 hour

(via telecompaper.com)The European Union is pushing ahead with legislation to require the take-down of terrorist content online within one hour. The European Commission recommended in March that the EU states impose national rules with the one-hour limit and is now proposing EU-wide legislation, after finding that voluntary efforts by the internet industry have not done enough. 

The plans were announced by European Commission president Jean-Claude Juncker in his ‘Sate of the Union’ address to the European Parliament. He said one hour was the “critical window in which the greatest damage is done” by online terrorist content. 

Under the proposal, the one-hour deadline would be legally binding for all hosting providers offering services in the EU, regardless of where they are based. The deadline would apply from the point they receive a removal order from national competent authorities. 

The Commission said the law will include a clear definition of terrorist content, to ensure freedom of speech rights are not impinged. The proposed definition is material that incites or advocates committing terrorist offences, promotes the activities of a terrorist group or provides instruction in techniques for committing terrorist offences. 

Penalties up to 4% of turnover

Failure to adhere to the removal orders or deadlines would result in financial penalties. Each EU state will be required to set its own penalties for not complying with orders to remove online terrorist content. In the event of “systematic failures” to remove such content following removal orders, a service provider could face financial penalties of up to 4 percent of its global turnover for the last business year, the Commission proposed.

If the proposal is approved, online platforms would have a duty of care obligation to ensure they are not misused for the dissemination of terrorist content online. Depending on the risk of terrorist content on their platforms, service providers will also be required to take proactive measures, such as the use of new tools, to better protect their platforms and their users from terrorist abuse. This does not include a general monitoring obligation but would require their policy against terrorist content to be stated in all service terms and conditions.  

The proposal also sets up a framework for strengthened co-operation between hosting service providers, EU states and Europol. Service providers and EU states will be required to designate points of contact reachable 24/7 to facilitate the follow-up to removal orders and referrals. Providers based outside the EU will need to appoint a legal representative to handle their obligations. 

Complaints handling, transparency reports

All service providers will have to put in place complaints mechanisms, so when content has been removed unjustifiably, it can be reinstated as soon as possible. Effective judicial remedies will also be provided by national authorities, so platforms and content providers will have the right to challenge a removal order. For platforms making use of automated detection tools, human oversight and verification should be in place to prevent erroneous removals, the Commission said. 

Transparency and oversight will be guaranteed further by annual transparency reports required from service providers and EU states on how they tackle terrorist content as well as regular reporting on proactive measures taken.

‘Privatising law enforcement’

The industry group EuroISPA was critical of the proposal, saying it equates to privatising law enforcement. The proposal would oblige hosting service providers to proactively decide on the legality of allegedly terrorist content, with “profound implications for fundamental rights and freedoms”, the group said in a statement. The proper role for internet companies is “simply to act swiftly to remove material that an independent authority has determined to be illegal by due process of law”, the association said.

If the proposal were to go ahead, EuroISPA would like to see an exemption for smaller providers, as the one-hour timeframe “is simply not feasible” for them, as they don’t have the resources for a 24/7 response team.  

The CCIA, which represents major internet and IT companies, said the one-hour removal deadline, “coupled with draconian penalties, will incentivise hosting services to take down all reported content, thereby chilling freedom of expression online”. They called for less focus on “arbitrary timeframes” and more on cooperation within the industry.

The EuroISPAindustry group also pointed to a possible conflict on mandatory data retention, which has been struck down in previous court cases. The new rules could require providers to hold on to the material taken down, so it can be used as evidence in eventual criminal investigations and prosecution. The EU states would be allowed to request the information be saved for up to six months.