By Dan Cooper and Colin Warriner

On 10 October 2013, the European Court of Human Rights (ECHR) ruled that finding the owners of an online news portal liable for offensive comments posted by its users did not violate their right to freedom of expression.  Reactions to the ruling (which may still be appealed to the Grand Chamber of the Court) have largely focused on the fact that the ECHR cited the anonymity of the commentators as a factor in its decision; many headlines have sounded the death knell for online anonymity.  However, the impact of the decision might not be so drastic.  

Delfi AS owns one of Estonia’s largest news websites.  In January 2006, it published an article about changes to a ferry company’s route that attracted many offensive and threatening comments about the ferry owner from users of the site.  The ferry owner successfully sued Delfi for defamation, and the Estonian court awarded it 5,000 kroons (€320).  The Estonian Supreme Court dismissed Delfi’s appeal in 2009, so Delfi went to the ECHR to complain that being held liable for its readers’ comments violated its freedom of expression under Article 10 of the European Convention on Human Rights.

In rejecting Delfi’s appeal, the ECHR noted that Article 10 allows states to interfere with freedom of expression to a proportionate extent in order to protect a person’s reputation.  Among other factors, it pointed to the anonymity of the commentators, and the difficulty the ferry company would have had in suing the comments’ specific authors.  With wording that no doubt concerned many website operators, the Court held that Delfi had “assumed a certain responsibility” by allowing comments by non-registered users. 

One might argue, therefore, that allowing anonymous comments has become a riskier proposition.  However, there are several reasons why that risk might be overstated  ̶  at least in the UK.

The ECHR ruling is not a powerful precedent

There are many different facts on which a future case could be distinguished from this one.  While the Court identified anonymity as a factor, it also took into account other elements of the case that would make it even harder to apply more widely, including: the nature of the article being commented on; the general reputation of comments on that site; Delfi’s commercial interest in allowing comments; the degree of control Delfi had over comments once they had been posted; and the small size of the penalty imposed. 

This was not a ruling on European law

The ECHR specifically pointed out that it was taking no stance on the Estonian court’s interpretation of domestic legislation.  Each EU Member State has implemented the EU Directive on e-Commerce (2000/31), Article 14 of which includes an exception for “hosting” when a company providing an information storage service (i.e., hosting comments under its articles), does not have knowledge of the unlawful activity or information (i.e., a defamatory statement), and upon being made aware of it acts expeditiously to remove or prevent access to the information.  The Estonian Supreme Court rejected Delfi’s attempted use of that provision, but the ECHR only considered whether the particular Estonian law under which Delfi was liable was an unlawful interference with Delfi’s rights of free expression.  The question of whether a company is liable for statements made by commentators will still be a question of interpreting the EU Directive, which the ECHR’s decision does not affect.

English courts have been unwilling to impose such liability

The UK transposed the EU Directive into its national law with the e-Commerce Regulations 2002. Regulation 19 contains the “hosting” provision mentioned above.  In past cases with similar facts, English courts have examined whether companies that do more than offer storage (i.e., publish articles and editorial content as well) can benefit from the exception, and have found that they can.  The practice of websites monitoring comments (anonymous or otherwise) and swiftly removing defamatory ones when they are brought to their attention has so far been sufficient to help most companies avoid liability.  It is possible that if Delfi had brought its case in the UK, it might not have made it as far as the ECHR. 

This ECHR ruling does not suggest such an interpretation of the EU Directive is incorrect.  It implies that if a company were to be found liable, that liability might (in similar circumstances) be a lawful interference with its freedom of expression. However, it will still be up to the national laws of a country to decide if a company is liable in the first place, and the European Court of Justice remains an alternative avenue for appeal. 

Some may still find the fact of the ECHR decision is a reason to exercise caution regarding anonymous comments, particularly smaller companies afraid of incurring legal costs.  In the UK there is an unknown and potentially complicating factor in section 5 of the new Defamation Act 2013.  That gives website operators a defense against liability for users’ comments, but not if the users are unidentifiable.  However, Regulation 19 remains on the statute books, and the well-developed regime of “notice and takedown” should continue to protect companies that choose to host anonymous comments.  With any restrictions likely to be easily evaded through pseudonyms and other measures, rumors of the death of online anonymity have been greatly exaggerated.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Dan Cooper Dan Cooper

Daniel Cooper is co-chair of Covington’s Data Privacy and Cyber Security Practice, and advises clients on information technology regulatory and policy issues, particularly data protection, consumer protection, AI, and data security matters. He has over 20 years of experience in the field, representing…

Daniel Cooper is co-chair of Covington’s Data Privacy and Cyber Security Practice, and advises clients on information technology regulatory and policy issues, particularly data protection, consumer protection, AI, and data security matters. He has over 20 years of experience in the field, representing clients in regulatory proceedings before privacy authorities in Europe and counseling them on their global compliance and government affairs strategies. Dan regularly lectures on the topic, and was instrumental in drafting the privacy standards applied in professional sport.

According to Chambers UK, his “level of expertise is second to none, but it’s also equally paired with a keen understanding of our business and direction.” It was noted that “he is very good at calibrating and helping to gauge risk.”

Dan is qualified to practice law in the United States, the United Kingdom, Ireland and Belgium. He has also been appointed to the advisory and expert boards of privacy NGOs and agencies, such as the IAPP’s European Advisory Board, Privacy International and the European security agency, ENISA.