In April 2014, the Brazilian National Congress passed Federal Law number 12.965, known as the Civil Rights Framework for the Internet. This law is praiseworthy both for the means by which it was developed and its effect. That is to say, the legislation i) was the result of numerous public hearings in which civil society was called on to participate actively, ii) endorses democratic principles for full access and use of the Internet in the country, and iii) sets clear parameters for the liability of Internet-service providers. Based on this new legislation, this Chapter sets out to portray the panorama of the liability of Internet-service providers in Brazil today, in comparison with the understanding of Brazilian doctrine and jurisprudence on the matter prior to the enactment of the Civil Rights Framework. It concludes that the Brazilian system seems to have taken an important step in building efficient parameters for the liability of providers, including the need for a legal notification as a formal requirement to hold the provider responsible.
The Brazilian Civil Rights Framework (Law number 12.965, dated 23 April 2014) ‘establishes principles, guarantees, rights and duties related to the use of the Internet in Brazil’. The project arose in 2009 and was approved in the House of Representatives on 25 March 2014 and in the Federal Senate on 23 April 2014, and immediately afterwards approved by President Dilma Rousseff. The legislation deals with themes such as network neutrality, protection of privacy, retention of data, and the social functions that the network must fulfill, in particular ensuring freedom of expression, preventing censorship and transmitting knowledge, in addition to imposing obligations on users and providers with regard to civil liability.
In this aspect, the Brazilian legislation expressly imposes secondary liability on an Internet Service Provider (ISP) for content generated by third parties in cases of non-compliance with a judicial notice requiring the ISP to take down unauthorised, abusive or illicit material. This measure was adopted after taking into account the general criteria for indirect liability in Brazil, as well as the approaches taken in other legal systems that share the same origins as the Brazilian legal system—that is, civil law jurisdictions. It operates on the premise that the provision of internet service should not include any guarantees regarding the content generated by third parties and that strict liability for damage resulting from such provision of services therefore could not be seen as a normal risk of doing business as an ISP.
Nonetheless, the legislation does not ignore the damage that can result from the provision of Internet services. It also effectively makes ISPs responsible for the conduct of third parties in defined circumstances, as set out below.
In that sense, the Civil Rights Framework appears to be a law intended to establish procedures for the protection of Internet users in Brazil. According to Marcelo Thompson, the Civil Rights Framework ‘inspires many of the fundamentals that it acknowledges for the Internet in Brazil, and is especially innovative in its use of a vast platform of collective deliberation to draw up its final text. Above all as regards its aspirations to guarantee what is understood as the rights of Brazilian citizens, it can be said that Civil Rights Framework is a fundamental charter, indeed a real Constitution for the Internet in Brazil’ (Thompson 2012, 205).
This Chapter examines four of the elements of the Civil Rights Framework, namely, articles 18, 19, 20 and 21, and considers how those provisions affect the secondary liability of ISPs in Brazil.
1.2 The concept of the Internet service provider
It is important to identify the situations where the Civil Rights Framework is applicable, or rather, to whom the law is addressed, or even more precisely, who will eventually be called to answer for the damages caused directly or indirectly to users of the Internet. Thus, the first issue to be addressed in this chapter is the meaning of the term ‘ISP’.
As Marcelo Leonardi sees it, ‘the provider of Internet services is the genus of which all the other categories (backbone provider, Internet access provider, e-mail provider, hosting provider and content provider) are species. The Internet-services provider is the individual or corporate person who provides services related to the functioning of, or through, the Internet. The confusion is common because many of the chief providers of Internet services function as providers of information, content, hosting, access and e-mail’ (Leonardi 2005, 21). Despite this notion of providing Internet services being widely accepted by doctrine and jurisprudence, the Civil Rights Framework makes no mention of it.
The Civil Rights Framework does contain the notion of a so-called ‘autonomous-system administrator’, to whom certain of its provisions are applicable.[i] Such a person is defined as ‘a physical or corporate person that administers specific Internet Protocol (IP) address blocks and the respective autonomous routing system, duly registered in the national body responsible for the registration and distribution of IP addresses geographically pertinent to the country’ (article 5, IV).
