• Cyprus as an Ideal Jurisdiction for Electronic Commerce and Online Services
  • July 24, 2014
  • Law Firm: Anastasios Antoniou LLC - Limassol Office
  • Directive 2000/31/EC of the European Parliament and the Council of 8th June 2000 (the e-commerce Directive), adopted in 2000, sets up an Internal Market framework for electronic commerce, which provides legal certainty for business and consumers alike.

    The e-commerce Directive established harmonised rules on issues such as the transparency and information requirements for online service providers, commercial communications, electronic contracts and limitations of liability of intermediary service providers. In addition, the Directive enhanced administrative cooperation between the Member States and the role of self-regulation. Examples of services covered by the Directive include online information services (such as online newspapers), online selling of products and services (books, financial services and travel services), online advertising, professional services (lawyers, doctors, estate agents), entertainment services and basic intermediary services (access to the Internet and transmission and hosting of information). These services also include services provided free of charge to the recipient and funded, for example, by advertising or sponsorship.

    The e-commerce Directive defines “information society services” as “any service normally provided for remuneration, at a distance, by means of electronic equipment for the processing (including digital compression) and storage of data, and at the individual request of a recipient of a service.” Some of the activities included in the definition are the sale of goods on-line, the transmission of information via a communication network, the hosting of information provided by a recipient of the service, services which are transmitted point to point, e.g., video-on-demand and commercial communications by electronic mail, and services which are not remunerated by those who receive them, e.g., tools allowing for search, access, and retrieval of data. Providers of such services are known as Internet service providers (ISP).

    EU Courts’ case law

    Prior to turning to Cyprus, it is crucial to note how the provisions of the e-commerce Directive have been interpreted by the Court of Justice of the European Union (CJEU) in a number of landmark judgments.

    Of crucial importance is the interpretation given to Article 14 of the e-commerce Directive by the CJEU in its 23 March 2010 Judgment in Joined Cases C-236/08, C-237/08 & C-238/08, Google France v. Louis Vuitton. In that case, the Court held that an ISP that has not played an active role of such a kind as to give it knowledge of, or control over, the data cannot be held liable for the data which it has stored at the request of an advertiser, unless, having obtained knowledge of the unlawful nature of those data or of that advertiser’s activities, it failed to act expeditiously to remove or to disable access to the data concerned.

    In its Judgment of 12/7/2011 in Case C-324/09 L'Oréal SA et al v eBay International AG et al the Court held that Article 14(1) of the e-commerce Directive must be interpreted as applying to the operator of an online marketplace where that operator has not played an active role allowing it to have knowledge or control of the data stored. The operator plays such a role when it provides assistance which entails, in particular, optimising the presentation of the offers for sale in question or promoting them.

    Where the operator of the online marketplace has not played an active role within the meaning of the preceding paragraph and the service provided falls, as a consequence, within the scope of Article 14(1) of Directive 2000/31, the operator none the less cannot, in a case which may result in an order to pay damages, rely on the exemption from liability provided for in that provision if it was aware of facts or circumstances on the basis of which a diligent economic operator should have realised that the offers for sale in question were unlawful and, in the event of it being so aware, failed to act expeditiously in accordance with Article 14(1)(b) of the e-commerce Directive.

    What is more, even if the online provider plays a "neutral role" (and is therefore, subject to the exception under the e-commerce Directive), it would not be exempt from liability if:

    (a)  It had "actual knowledge" of illegal activity;
    (b)  It is aware of facts or circumstances from which the illegal activity or information is apparent;
    (c)  Having obtained such knowledge or awareness, fails to act expeditiously to remove or disable access to this information;

    The CJEU has therefore shed light on the standard of duty required by an ISP, being that of a "diligent economic operator" and that the relevant "awareness" can arise as a result of an investigation undertaken at the online operator’s own initiative or due to being notified of an infringement.

