Last updated: 
3 months 3 weeks ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

New Developments for Internet Operators

Wednesday, April 10, 2013 - 10:34

My talk at Networkshop looked at some of the changes going on in the law, especially in the measures that those who operate parts of the Internet are expected or required to take to help deal with unlawful activities on line. The law recognises a couple of general roles: Internet Access Providers who provide Internet connections to individuals are required by section 22 of the Regulation of Investigatory Powers Act 2000 to disclose information about their users to law enforcement officers dealing with crimes, though at present for private networks this only covers information they already have for their own purposes, e.g. enforcing Acceptable Use Policies. Hosting providers who publish content for third parties (e.g. students) on websites, blogs, etc. are protected from legal liability for content they don’t know about, but when notified need to choose between taking the material down or risking potential liability if they leave it up.

The Digital Economy Act 2010 adds further duties for some Internet Access Providers when informed that their users are breaching copyright. The Act has two aims – to discourage low level infringers, and to allow courts to concentrate on more serious and repeat infringers. Unfortunately the definitions of “ISP” and “subscriber” in the Act are very unclear when you try to apply them to a network such as Janet, and in 2010 it was suggested that Janet might be required to act as ISP and pass on only a subset of infringement reports, thus preventing universities and colleges dealing with individuals under the Janet AUP. However Ofcom’s new draft implementation code confirms that this will not happen, and that we can continue to follow what is recognised as a very effective approach. If universities and colleges get connections from other ISPs, for example as a backup or to provide connectivity to the public, then they need to ensure that they agree on the roles that each will take under the Act, otherwise a university could find itself subject to the same thresholds as a single house.

The Defamation Bill provides two new options when hosting providers receive allegations that material they are hosting is defamatory. At the moment they have a simple choice between leaving material up and taking it down. The former may risk liability for defamation, the latter may risk liability for damaging free speech, something universities and colleges have a special duty to protect. Unlike other conflicts between legally protected rights, the law doesn’t seem to allow the host to ask the courts to decide. If the Bill becomes law, posts that are attributed will no longer be the host’s problem – any legal case is between the author and the person they have allegedly defamed. However it seems that “attribution” will require sufficient information to serve a legal complaint on the author, not something many blogs provide at the moment. A more promising approach is a prescribed notification process, where the host is required to pass the complaint on to the author. If the author provides their contact details to the host, then the host is protected from legal claims. The claimant can seek a court order either to have the author’s contact details disclosed, or to have the material removed. The Bill would also mean that hosts couldn’t acquire liability simply by moderating posts, something that has been recognised as a problem with the current law for more than a decade.

Finally, following a number of cases where individuals were arrested or even convicted for comments on social networking sites, the Director of Public Prosecutions has issued new guidance to prosecutors on dealing with online comment. Comments that constitute threats, harassment, or contempt of court should be “prosecuted robustly”; but comments that are merely offensive need to meet a higher threshold for prosecution to be appropriate – they must be grossly offensive, not just shocking, disturbing, rude or distasteful. The guidance has generally been welcomed, though there are still concerns that the crime of “offensive communications” in s.127 of the Communications Act 2003 may be less suitable for the Internet than the telephone networks for which it was originally created. Posters on social networks can, of course, still be sued for civil wrongs such as defamation, even if a post is only seen by a few hundred followers.