Article 5 also does refer to two other more technically appropriate concepts, which perhaps are of greater relevance: (i) the concept of connection to the Internet, involving the setting-up of a terminal for sending and receiving packages of data over the Internet by means of attributing or authenticating an IP address (article 5, V); and (ii) the concept of Internet applications, being the set of functionalities that can be accessed by means of a terminal connected to the Internet (article 5, VII). The first concept has to do with the activity of providing a connection, the second with that of providing applications (content, search, hosting and email, for instance). That is to say, the rules of the Civil Rights Framework highlighted below apply (with some variation) in situations of civil liability for those whom the law calls access providers and application providers. The former is addressed in Article 18, while the latter is governed by Article 19.
1.3 Article 18: exclusion of liability of access providers for content generated by third parties
Article 18 of the Civil Rights Framework states that ‘the party that provides connection to the Internet [an ‘Internet access provider’] will not be made civilly responsible for damage caused by content generated by third parties’. An Internet access provider is the one who connects to a backbone provider through a good-quality line and supplies connectivity in his area of activity to other (usually smaller) providers, institutions and especially individual users through dedicated or even dialed lines . . . being a retailer of Internet connectivity’ (apud Leonardi 2005, 24).
The access provider allows an individual to have access to the Internet, but this is a service that is merely instrumental; in other words, a service that enables the use of other services that, for instance, offers applications whereby contents can be posted or generated.
One might say, then, that the risk assumed in the business of providing access to the Internet does not include the consequences of control over the contents generated by third parties. The fact that a third party posts improper content on the network does not—a priori and in the abstract—amount to negligent conduct on the part of the party that provides access (culpa in vigilando).
1.4 Article 19: secondary and conditional liability of the application provider
Article 19 of the Civil Rights Framework states that ‘in order to assure freedom of expression and impede censorship, the provider of Internet applications can only be held civilly responsible for damage resulting from content generated by third parties if, following a specific legal notice, the provider fails to take measures, within the scope and technical limitations of the service and the timeframe established [in such a court order], to render unavailable the content identified as infringing, except where otherwise established by legal provisions’.
This article emphasises the right to freedom of expression while mentioning at the same time impeding censorship, these matters being seen as rights to be guaranteed by the law.[ii] Second, this norm derives from a contemporary juridical conception in terms of which the provider of applications should be held responsible only in exceptional circumstances—that is, when the conditions stipulated in article 19 are met.
The legislation undeniably takes a position in favor of free expression of ideas (and against censorship) by guaranteeing that ISPs will not be held responsible for merely including third-party content in their application, even though such content is a posteriori held to be illicit, abusive and an infringement of rights. This means that in the Brazilian legal system those who provide applications are not obliged to check beforehand and prevent content being posted by third parties (which would constitute censorship) because they will not subsequently be held responsible for any damage caused by this content. That is to say, liability for content generated, posted and/or disseminated over the Internet falls first and as a rule on the person who directly engages in the the damaging conduct. This rule, nonetheless, makes a specific exception: providers will be held responsible, jointly with the direct perpetrator, if, after being judicially notified of improper content posted by third parties, they fail to take this down within the timeframe set by the court.
Thus, the following elements must be established for an ISP to be held legally responsible for content generated by a third party: 1) the existence of a request for legal notification made by a person who alleges that his or her rights have been violated; 2) judicial determination, albeit preliminary and provisional, of the potential harmfulness of the conduct of the person who has posted the content; 3) a preliminary decision notifying the application provider indicating the improper content to be taken down and the lapse of time to do so; and 4) non-compliance by the ISP with the judicial order to takedown content.
Only if these four requirements are satisfied can the ISP be held responsible. Even in these cases, it is possible to hold the person who post the improper content on the network directly responsible. This conclusion also leads us to the first major question as regards the application of article 19—that is, whether the ISP’s civil liability is of a secondary nature, or shared with that of the person who directly caused the damage.
1.5 Secondary or joint liability?
Under Brazilian law, secondary liability applies under civil law whenever a person is responsible for damage caused directly by another person, resulting from a prior legal relationship of attribution of liability. Examples include employer-employee and parent-child relationships (art. 932).[iii] The Brazilian legal system protects the victim of damage and allows him/her rapid reparation of the damage caused, by providing for joint rather than secondary liability[iv], in accordance with the general rule provided in article 933 of the Civil Code, which expressly provides for a principle of solidarity.[v]
Not only can the person immediately responsible for the damage, causally speaking—that is, a minor-age child, a protected person, a ward, employee, a servant, etc—be directly sued by the victim for compensation, but so can those indirectly responsible for the damage—that is, the parent, guardian, employer, etc. The legal suit can be brought against either or both parties, since joint tortfeasorship imposes joint and several liability. But where the indirectly liable party is sued, he or she has a right of recourse against the party directly responsible for the damage.
