The Regional Administrative Court for Lazio (Fourth Section) accepted - through a ruling - the appeal presented by Meta Platforms Ireland Ltd (Facebook) against the Communications Authority, which requested the annulment of resolution no. 422/22/CONS of 14 December 2022, adopted by AGCOM at the conclusion of the proceedings initiated with notice of dispute no. 6/22/DSDI – PROC. No. 8/FDG, with which an "alleged violation of article 9 of legislative decree no." was ascertained. 87 of 2018, converted with amendments by law 9 August 2018, n. 96” (dignity decree, ed.) and, pursuant to which, an administrative fine of 750.000,00 euros was imposed.
Below is the text of the sentence: “1. The appellant company with resolution no. 422/22/CONS of 14 December 2022 was sanctioned (for the sum of 750.000 euros) by the respondent Authority for the violation of the advertising ban on gambling provided for by the art. 9, paragraph 1, of the legislative decree of 12 July 2018, n. 87 converted with law 9 August 2018, n. 96 (Dignity Decree), due to the presence, found on the dates of 2, 3, 12 and 23 May 2022, of contents (videos and images, hyperlinks etc.) "sponsored for a fee” on the Facebook platform suitable for promoting and advertising gaming and betting activities on line with cash winnings.
2. With the present appeal the appellant has challenged the injunction order articulating the following complaints:
– VIOLATION AND FALSE APPLICATION OF ART. 9 OF THE DIGNITY DECREE, OF ARTICLES. 14 AND 15 OF THE E-COMMERCE DIRECTIVE AND ARTICLES. 16 AND 17 OF THE E-COMMERCE DECREE.
According to the appellant, the assessment of liability by the Authority is based on the incorrect classification, in the present case, of Meta Platforms Ireland as hosting provider active in relation to sponsored content generated by users, whereas, vice versa, the appellant does not manipulate such content and is therefore a hosting providerpassive.
In any case, no form of liability could arise for the appellant as the latter was not aware of the fact that the contested advertisements violated the art. 9 of the Dignity Decree.
– VIOLATION AND FALSE APPLICATION OF ART. 15 OF THE E-COMMERCE DIRECTIVE AND ART. 17 OF THE E-COMMERCE DECREE. VIOLATION OF THE PRINCIPLE OF PROPORTIONALITY.
The Authority would have introduced an obligation for the appellant to preventively monitor the Facebook service in order to prevent users from violating the art. 9 of the Dignity Decree, in violation of the provisions of art. 15 of the directive E-commerce.
– VIOLATION AND FALSE APPLICATION OF ART. 3 OF LN 241 OF 1990. EXCESS OF POWER IN THE FIGURE SYMPTOMATIC OF THE VIOLATION OF A CIRCULAR ISSUED BY THE SAME AUTHORITY.
The order-injunction would lack adequate motivation as the Authority did not explain the factual conditions and legal reasons that led it to disregard its own guidelines of the Dignity Decree.
– VIOLATION AND FALSE APPLICATION OF ARTICLES. 8, 8-BIS AND 11 OF LN 689 OF 1981. VIOLATION OF THE PRINCIPLES OF PROPORTIONALITY, REASONABLENESS AND CERTAINTY OF ADMINISTRATIVE SANCTIONS.
The Authority would have erroneously calculated the sanction by applying the material cumulation instead of the legal cumulation and failing to consider the criteria for calculating the sanctions contemplated in the art. 11 of law 24 November 1981, n. 689.
3. The Authority was formed to resist accepting the appeal.
4. With ordinance no. 1946 of 6 April 2023, the Board rejected the precautionary application, deeming the requirement of non-existent periculum in mora.
5. At the hearing on 17 January 2024 the appeal was held for decision.
6. It is first of all appropriate to begin with a brief reconstruction of the regulatory framework concerning the liability regime hosting provider in relation to contents placed by third parties on the internet via their platforms.
In this regard, first of all, the provision of art. 14, paragraph 1, of the electronic commerce directive (Directive 2000/31/EC), which introduced an exemption from liability - in relation to content stored by third parties on the network - for providers of hosting who are not aware of the illicit activities that occur through their services and provided that, having become aware of it, they act immediately to remove the illicit content: "1. Member States shall ensure that, in the provision of an information society service consisting of the storage of information provided by a recipient of the service, the provider is not responsible for information stored at the request of a recipient of the service, provided that that lender:
a) is not actually aware of the fact that the activity or information is illegal and, as regards compensation actions, is not aware of facts or circumstances which make the illegality of the activity or information manifest , or
b) as soon as he becomes aware of such facts, he acts immediately to remove the information or disable access to it".