    In its Judgment of 16/2/2012 in Case C-360/10 Sabam v. Netlog the Court had to decide whether a Belgian court could require Netolg, a Belgiab ISP, to cease making available works from SABAM’s repertoire. It was held that not only was the injunction requiring Netlog to install a filtering system, which would oblige Netlog to actively monitor all the data of its users and to prevent future IPR-infringements, contrary to article 15 of the e-commerce Directive, it was also contrary to the EU’s Charter of Fundamental Rights, which is the primary legal instruments protecting rights in the EU. National authorities are required to “strike a fair balance between the protection of copyright and the protection of the fundamental rights of individuals who are affected by such measures (para. 43).”

    As the CJEU held (para. 46): “¿such an injunction would result in a serious infringement of the freedom of the hosting service provider to conduct its business since it would require that hosting service provider to install a complicated, costly, permanent computer system at its own expense, which would also be contrary to the conditions laid down in Article 3(1) of Directive 2004/48, which requires that measures to ensure the respect of intellectual-property rights should not be unnecessarily complicated or costly.”

    On the rights protected under the Charter, the Court noted that (para. 48): “Moreover, the effects of that injunction would not be limited to the hosting service provider, as the contested filtering system may also infringe the fundamental rights of that hosting service provider’s service users, namely their right to protection of their personal data and their freedom to receive or impart information, which are rights safeguarded by Articles 8 and 11 of the Charter respectively”.

    The Cyprus State of Play

    In Cyprus, the Law Providing for Certain Aspects of Information Society Services and Particularly Electronic Commerce, Law 156(I) of 2004, as amended (Law 156(I)/04), transposed the e-commerce Directive into the Cypriot legal order. Interpreting the provisions of s. 2 of Law 156(I)/04, an established ISP in Cyprus would be one having its main centre of activities in Cyprus, to a large degree irrespectively of whether its technological infrastructure is located in Cyprus or not.

    Contrary to jurisdictions of other Member States, such as, inter alia, the United Kingdom, Cyprus has fully transposed the provisions of e-commerce Directive and particularly provides for the exclusion of liability of ISPs.

    Specifically, the following exclusions of liability for an ISP exist under s.s. 15, 16, 17 and 18 of Law 156(I)/04 respectively:

    (1) Regarding the provision of an information society service which involves the transmission of information, an ISP shall not be liable for the information transmitted, on condition that the ISP:

    (a)     does not initiate the transmission;
    (b)    does not select the receiver of the transmission; and
    (c)     does not select or modify the information contained in the transmission.

    (2) Regarding the provision of an information society service is provided that consists of the transmission in a communication network of information provided by a recipient of the service, the ISP shall not be liable for the automatic, intermediate and temporary storage of that information, performed for the sole purpose of making more efficient the information's onward transmission to other recipients of the service upon their request, on condition that:

    (a)   the ISP does not modify the information;
    (b)  the ISP complies with conditions on access to the information;
    (c)   the ISP complies with rules regarding the updating of the information, specified in a manner widely recognized and used by industry;
    (d)  the ISP does not interfere with the lawful use of technology, widely recognized and used by industry, to obtain data on the use of the information; and
    (e)   the ISP acts expeditiously to remove or to disable access to the information it has stored upon obtaining actual knowledge of the fact that the information at the initial source of the transmission has been removed from the network, or access to it has been disabled, or that a court or an administrative authority has ordered such removal or disablement.

    (3) Regarding an information society service that consists of the storage of information provided by a recipient of the service, the ISP, subject to the recipient of the service not acting under the control of the ISP, shall not be liable for the information stored at the request of a recipient of the service, on condition that:

    (a)   the ISP does not have actual knowledge of illegal activity or information and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or information is apparent; or
    (b)  the ISP, upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information.

    (4) Regarding the monitoring of information transmitted or stored under any information society services provided within the context of any of s.s. 15, 16 and/or 17 of Law 156(I)/04, there shall be no general obligation on ISPs to monitor the information which they transmit or store, nor a general obligation actively to seek facts or circumstances indicating illegal activity.

    It therefore becomes clear that a Cyprus ISP shall not be liable for illegal or copyright-infringing content transmitted through its infrastructure, where the above mentioned conditions are met. Cyprus constitutes an ideal jurisdiction from which to carry out e-commerce trading and provide online services, provided that regulated legal advice is obtained to ensure that all conditions relieving a Cyprus-based ISP from liability are in place.