Further, under articles 932 and 933 of the Civil Code, guarantor and guardian liability is no-fault (so-called ‘objective’) liability, meaning he or she is obliged to compensate for the damage regardless of any fault on his part, even in cases where he or she took all reasonable procedures to prevent harm.
But how would this theory of indirect civil liability apply—if at all—in the case of ISPs, in respect of the content generated by a third party? Generally speaking, in order for there to set civil liability on the part of ISPs—regardless of the sort of legal relation established—there has to be damage, an attribution factor (fault or risk) and causality. Indirect or accessory liability imposes liability to compensate for the damage on the party who controls the activity, medium or instrument that caused direct damage to the person. And courts have extended liability to those who profit from infringing activity when an enterprise has the right and ability to prevent the infringement. A common example is when an employer answers for the damage caused directly by the employee since he has the control of the means used by the latter while the work is being carried out. Similarly, the owner of an animal is liable for the damage caused directly by it, since he has control over the animal and is therefore able to prevent it from causing and harm.
From the indirect nature of the provider’s responsibility, one may conclude that his obligation to compensate would be joint with that of the person who is the direct cause of the damage. That is how the Brazilian courts proceeded before the enactment of the Civil Rights Framework. In 2012, the Superior Court of Justice held that ‘when notified that a certain text or image possesses illicit content, the provider must act energetically to take the material down from the air immediately, under penalty of answering jointly with the direct author of the damage, by virtue of the omission practiced’ (Supreme Court of Justice, Special Appeal 1308830/Rio Grande do Sul, Rapporteur Minister Nancy Andrighi, Third Panel, decided on 08/05/2012).[vi]
This approach is advanced by Marcel Leonardi, for whom ‘civil liability for the acts of users and third parties is based on a system that attributes secondary liability to providers in the case of willful misconduct or negligence, when they fail to fulfill their duties (thereby making it impossible to identify the person responsible for the illicit act) or else when they collaborate in the practice or neglect to block access to illegal information after being notified of the existence of same’ (Leonardi 2005, 49-50).
Under the Civil Rights Framework, the ISP will be liable for damage caused by his omission to take down the material following a legal notice requiring it to do so, even when the illicit or abusive content generated is not causally connected to the direct conduct of the ISP. Thus, it seems that the Framework has attempted to place secondary and joint responsibility on the provider for a misdeed committed by a third party. This means that, unlike article 933 of the Civil Code, which establishes objective indirect liability of the guarantor/guardian, the Civil Rights Framework embraces indirect civil liability based on fault—negligent omission to remove infringing content generated by a third party after legal notification—which also entails joint liability of the Internet provider for damage caused directly to the victim by a third party.
1.6 Liability based on the risk of the provider’s activity or on the basis of presumed fault?
ISPs provide the means for third parties to act in a way that causes damage to others. If the ISP can control the means and so prevent any damage, it must assume the responsibility for any damage that ensues. The nature of this responsibility is in principle objective, based on the theory of risk—that is, on the concept that whoever has an instrument available that could potentially infringe upon the rights of others should be responsible for any resulting harm. In other words, those who have greater capacity to prevent damage should assume the responsibility for the consequences. The ISP, however, has a right to reimbursement from the person who directly caused the damage.
The Brazilian system considers as co-existing grounds for civil liability on the part of the service provider contributory acts such as risk control (risk theory) and presumed fault in neglecting to take precautionary measures to lower the risk of infringement. This will depend on the type of control that the Internet-services provider has over the content previously made available, or the legal relationship that exists between provider and third party.
Accordingly, the provider of the connection answers civilly for the damage caused to the user by poor provision or undue interruption of service. Likewise, the provider of content is liable for damage caused to a person for defamatory material published on his site, if he acts as editor of the site, with previous control of the material to be posted.
On the other hand, the Internet service provider is responsible for fault based upon content generated by third parties when the provider is legally notified about the illegal content and and fails to take it down within the appointed timeframe; we refer to this hypothesis herein.
According to the Superior Court of Justice, ‘prior inspection, made by the provider, of the sort of information posted on the web by each and every user is not an activity intrinsic to the service rendered, therefore one cannot consider as defective, in the terms of article 14 of the Consumer Code, a site that does not examine and filter the data and images inserted therein. The moral damage resulting from messages with offensive content inserted in the site by the user does not constitute a risk inherent to the activity of those who provide content, therefore the objective liability provided in article 927, single paragraph, of the CC/02 does not apply to them’ (Special Appeal 1308830/Rio Grande do Sul, Rapporteur Minister Nancy Andrighi, Third Panel, decided on 08/05/2012).