The following art. 15 completes the exemption regulations by excluding that i Providers are subject to a general obligation to monitor the information transmitted or stored by the recipients of the services offered: "In the provision of services referred to in Articles 12, 13 and 14, Member States shall not impose on providers a general obligation to monitor the information they transmit or store or a general obligation to actively seek facts or circumstances indicating the presence of illegal activities.".
A consolidated jurisprudential orientation (both EU and national), in interpreting these rules, has limited the scope of application of the exemption in question by introducing the distinction between the figure ofhosting provider active (responsible for violations committed by users who use the services) and that ofhosting provider passive (which, however, benefits from exemption from liability).
In particular, it was considered that the immunity granted to platform managers hostingfrom the directive can be valid only in the case in which thehosting provider remains neutral with respect to the contents placed on the network by the third party, being able vice versa to be called to respond if some form of participation in the management of the same is discernible, the provider carrying out an activity that goes beyond a merely technical, automatic and passive: "EU jurisprudence distinguishes two hosting provider figures:
a) that of the "passive" hosting provider, which carries out an activity of providing services of a purely technical and automatic nature, with the consequence that said providers do not know or control the information transmitted or stored by the people to whom they provide their services;
b) that of "active" hosting provider, which occurs when, among other things, the activity is not limited to what is indicated above but also concerns the contents of the service provided (see EU Court of Justice, 7 August 2018, cit. as well as, at a national level, Civil Cassation, Section I, n. 7708/2019)” (cft. State Council, Section VI, 13/09/2022, n. 7949).
To the figure ofhosting provider active today refers to recital no. 18 of EU regulation 2022/2065 (digital services regulation, which will apply from 17 February 2024): "The exemptions from liability established in this Regulation should not apply where, instead of limiting itself to a neutral provision of services through a purely technical and automatic processing of the information provided by the recipient of the service, the intermediary service provider plays an active role in providing the recipient with knowledge or control of such information".
Furthermore, the new regulation on digital services, in reiterating the exemption from liability of hostingfor contents "uploaded" by third parties (art. 6), it contains a provision (art. 7, entitled «Voluntary investigations promoted on one's own initiative and in compliance with regulatory obligations») which, innovating the previous regulatory framework, extends the exemption from liability to the case in which i Providers carry out on their own initiative - as in the case of Meta Platforms Ireland - activities aimed at identifying and removing illegal content stored by users: "Intermediary service providers shall not be considered ineligible for the exemption from liability provided for in Articles 3, 4 and 5 merely because they carry out voluntary investigations or other own-initiative activities aimed at detecting, identifying and removing illegal content or disabling access. to them, or to take the measures necessary to comply with the requirements of Union law, including those established in this Regulation".
The rule clarifies that the adoption of such control systems is not sufficient in itself to make the provider a "hosting active” (responsible for the contents themselves) and to determine the inapplicability of the exemption from liability of such subjects for the contents stored.
The aim pursued is to prevent the provideris considered active for the sole fact of implementing on its own initiative forms of control of the contents stored by users and which can, consequently, be induced not to adopt any system aimed at preventing the entry of illegal contents into the network.
7. It should also be stated that, as already stated by this Court, the general principles that regulate the liability regime of the Providers, as can be seen from the regulations on electronic commerce, are also applicable in cases in which the operator is held accountable for the violation of the prohibition on advertising games or bets with cash winnings referred to in the art. 9 of the Dignity Decree (see TAR Rome section III, 28/10/2021, n. 11036; TAR Rome, section IV-bis, 08/09/2023, n. 13676).
In particular, with reference to the aforementioned art. 14 of the directive, it was observed that "these provisions – although the directive does not apply to gambling [art. 1, paragraph 5, of the directive] – constitute an expression of general principles also applicable to the specific case, as they outline the model of responsibility of the various operators acting in the information society currently in force at EU and national level".
