Recently, several articles were published on the security and misuse of electronic communications. These tended to conclude that the responsibility for security against abuse lies with the public communications service providers (PCSP), which logically implies that they are also responsible for such misuse. PCSPs are an essential and indispensable part of the TMT sector, and it is, therefore, important to address their liability in such situations for legal certainty.
What is the liability of a PCSP when offering electronic communications services and how far does it extend? In the modern world of communications, abuses occur regularly, primarily due to the ingenuity of content providers on the one hand and the naivety of users on the other. It is, however, the responsibility of the state to ensure that such communications are secure, both as regards the technical and the content parts. The logical question is, therefore, which part of these services is the responsibility of the PCSP?
The primary distinction to be made is what constitutes an electronic communications service in the first place, which is the transmission of signals over electronic communications networks. Users often assume that the content itself and the editorial control over what is transmitted by those signals are part of the scope of an electronic communications service, which is a misconception. An electronic communication service should be interpreted relatively narrowly, purely technically. This means that the transmission of electronic messages falls within the scope of this service merely as a transmission of signals but that the content itself, its provision, and editorial control do not fall within the scope of this service.
As the regulator of electronic communications services, the state protects the individual in the event of abuse by third parties, which is not the fault of the users, by making PCSPs bear the costs incurred as a result of the abuse. It is important that the abuse is not the users’ fault, where the users have taken all reasonable steps to protect themselves and have complied with the instructions communicated to them by the PCSP. This means that the misuse is attributable to the users where the users have unusually used the public communications service, and the misuse is the result of such unusual use. Such a regime sees the PCSP as a stronger and more legally and technically proficient party, with a better economic position than the users. Therefore, PCSP is in a better position to bear the costs of such misuse and to bring any retaliatory action against a third party.
However, as explained, this liability is not all-encompassing. It is limited to the technical part of the service actually provided by the service provider and not to the substantive part itself. Thus, the content cannot be equated with the concept of a communication service, nor can the cost of access to that communication content be equated with the cost of providing a communication service, even though individuals pay the PCSP for both services. In other words, this means that the costs paid by the individual cover the provision of the electronic communications service, but also cover the costs of access to the content, which is, in principle, provided by a third party. It should be borne in mind that the PCSP retains only part of the costs relating to the transmission of signals over the network, while the costs relating to access to content are passed on by the PCSP to the content provider.
Thus, it must be considered that the PCSP cannot be held liable for any abuses committed by content providers transmitted by electronic communication. The PCSP is responsible for the transmission of the signal, but the content transmitted using its service is expressly excluded from its responsibility. This means that a strict distinction must be drawn between the concept of communication service and the communication content.
The liability of a PCSP cannot be interpreted as extending the operator’s liability beyond the security of the network or the telecommunications services in the technical sense. Such a conclusion is further confirmed by the obligation of the PCSP to protect the confidentiality of the content of communications so that it has no possibility of controlling the lawfulness of the conduct of those who provide the content while, on the other hand, it is required to ensure access to such services. The only possibility or obligation that the PCSP has is to comply with the courts’ decisions and to prevent access to such content in case any abuse or fraud is detected.
By Uros Cop, Managing Partner, Senica & Partners
This article was originally published in Issue 9.10 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.