Similarly, the Third Panel of the Supreme Court of Justice has stated that: ‘Compensatory and comminatory claim entered by a professional Formula 1 car-racer who learned of the existence of false ‘profiles’ that used his name and photographs with damaging information, as well as ‘communities’ meant for the sole purpose of attacking his image and private life: the provider was notified extra-judicially to remove the content from the Internet. 2. Refusal of the company providing the Internet services to solve the problem. 3. Polemic with regard to civil responsibility by omission of the Internet provider, who is not objectively liable for the insertion of illicit data on the site by third parties. 4. Impossibility of imposing on the provider the obligation to exercise prior control of the content of information posted on the site by its users, since this would constitute a form of prior censorship, which is not admissible in our legal system. 5. However, on being informed of the existence of illicit data on the ‘site’ under his administration, the provider of Internet services has 24 hours to remove said data under penalty of responding for the damage caused by his omission’ (Supreme Court of Justice, Special Appeal 1337990/Sstice, Sp by his omissions has 24 hoursTarso Sanseverino, Third Panel, decided on 21/08/2014).
Thus, the higher courts have held that where an ISP is unable to foresee or control the risks of the activity, the theory of assumed risk does not provide a basis for the imposition of civil liability for content that is generated by third parties. This is based on the fact that ISPs do not possess the capacity to predict (and consequently prevent) the risks of damage caused by third parties—because there is no prior monitoring or selection of what is posted on the network—and because it is important to protect freedom of expression and avoid private or public censorship.
Erica B. Barbagalo, argues that ‘the provider of hosting services is not responsible for the content of the sites he hosts, since he does not intervene in their content, not having the editorial control of the electronic pages. Nor can the hosting provider be expected to carry out inspection activities: in most cases, the host has no access to the content of the site, which is only allowed to the owner, who can change the content of his pages as often as he wants. Furthermore, there are many pages and sites hosted in each server, which makes it impossible for the hosting provider to inspect the content’ (Barbagalo 2003, 347).
Barbagalo also says that adopting the theory that the ISPs has assumed the risk of infringing content would be a mistake. She argues that ‘the activities carried out by the provider of Internet services are not by nature [risky] activities, they entail no greater risks to the rights of third parties than the risks of any commercial activity. And to interpret the norm as meaning that any damage must be compensated, regardless of the fault element, by the mere fact that an activity is carried out, would definitively burden those who regularly engage in productive activities, and consequently hamper development’ (Barbagalo 2003, 360).
Thus, the basis of the civil liability of ISPs in respect of content generated by third parties is fault, with specific regard to the omission factor and by presumption, when the provider, after being legally notified, fails to take the necessary measures to take down inappropriate material from his network.
1.7 Legal notification as a formal requirement to establish responsibility of the Internet provider
Article 19 settled the controversy concerning the nature of the notice necessary to compel an ISP to remove infringing content. Prior to the introduction of the Civil Rights Framework, the courts had considered that an extra-judicial notification informing the ISP of an infringement of rights and requiring takedown of the material before a certain date, would suffice to define the provider’s secondary liability if such notification were ignored.
The ‘notice and take-down’ remedy usually operated without judicial oversight, via extra-judicial notification; courts did not carry out an analysis of reasonableness of the remedy or even consider the existence of a right having been violated. The following two extracts are representative of many Superior Court of Justice decisions, insofar as their approach to notice and take-down remedy prior to the Civil Rights Framework was concerned:
In this hypothesis, the decision made expressly states that the provider of Internet services was notified extra-judicially as to the creation of a false, defaming profile of the alleged holder, did not take the appropriate measures but rather opted to remain inert, which is the reason that he has been held jointly liable for the moral damage inflicted on the prosecuting party, thus configuring the subjective liability of the accused’ (Supreme Court of Justice, Special Appeal under Specific Court Regulations 1402104/Rio de Janeiro, Rapporteur Minister Raul Araujo, Fourth Panel, decided on 27/05/2014).
The decision reached expressly provides that the provider was served extra-judicial notice by means of an instrument that he himself makes available for denouncing abuses—for instance, creating a defamatory false profile of the supposed holder, this proving offensive to third parties—and failed to take the proper steps, preferring rather to remain inert, for which reason he became jointly liable for the moral damage inflicted on the plaintiff, thereby configuring subjective responsibility of the accused (Special Appeal under Specific Court Regulations no. 1396963/Rio Grande du sol, Rapporteur, Minister Raul Araapp, Fourth Panel, decided on 08/05/2014).
