CJEU Confirms Platforms’ Liability for Curated Content

Social networks are responsible for the information they present through an algorithm.

The Court of Justice of the European Union (CJEU) has ruled on this point. Its decision covers, more precisely, all “information society services.” In broad terms, essentially any service delivered electronically.

Their operators may benefit from an exemption from liability under the hosting provider status. This requires that they have neither knowledge nor control of the information they store at the request of a user.

Read also: GDPR: the CJEU narrows the scope of fines

This status does not apply when an algorithmic sorting intervenes. Or, in extenso, when they “determine, by means of an algorithm, under what conditions, how and in what order of priority” the information is redisplayed or not.

Radar alerts and porn sites

Even in the scenario of such an exemption, a service provider may be barred from redistributing information related to certain road checks for reasons of public order, safety or security, the CJEU adds.

This clarification is a setback for Coyote. The French company had sought from the Conseil d’État to annul the decree prohibiting driving-assistance services from relaying certain “radar alerts.”

WebGroup Czech Republic and NKL Associates had also filed an action for annulment. But against a different decree. Specifically, the one that obliges them, as operators of pornographic sites, to implement user age-verification mechanisms.

In both cases, the challenge rests on the principle of the “country of origin” enshrined in the E-Commerce Directive. By virtue of this principle, information society service providers are subject only to the law of the member state in which they are established.

Measures allowed in the name of public order and safety

The CJEU recognizes that the measures challenged constitute a restriction on the circulation of the related services. It nonetheless finds that the directive permits them if they pursue certain objectives, among which public order, including the protection of minors, and public safety, to which the prohibition on redistributing “radar alerts” is linked.

Read also: GDPR: five years on, the gaps in cross-border files

The measures in question appear proportionate in light of these objectives, the CJEU states. They also seem to target specific services “that indeed undermine” those objectives.

Before adopting such measures, a member state must, “except in urgent cases,” request the member state of establishment of the provider to take them itself. Otherwise, it must notify the provider—and the European Commission—of its intent to adopt them.

Dawn Liphardt

Dawn Liphardt

I'm Dawn Liphardt, the founder and lead writer of this publication. With a background in philosophy and a deep interest in the social impact of technology, I started this platform to explore how innovation shapes — and sometimes disrupts — the world we live in. My work focuses on critical, human-centered storytelling at the frontier of artificial intelligence and emerging tech.