IT&C Newsflash on current legal developments
In the run-up to the new election of the Bundestag, today several legislative proposals of relevance for IT law have been passed. Not all were given sufficient time for the required discussions and balanced reflections – a clear indication that the election campaign is about to commence.
1. Revision of the protection of confidentiality – Outsourcing
Adopting the amendments proposed by the legal committee, the Bundestag has resolved upon the draft bill to revise the protection of confidentiality with respect to third parties involved in the professional activities of persons bound to secrecy. Formerly, professionals bound to secrecy pursuant to Sec. 203 StGB (German Criminal Code) and under their respective rules of professional conduct, like physicians, lawyers, tax consultants, auditors and similar independent professions, and also private health-, life- and accident insurances have been subject to restrictions with respect to retaining the services of third parties (in particular IT service providers) if such third parties could potentially gain knowledge of or access to confidential information. Previously, the only legally feasible solution was to obtain respective consent, whereas contractual agreements could not provide legal certainty.
The amendment of Sec. 203 German Criminal Code introduces the term “contributing party” for third parties that contribute to professional or official activities and have been bound to secrecy. Some rules of professional conduct further specify this, including the requirement of careful selection and respective written agreements. As a consequence of the contributing party’s confidentiality obligation, such party may itself become the perpetrator of a criminal act pursuant to Sec. 203 German Criminal Code if it discloses the secrets confided to it without authorisation. Based on the consultation within the legal committee, such protective effect was implemented respectively in the provisions of the StPO (Code of Criminal Procedure, Secs. 53a, 97).
This legislative proposal clearly is an improvement, since it puts and end to a situation where existing legal provisions had long ceased to reflect a reality in which the ever-growing necessity for and prevalence of IT services has rendered the involvement of third parties indispensable. There are, however, several issues that still remain open, in particular with respect to the requirements of selection and documentation, and regarding the question of how third-country scenarios are to be handled (since, following the logic, criminal liability would also have to be extended to contributing parties abroad).
2. Improvement of law enforcement in social networks
Adopting the amendments proposed by the legal committee, the Bundestag has resolved upon the draft bill for a law to improve the enforcement of legal provisions in social networks. The object of this law is to effectively prosecute and prevent the posting of illegal content in social networks. At the hearing, however, the majority of legal experts regarded the bill drafted by the Federal Ministry of Justice as unconstitutional. Therefore, it can be assumed with great certainty that the law will quickly be attacked and probably not be upheld in its current version.
The law applies to providers of social networks with more than two million registered users in Germany. It obliges the respective providers to introduce effective complaint procedures with respect to illegal content (being defined with a controversial list of criminal offences under the German Criminal Code, which themselves are, in part, not clearly defined). “Obviously illegal” content has to be removed within 24 hours after receipt of the respective complaint, other content within 7 days. An exception to such 7-day period applies if the decision on the unlawfulness of the content is dependent on facts and circumstances that still have to be investigated or if the case is forwarded to a self-regulating body who will then make a binding decision. In addition, providers have to publish half-yearly reports about their complaint mechanisms and recently received complaints on their homepage and in the Federal Gazette. Finally, providers have to name and clearly indicate on their platforms authorised recipients in Germany as persons of contact for civil law proceedings and inquiries by law enforcement authorities. Potential fines in case of infringements range from EUR 500,000 to EUR 5,000,000. The law is supplemented by an amendment of Sec. 14 Telemedia Act, pursuant to which (similar to Sec. 101 German Copyright Act), by decree of a district court, information on the master data, i.e. the identity of a user posting illegal content, may be requested for the enforcement of civil law claims vis-à-vis the offender.
Whereas legal experts agree that the appointment of an authorised recipient in Germany is required for law enforcement purposes, other issues are highly contested. Main point of criticism is the threat to the freedom of expression if providers, to avoid administrative offences, delete more content than factually required (“overblocking”). Another point of criticism is that the decision on the unlawfulness of content lies with private bodies and not with the courts. In this law, too, some issues relating to third-country scenarios remain unclarified, in particular the question whether only German users or claimants shall have recourse to this law or whether it is to apply globally.
3. Liability in connection with public WiFis
The Bundestag has resolved upon the draft bill for an amendment of the Telemedia Act (TMG), implementing the amendments as proposed by the legal committee. The objective is to abolish the so-called “secondary liability” for operators of public WIFIs (e.g. free hotspots, guest access in companies), pursuant to which WIFI operators can be held liable for infringements by third parties, in particular copyright infringements, committed via an internet access provided by them. With the same objective, the TMG was already revised in June 2016, but a decision by the European Court of Justice in September 2016 led to legal uncertainties with respect to the liability privilege for operators of public WIFIs.
The law now clarifies that WIFI operators may not be held liable for damage, removal or forbearance with respect to illegal acts committed by third parties. Likewise, the reimbursement of costs incurred in connection with the assertion of such claims is excluded. According to the explanatory memorandum, these are court fees, out-of-court costs and pre-trial cost. This means that in particular warning costs may no longer be charged to WIFI operators. However, there is a basis for claims with respect to usage blockages if intellectual property rights have been violated and no other possibility exists to stop such infringement. In such case, the holder of rights may, as a last resort, assert its claim vis-à-vis the WIFI operator for usage blockage in court; the WIFI operator will then bear the risk of litigation costs, being exempt only from out-of-court and pre-trial costs. Finally, WIFI operators are not obliged to pre-register users, to demand passwords or to permanently discontinue the WIFI service. However, these or similar measures are still feasible on a voluntary basis.
With its more clearly formulated liability regulations, the bill should be suitable to achieve the intended aim of facilitating and simplifying the offering and usage of open nets and of making mobile internet via WIFI available to everyone. The newly introduced right to block usages could, however, could factually undermine the intended liability privileges, in particular due to its rather indeterminate restrictions that might in practice be difficult to monitor.