The ‘notice and take-down’ system, however, is flawed because it allows arbitrary removal of content based on a simple complaint made by the interested person, without the necessary due process of law. Furthermore, it is a system that condones censorship, temporary or permanent, or else intimidates or restricts freedom of expression. The absence of judicial oversight may lead to an abusive exercise of rights. First, it might permit, by means of a simple notification, a restriction of freedom of expression. Second, it could result in undue or unjustified censorship (Leonardi, (http://leonardi.adv.br/2010/04/o-problema-do-sistema-de-notificacao-e-retirada-na-web/).[vii]
Imagine the hypothesis of a person who, in a blog maintained by an ISP (blogspot, for instance), writes a theatre review of a play that is currently being shown, using somewhat harsh words against the main actress, or even draws a not very favourable cartoon of the actress. The actress, perceiving the text or drawing as a violation of her dignity, could legally request the provider to remove the allegedly defamatory material, which in accordance with the above approach should be carried out under penalty of holding the provider jointly responsible. This example illustrates the dangers of censorship and the possible restriction of the freedom of expression (Bezerra 2014, 9).[viii]
With the introduction by the Civil Rights Framework of a requirement of judicial notice before an ISP can be held legally responsible, the ISP will feel more confident that it will not be held responsible without prior judicial oversight. In order to grant the order, the judge must consider the following questions: 1) the existence of fumus boni iuris (‘likelihood of success on the merits’); 2) periculum in mora (‘danger in delay’), that is, whether maintaining the alleged violation will create a situation difficult to correct or else make the damage all the worse. Should these two requirements be satisfied, the judge will order the ISP to remove the relevant content.
In accordance with the first paragraph of article 19, the legal notice must contain, under penalty of invalidity, clear and specific identification of the content alleged to be infringing in order to enable unmistakable location of the material. The best interpretation to be given to this paragraph in my opinion is that the order to take down the content must indicate by URL (Uniform Resource Locator) the exact rights-infringing material so that entire web-sites are not taken down or applications blocked, which of course would impede other users from accessing the platform.[ix]
1.8 Legal procedure
As regards legal procedure, the Civil Rights Framework provides that lawsuits concerning compensation for damages, resulting from content made available over the Internet, that are related to honour, reputation or personality and privacy rights, as well as such content being made unavailable by ISPs, can be presented before special courts. This is because there is often a need to speed up the process, since lawsuits that begin in special courts are usually quicker than those that begin in common civil courts. However, that there are two possible difficulties with this approach. First, technical proof by a skilled professional is not allowed in these special courts. Second, there is a limit to the value of lawsuits in such courts. These two restrictions may mean that the ordinary process is preferable. Since the plaintiff has the right to choose which route to follow, there is no disadvantage for the plaintiff in adopting the procedural strategy considered to be the most convenient.
1.9 Exclusion of application of article 19 to copyright
Article 19 does not apply to cases concerning infringement of copyright or related rights, as provided in the second paragraph, which expressly states that ‘application of the provision in this article to infractions of copyright or related rights depends on a specific legal provision, which must respect freedom of expression and other guarantees set forth in article 5 of the Federal Constitution’. [This means that the liability of ISPs for copyright infringement perpetrated by their users will continue to be governed by case law].
The National Congress is discussing a Bill to change substantially the Copyright Law in force (L. 9.610/98) and to reform secondary liability of ISPs as regards the violation of copyright. As far as protecting copyright is concerned, Brazilian jurists, and more specifically those with government appointments (the Commission for Culture in the House of Representatives), are engaged in debating the adoption of two instruments designed to control content generated by third parties on the Internet: (i) ‘notice and notice’, in terms of which the holder of the violated copyright uses the prerogative of notifying (extra-judicially or judicially) the ISP to alert it to the fact that a third party is using its medium to make available content of which it is not the holder; following this notification, the ISP must notify the third party about the allegation; and (ii) equal remuneration to be granted to the holder of the violated copyright for each improper use that is made.
The second paragraph of article 19 of the Civil Rights Framework states that the civil liability of the ISP for infringement of copyright by a third party should be addressed in another specific law. Thus, until a proper legislative reform is made to adopt new measures to protect copyright online, what is currently available is the use of extra-judicial notification to remove infringing material.
