Delimiting the Ambit of Responsibility of Intermediary Publishers for Third Party Rights in European Data Protection: Towards a Synthetic Interpretation of the EU acquis
University of Cambridge Faculty of Law Research Paper No. 31/2017 (pre-print of "Intermediary Publishers and European data protection”, International Journal of Law and Information Technology (Vol. 26(3), pp. 189-225) (2018)).
33 Pages Posted: 29 Jun 2017 Last revised: 5 May 2020
Date Written: June 27, 2017
With the explosion of computer technology, vastly more and more varied types of data related to individuals are being disseminated online, often without their consent. Whilst intermediary publishers are not the initial and immediate cause of this, they generally play a contributory role and engage in further (semi-)autonomous processing such as organising or promoting content. Current case law rather haphazardly recognises intermediary publishers to be data protection ʻcontrollersʼ and/or protected by the intermediary ʻhostʼ shield, whilst also acknowledging the engagement of general human rights law. Seeking to synthetically balance the competing purposes which underlie these three legal frameworks, this paper argues that greater responsibility should flow from more autonomous control but that some shielding is still necessary for all intermediary publishers. Conceptually it is argued that such a synthetic approach leads to intermediary publishers being grouped into three increasingly autonomous categories - ʻprocessor hostsʼ, ʻcontroller hostsʼ and ʻindependent intermediariesʼ - which should be subject to a successively greater ambit of responsibility accordingly. Detailed elaboration of the resulting duties must also take account of the seriousness of the potential interference with competing rights and, in this regard, should give weight to the divergent resource capacity of otherwise similarly situated actors.
Keywords: Blogging Platforms, Directive 95/46, Directive 2000/31, Data Protection, EU Charter, Evaluation Sites, Hosting, Intermediary Liability, Profiling Sites, Privacy, Regulation 2016/679, Reputation, Search Engines, Social Networking Sites, Social Media, Video-Sharing Sites, Website Maintenance
Suggested Citation: Suggested Citation