Will an Italian court's decision to convict three Google executives of invasion of privacy have widespread effects on the Internet beyond Italian borders?
Google certainly thinks so, but it could take a significant change in thinking around the globe to prove Italy is not an outlier. Three Google executives, including head lawyer David Drummond and Chief Privacy Counsel Peter Fleischer, were convicted of invasion of privacy Wednesday by a court in Milan because a video of students taunting an autistic boy was uploaded to Google Video in 2006. George Reyes, who was chief financial officer but left the company in 2008, was also convicted.
The judge ruled that Google had a duty to make sure the video didn't violate Italian privacy laws before it was displayed on Google Video, and since Italian law allows individual employees of a company to be held liable for the actions of their corporations, the individual executives were subject to trial. The obvious implication of the decision is that Google employees are now personally liable for all the content hosted on its site in Italy, forcing the company to either ban user-generated content from its sites or carefully review each submission.
That's going to be expensive, and it's likely unworkable. "If ... sites like Blogger, YouTube and indeed every social network and any community bulletin board, are held responsible for vetting every single piece of content that is uploaded to them--every piece of text, every photo, every file, every video--then the Web as we know it will cease to exist, and many of the economic, social, political and technological benefits it brings could disappear," Google said in a blog post objecting to the ruling.
Google plans to appeal the decision, and for now is going about business as usual in Italy, said Scott Rubin, a spokesman for Google.
In the U.S, things are a little different. Section 230 of the 1996 Communications Decency Act protects Internet companies such as Google that are considered "interactive computer services" or "information content providers" from liability for content that is uploaded or published by others. The sheer amount of content available on the Internet makes it nearly impossible to review every single document for potentially objectionable material, meaning that companies that provide access to such material might just block access entirely rather than be forced to screen every bit and byte for potential litigious content.
On just the YouTube service alone, "20 hours of video are uploaded every minute," Google's Rubin said. "It would be impossible to prescreen content."
The potential problem for Google in Europe is that European data-protection laws are more like expressions of principles rather than explicit statutes, said Lisa Sotto, a privacy and data protection lawyer with Hunton & Williams in New York. That means there is room for individual countries to interpret those laws in different ways, with some hewing to the more Internet-company friendly U.S. interpretation and others opting for more along the lines of what Italian prosecutors have pursued.
Still, Google believes that both European and Italian laws recognize the concept of a safe harbor for Internet companies, and intends to argue that point on appeal.
Google's Fleischer expressed doubt in a blog post from November 2009 that the situation in Italy would catch on elsewhere, based on attitudes in other countries.
"I'm sure such prosecutions will remain rare, and perhaps my current prosecution will [be the] last of its type," he wrote. "But maybe not. And working for one of the world's most visible Internet companies puts me at more risk than most of my colleagues in the field of data protection, as the current prosecution has shown."
As with Google's dispute in China over search censorship, the Italian case exposes how difficult it can be for Internet companies to operate on a global basis when laws governing these sectors conflict, said Julie Ahrens, associate director of the Fair-Use Project at Stanford University.
U.S. Secretary of State Hillary Clinton, in reacting to the cyberattacks against Google and other U.S. companies that prompted Google's dispute with the Chinese government, declared that it is the policy of the U.S government to support Internet freedom around the world, calling on foreign governments to move away from using the Internet as a repressive tool. In an indirect way, court decisions such as the one in Milan could work against those goals, since companies like Google, Yahoo, Twitter, and Facebook that have been used by those organizing against autocratic governments would likely have to shut down their services if faced with the prohibitive cost of monitoring the content production of each and every user of their services.
"How do you consistently comply with all the laws?" Stanford's Ahrens said. "Complying with Italian law could be a violation of U.S. law."
Should the Italian interpretation of Google's responsibilities catch on, it's not hard to see how Internet companies would have to pull back on their operations for fear of widespread liability. But for the moment, it seems that this case is a one-off example of why data protection laws need to take into account the 21st century notion of the Internet.
"I think it places an enormous burden on the Internet as a vehicle of free speech and free expression," Sotto said. "This decision is so out of step with contemporary data law, and that's a bad result."