1.10 Article 20 and the obligation of users responsible for offending content to inform the reasons for its unavailability
Article 20 of the Civil Rights Framework states that ‘whenever the provider of Internet applications has information concerning the user directly responsible for content referred to in article 19, he must inform the user of the reasons and provide information as to the content being made unavailable, together with information that allows justification and full legal defense, except where there is an express adversary legal provision or well-founded express adversary judicial decision’.
Once the ISP has been served legal notice about the infringing content, and has complied with the notice by removing from the network the material unduly posted by a third party, he is obliged to inform the infringing user—if he can identify him/her—of the reasons for, and other information on, making the material unavailable. This procedure has two main purposes: (a) to promote due legal process by providing the user of the network with information that allows him to defend himself in the event of any subsequent lawsuit; and (b) to exonerate the ISP from any liability vis-à-vis the user.
The user who distributed the removed material may, on the other hand, demand that the ISP, who exercises this activity professionally in an organised fashion and for economic reasons, substitute the content removed with the reason and the court order that led to its being made unavailable (Article 20, sole paragraph). This is to assure the user of the guarantee of free expression of ideas and at the same time to inhibit censorship, showing as it does that the material was removed by legal order and not by private censorship on the part of the provider.
1.11 Article 21 and the secondary civil liability of the Internet provider for infringement of privacy
Article 21 of the Civil Rights Framework sets a different procedure from article 19, inasmuch as it refers to a notification to remove infringing material generated by a third party. This article concerns the protection of the privacy of people portrayed in images, videos or other material containing scenes of nudity or sexual acts of a private nature, shown without permission on the network. The legislator understood that the unauthorised distribution of this potentially seriously damaging content dispenses with the need for legal notification to oblige the provider to remove the content from the network. To be more agile, an extrajudicial notification should be sufficient to make the content unavailable. Furthermore, the notification should contain ‘under penalty of invalidity’, ‘elements that enable specific identification of the material alleged to infringe the privacy of the party concerned and verification of the legitimacy to present the petition’ (Article 21, sole paragraph).
1.12 Exclusionary elements of liability: requisites for the providerts non-compliance with the court notice to remove content
Article 21 requires that with extrajudicial notice the alleged victim should specifically identify the material held to be offensive so that the ISP can remove it. Article 19 also states that the court notice should offer clear and specific identification of the content alleged to be of an infringing nature so as to allow for unmistakable location of the material on the network.
Nevertheless, in article 19, unlike article 21, there is a provision for an exclusionary element that permits non-compliance with a court notice that calls for removal of illicit material based upon the technical limits of the ISP. If, given the state of technical development at the time, the ISP does not possess the technical capacity and the objective conditions to identify clearly and specifically the content held to be offensive, then the ISP can evade any liability for the undue content to continue on the network.
This article has faced much criticism, on the basis that it conflicts with the fact that the consumer (user or victim) is himself likely to be unable to identify the infringing content; and also with the principle of enterprise risk, which would permit holding responsible the person who exercises the providing service and has the greater technical capacity to control it.
Although the Supreme Court of Justice does not consider the civil liability of Internet-application providers based on risk, it is unreasonable to hold the user or victim of an Internet service responsible for placing offensive content, or whoever was really to blame for its insertion.
In conclusion, the above can be summarized as follows:
1. The Civil Rights Framework represents an important legislative step forward in Brazil, integrating as it does in a single body of law norms related to the juridical regime of the Internet and bringing more security as to how the norms are applied.
2. ISPs are in principle exempt from liability for offensive content generated by third parties who use their services.
3. The basis for excluding the ISP from responsibility is the inexistence of the duty to previously monitor the content to be generated or posted by third parties who use the service provided.
4. ISPs are not guarantors of the contents posted by third parties (as, for example, editors are), precisely because they are under no obligation to previously control or monitor such content.
5. The liability of ISPs for the abusive or illicit content generated by third parties can only be admitted in the hypothesis of the provider being legally notified as to the abuse or illicit nature of the material and remaining inert and refusing to remove the content.
6. Legal notification is a formal requirement for holding the ISP responsible. Extra-judicial notification can only be admitted in the hypothesis provided in article 21, that is, content that violates the privacy of a person portrayed without his or her permission.
7. The civil liability of the Internet-services provider is subjective in nature: the provider is responsible for culpable omission when, after being legally notified, he refuses to take down the infringing content posted by third parties.
8. The provider is also jointly responsible with the direct causer of the damage, based on the principle of social solidarity and non-compliance with a legal order (or extra-judicial notice, in the case of violation of privacy).
