The Italian Google decision: a local comment

Jeremy Phillips

“Content or hosting provider? Google decision examines data processing law” is the title of an article contributed to International Law Office today by Laura Liguori and Saverio Cavalcanti (Portolano Colella Cavallo Studio Legale). This article summarises the Court of Milan’s conviction, heavily reported in the national press, of three Google executives for violation of Italian data protection provisions following the hosting, on the Google Video website, of a video of a boy with Down’s syndrome being bullied by his classmates.

After explaining the relevant legal provisions and the court’s decision, the authors comment as follows:

“The legal grounds for the decision have been widely criticized as a threat to the freedom of the Internet. However, this view appears to be incorrect: the judge clearly stated that the principle of non-liability for hosting providers is safe and that the law does not make them subject to a general duty to monitor content posted by users, nor to a duty to prevent the posting of defamatory content from users.

Nonetheless, the judge should have offered further clarification of the code’s scope of application. The code applies to processing carried out by controllers that are either established in Italy or established outside the European Union, but using equipment located in Italy. The court regarded Google Italy as the controller of the personal data, but it did so solely on the grounds that the company benefitted commercially from the sponsored content available through the Google Video service. This seems to be a weak justification for regarding Google Italy as the data controller; moreover, it is not arguable on a correct interpretation of the code.

The court stated that as a hosting services provider, Google Italy was not subject to a duty of prior control over the content posted by its users, but was bound to comply with the code in connection with the personal data contained in videos uploaded by third parties. The judge clarified that the data subject’s consent should have been obtained by the video’s creator and that a hosting provider cannot be expected to obtain written consent from the data subject. However, Google Italy – or, more precisely, its executives – had allowed the video to be uploaded without the relevant third party’s consent, as users were given no clear and proper information on the need for such consent. Therefore, the executives were guilty.

This is arguably another weak point in the decision. To what extent should a hosting services provider be expected to inform users that they must obtain consent from the data subjects in their home videos? Does anyone believe that the video would not have been uploaded and that Google’s liability would have been excluded if Google Italy had provided such information?”

Leave a Reply

Your email address will not be published. Required fields are marked *