18 Nov 2020 | IP-Update

The "Cyberbunker", hosting providers and the e-commerce directive

Recently, on October 19, 2020, the criminal proceedings against the operators of the so-called "cyberbunker" started at the Regional Court of Trier (file no. 5 Js 30/15.2a KLs). The defendants are accused of operating a so-called "bulletproof hoster", i.e. offering third parties web hosting services with the promise that the hosted content is anonymous and inaccessible to state authorities. Accordingly, the servers were allegedly used for all kinds of illegal activities, from drug trafficking to murder for hire. The defendants claim that they deliberately did not acquire any knowledge of the contents on the servers and did likewise not receive it. The public prosecutor's office claims to have evidence to the contrary. This means that the operators could be deemed accomplices (by aiding and abetting) to the respective crimes.

What does this have to do with intellectual property?

Art. 14 E-Commerce Directive

At the European level, Art. 14 of the E-Commerce Directive (Directive 2000/31/EC) stipulates that the provider of a service that stores information provided by users is not "responsible" for this information if he has no "actual knowledge" of it (whereby grossly negligent ignorance may suffice with regard to claims for damages).

This provision is implemented in German law in the correspondingly drafted Sec. 10 of the German Telemedia Act. The prevailing view is that "responsible" refers to all areas of law, including criminal law. The German Federal Supreme Court (BGH) has further recognized that criminal law standards must be interpreted in conformity with EU directives (BGH, NJW 2014, 2595, para. 25).  Sec. 27 of the German Criminal Code, which regulates the criminal liability of aiding and abetting, must therefore be interpreted within the scope of the E-Commerce Directive in such a way that the so-called "double intent to assist" (intent with respect to the offence and intent with respect to aiding and abetting) can only be assumed in the case of "actual knowledge" within the meaning of Article 14, which does not necessarily mean the same as "dolus eventualis" of German legal doctrine, i.e. the so called approving acceptance which is usually sufficient to constitute intent to assist in the legal sense.

The case thus raises overarching questions, namely to what extent hosting providers must take note of their customers' actions in a legal sense. Are you allowed to look the other way? Or not? And if so, how exactly?

These questions affect all hosting providers in a similar way, even though on closer inspection they may be answered (slightly) differently depending on the area of law.

Who acts in bad faith?

In the joined cases C-682/18 and C-683/18 pending before the ECJ concerning the copyright liability of the video service "YouTube" and the sharehoster "Uploaded", the Advocate General, in his Opinion of 16 July 2020, makes some considerations on how the E-Commerce Directive relates to various copyright directives, but also makes it clear that the E-Commerce Directive can always apply even if an infringing act has already been constituted under another provision (Opinion, para. 138). Contradictions should be avoided by a consistent interpretation of such provisions on the one hand and Art. 14 of the E-Commerce Directive on the other (Opinion, para. 140).

However, "actual knowledge" means in principle actual knowledge in the literal sense (Opinion, para. 179).

Must such actual knowledge of the operators of the “cyberbunker” now be proven by the public prosecutor's office regarding each individual act? If the ECJ follows the Advocate General, it may well be able to breathe a sigh of relief, since this could mean that "actual knowledge" could also be had by anyone who deliberately facilitates or invites unlawful uses (Opinion, para. 191), which might e.g. be the case with models of sharehosters who pay remuneration to those of their users whose files are downloaded particularly frequently (Opinion, footnote 186 in conjunction with para. 131).

However, it is not yet clear whether the criminal courts can assume such bad faith in the legal sense re the "cyberbunker", because – according to the Advocate General – the promise of anonymity should not in itself lead to bad faith (Opinion, footnote 186 in connection with margin no. 129).

The operators’ defense attorneys have already announced that they will take this case up to the BGH. But perhaps the BGH will even (have to) call upon the ECJ. So come back to IP-Update in a few years if you want to know how the case resolved!

What is valid today may be outdated tomorrow - or even the day after tomorrow

The case thus refers to a - depending on the point of view - fundamental "problem", namely that in harmonized EU law, certainty about legal issues can only arise through a judgment of the ECJ, but that it takes many years before a suitable case reaches this court and that its statements on the application of the law often only concern a limited section of a matter relevant to practice.

Will the criminal courts, for example, be able to refrain from a referral to the ECJ in the probably upcoming proceedings against the operators of the sharehoster "share-online" or will the requirements of the ECJ in the "uploaded" proceedings and its other case-law be sufficient for them? One will see, but doubt is in order.

The detailed questions that can arise in such cases are practically unforseeable. For example, the Regional Court of Hamburg recently had to decide in parallel proceedings against the sharehoster "uploaded" whether it would have an effect on its liability if it deletes links reported by right holders, which violate the law, but does not terminate the corresponding customer accounts at the same time, if these are excessively often conspicuous with violations of the law (Regional Court of Hamburg, judgement of 14 July 2020, Az. 310 O 339/18, para. 85 - quoted according to juris). The Regional Court was able to reject a corresponding submission to the ECJ with reference to the lack of a duty of referral for instance courts (para. 88). If an appeal is lodged, the BGH will in the end have to justify why the answer to this question is derived from the already existing ECJ case law. In doing so, it always risks that the German Federal Constitutional Court will see this differently and force it to make a referral.

In this context, it is possible that the fact that in the past there was no referral to the ECJ in questions of sharehoster liability just suspended the relevant questions. One might have thought, for example, that the ground for such liability had been laid out with the decisions "Alone in the Dark" (BGH, GRUR 2013, 370) and "Der Vorleser" (GRUR-RS 2013, 15390). Now, however, the decision of the ECJ in the "Uploaded" case will shatter old certainties.

Complete legal certainty (even if the DSM Directive is not taken into account) will therefore not be achieved in the foreseeable future, neither for rights holders nor platform operators, even though the E-Commerce Directive has now been in place for over 20 years. In the foreseeable future, it will probably be replaced by the Digital Services Act  - and then many questions that had once been answered might be open again.

Author: Lars Eggersdorfer