Andrighi, Fátima Nancy. 2012. A responsabilidade civil dos provedores de pesquisa via internet. Revista do Tribunal Superior do Trabalho 78(3): 64-75.
Barbagalo, Erica Brandini. 2003. Aspectos da Responsabilidade Civil dos Provedores de Serviços na Internet. In Conflitos sobre Nomes de Domínio, eds, Ronaldo Lemos e Ivo Waisberg. São Paulo, Revista dos Tribunais, p 341 and 363.
Barbosa, Fernanda Nunes. 2012. Internet e consumo: o paradigma da solidariedade e seus reflexos na responsabilidade, civil do provedor de pesquisa. Revista dos Tribunais São Paulo. 101 n.924. p.535-61.
Bezerra, Márcia Fernandes. Apontamentos sobre o Marco Civil da Internet. IN: JICEX - Revista da Jornada de Iniciação Científica e de Extensão Universitária do Curso de Direito das Faculdades Integradas Santa Cruz de Curitiba, v. 1, n. 1, 2013.
Giacchetta, André Zonaro. A responsabilidade civil dos provedores de serviço de internet e o anteprojeto de reforma da lei n° 9.610/1998 (lei de direitos autorais). Revista da ABPI. Rio de Janeiro. n.117. p.25-39. mar./abr. 2012.
Lemos, Ronaldo. Direito, Tecnologia e Cultura. Rio de Janeiro: Editora FGV, 2005; pp. 31/64.
Leonardi, Marcel. Responsabilidade civil dos provedores de serviços de internet. São Paulo: Editora Juarez de Oliveira, 2005.
Leonardi, Marcel. Internet e regulação: o bom exemplo do marco civil da internet. Revista do Advogado. Sao Paulo. v.32. n.115. p.99-113. abr. 2012.
Leonardi, Marcel. O problema do sistema de notificação e retirada na web. Conjur. Abril. 2010.
Parentoni, Leonardo Netto. Breves notas sobre a responsabilidade civil dos provedores de serviços na Internet. Revista dos Tribunais. São Paulo. v.99. n.896. p.75-95. jun. 2010.
Pereira, Régis Fichtner. A responsabilidade civil pré-contratual: teoria geral e responsabilidade pela ruptura das negociações contratuais. Rio de Janeiro: Renovar, 2001.
Reinaldo Filho, Demócrito. A jurisprudência brasileira sobre responsabilidade do provedor por publicações na internet - a mudança de rumo com a recente decisão do STJ e seus efeitos. Revista Forense. Rio de Janeiro. v.107. n.414. p.485-95. jul./dez. 2011.
Rodrigues Junior, Otavio Luiz. Marco Civil e opção do legislador pelas liberdades comunicativas, In: http://www.conjur.com.br/2014-mai-14/direito-comparado-marco-civil-opcao-pelas-liberdades-comunicativas.
Silva Junior, Ronaldo Lemos da; SOUZA, Carlos Affonso Pereira de; Branco, Sergio. 'Responsabilidade Civil da Internet: uma breve reflexão sobre a experiência brasileira e norte-americana'. Revista de Direito das Comunicações, v. 1, p. 80-98, 2010.
Souza, Carlos Affonso Pereira de. “Obrigações e Responsabilidades dos Provedores de Serviços na Internet”, in Renato Opice Blum, Marcos Gomes da Silva Bruno e Juliana Canha Abrusio (orgs). Manual de Direito Eletrônico e Internet. São Paulo: Lex, 2006.
Souza, Carlos Affonso Pereira de. Responsabilidade civil dos provedores de internet: uma década à procura de regulação. In: GUERRA, Sérgio. (Org.). Regulação no Brasil: uma visão multidisciplinar. 1ed.Rio de Janeiro: Editora FGV, 2013, v. 1, p. 129-156.
Thompson, Marcelo. Marco Civil ou Demarcação de Direitos? Democracia, Razoabilidade e as Fendas na Internet do Brasil (Civil Rights Framework or Demarcation of Rights? Democracy, Reasonableness and the Cracks on the Brazilian Internet) (May 28, 2012). Revista de Direito Administrativo (Journal of Administrative Law), v. 261, 2012, pp. 203-251.
* Professor of Civil Law at the Pontifical Catholic University (PUC-Rio), Rio de Janeiro.
[i] Despite the fact that there is no definition in the law that differentiates access and content providers, the courts have ruled that there is a fundamental difference between them in civil liability. The first does not hold any responsibility for damages caused by third parties to others by using its provision. Mainly, this provider has the only purpose of giving others the architecture to access the Internet. In the other hand, content providers are those who manage different kinds of content - such as Facebook, Google, Yahoo. They may be held responsible for damages caused by third parties if, after judicial notification, the ISP does not attend the judicial order to take down the potentially harmful content generated by third parties. This difference of concept can be identified in the way the Civil Rights Framewok deals with civil liability of one or the other in its articles 18 and 19, as seen in items 1.3. and 1.4. of this paper.
[ii] Article 5 of the Constitution of the Federative Republic of Brazil defines as fundamental rights, among others, freedom of expression of thought and intellectual, artistic, scientific and communications activities (article 5, IV and IX). The article further provides for inviolability of privacy, private life, and personal honor and image, as well as secrecy of correspondence and data via telegraphic and telephonic communications (article 5, X and XII). Also, article 220 provides that ‘freedom of thought, creation, expression and information, in any form, process or vehicle will suffer no restriction, as provided for in this Constitution’; the second paragraph adds that ‘any and all censorship is forbidden, be it of a political, ideological or artistic nature’.
[iii] Article 932 of the Brazilian Civil Code, which deals with indirect or secondary liability, states: ‘the following are equally liable for civil reparation: I – parents, for under-age children under their authority and in their company; II – guardians and protectors, for the wards and protected ones in the same conditions; III - employers or proprietors, for their employees, servants and functionaries, while performing the work assigned to them or because of such; IV – the owners of hotels, hostels, houses or establishments which charge their guests, residents and pupils for accommodation, even if for the purpose of education; V – those who have at no charge taken part in the produce of the crime, up to the stated amount’.
[iv] In Brazilian law, the term "secondary liability" means that the victim has to primarily seek reparation from the direct perpetrator of the damage to then, in the case of not being able to obtain a restitution, seek reparation from the person indirectly responsible for the direct perpetrator, such as the employer in the case of a damage caused by the employee.
[v] Article 933 provides that ‘the persons indicated in sub-items I to V of the preceding article, even if there is no fault on their part, will be responsible for acts practiced by third parties referred to therein.’
[vi] See also Supreme Court of Justice, Special Appeal 1.186.616/Minas Gerais, Third Panel, Rapporteur Minister Nancy Andrighi, decided on 31.08.2011. Similarly, see Special Appeal 1.193.764/SP, Third Panel, Rapporteur Minister Nancy Andrighi, decided on 08.08.2011.
[vii] As Marcel Leonardi puts it, ‘the need for judicial analysis and specific notification to take down content cannot be ignored, since deciding on the legality or illegality of the material—in all its possible forms—is something necessarily subjective, besides being the exclusive prerogative of the Judiciary, not of the users or the providers. Jurisprudence is actually moving in this direction, with different decisions emphasizing that this is a role reserved for the State, and it cannot be usurped by the intermediaries or the users’. (Leonardi 2010)
[viii] Bezerra offers the following opinion: ‘It is undeniable that for the actual provider of content to take down contents from the air – as the STJ imposes - entails a discretionary judgment of the nature of the divulged data. Moreover, by suspending certain content, the provider will be making a comparison between the fundamental right to privacy on the part of the person who feels offended and the fundamental right to freedom of expression on the part of the person who spread the information. It is therefore no exaggeration to state that the understanding of the STJ eventually transfers to the providers competence and responsibility that can only be accorded to the Judiciary Power itself’. (Bezerra 2014).
[ix] Following a preliminary judicial decision in the Daniela Cicarelli case, YouTube was blocked in Brazil in January 2007. The actress had been filmed having sexual relations on a beach in Spain with her boyfriend at the time, Tato Malzoni. The film was distributed over the Internet and the persons filmed filed a successful suit in the Brazilian courts, asking that all the sites that carried the video should take down the images. Sites whose content is controlled by editors complied with the notice. But in the case of YouTube, every time Google removed the video, some user posted the film again. In January 2007, Judge Ênio Santarelli Zuliani demanded that the telephone companies block access to YouTube in Brazil, supposedly for not obeying the legal requirement. The video site remained 48 hours off the air. Realizing the repercussion of the case and under pressure from critics claiming that he had acted like a censor, Ênio changed his decision and freed up access to YouTube. Source: http://info.abril.com.br/noticias/Internet/google-vence-no-caso-cicarelli-10052012-57.shl.