8. In light of these premises, for the purposes of examining the first ground of appeal, it is necessary to verify whether the system of preventive control of advertisements adopted by Meta Platforms Ireland is sufficient to give it the role of active hosting provider, excluding it from the scope of the exemption referred to in art. 14 of the e-commerce directive.
It is therefore a question of "examine whether the role played by this manager is neutral, i.e. whether his behavior is merely technical, automatic and passive, which implies a lack of knowledge or control of the contents he stores, or whether, on the contrary, said manager carries out a active role suitable to give him knowledge or control of the aforementioned contents” (cft. EU Court of Justice Grand Chamber, 22/06/2021, n.682)
To this end, it should be noted that it is common ground that the control system that the appellant company has equipped itself with to determine whether the advertisement contains illicit content is mainly automated in nature and that the "manual" verification by a natural person occurs in residual hypotheses and for a very limited number of cases (if compared to the enormous amount of advertisements placed on the platform).
In the same contested resolution it is highlighted that "The advertisement is not immediate but is made public only after at least 24 hours, the time necessary for Meta to carry out a check on it to ensure that it complies with the platform's advertising regulations... The advertisement analysis system is based on automated technology that applies the Advertising Policies to the millions of adverts published on the platform. Furthermore, control is also envisaged by natural persons, both in charge of the analysis aimed at improving the aforementioned automated systems, and directly in charge, in some cases, of the manual analysis of the adverts... Based on the results of the analysis, a the advert is rejected or allowed for publication".
Furthermore, as specified by the appellant, it is the of automated control which can subject a single advertisement to manual intervention by a natural person: “In a limited number of cases, automated review may result in the listing being subjected to human review, either for manual review purposes or for the purposes of improving and training the automated system".
Since this is the preventive monitoring method set up by the appellant, it must be excluded that, in the matter in question, this activity could qualify in terms of hosting provider I activate the appellant party provided that:
– the advert control system did not involve, in this case, any manipulation of the stored data;
– the only manipulation that can result from the activation of the automatic control tool adopted by the appellant is the "rejection" of the insertion by the system, so that any active role played by the appellant is aimed at preventing - and not at facilitating , as in the case ofhosting provider active – the use of contents by the generality of users.
Furthermore, this Court, in the aforementioned sentence no. 10036/2021, has already held that when the service manager's activity is automated in nature, not involving the manipulation of messages, the "active role" on which the manager's responsibility is based is missing: "it is undisputed that the activity in question has an automated nature, not involving the manipulation of messages, so that in this case the aforementioned "active role" on which the responsibility of the manager himself is based is missing. The service in question ... in fact provides that the adverts are created completely independently by the advertiser, who determines their content through an automated process ...; the advertisement is thus subjected to the examination of a software which, with automatic methods as mentioned, verifies its compliance with the contractual terms and conditions" and that “allows you to “block”, again using automated techniques, messages containing illegal content".
9. Furthermore, it should be noted that, as mentioned above, art. 7 of the new regulation on digital services, pursuant to which "Intermediary service providers shall not be considered ineligible for exemption from liability … merely because they carry out voluntary investigations or other own-initiative activities aimed at detecting, identifying and removing illegal content or disabling access to it".
The provision extends the exemption from liability to the hypothesis in which service providers carry out on their own initiative activities aimed at intercepting and removing illegal content stored by users, as in the case of today's appellant.
The rule - excluding the possibility that the adoption of measures aimed at detecting illegal activities can be considered as a symptom of an active role with respect to the content placed online by users - aims to prevent Providers may be exposed to the risk of being excluded from the application of the exemption clause from liability simply because they have equipped themselves with a system to control the contents "uploaded" by users of the service.
10. It should be added that, in the present case, an activity of the provider consisting in the mere technical and automatic processing of the information provided by the recipient of the service, it must be excluded that the appellant had actual knowledge of the illegal contents stored by users on the platform and that, consequently, she had the possibility of taking useful action to remove the aforementioned contents.
Nor did the Authority demonstrate that the platform manager was aware of the illicit behavior of the service user.
To this end, he would have had to (attach and) demonstrate that, in the specific case, one of those limited cases occurred in which following the automatic control carried out by the a verification takes place by a natural person (so-calledhuman review"), given that only the contact of a human resource with the prohibited content can imply the condition of actual knowledge suitable to justify a charge against the provider by way of complicity in the commission of another's offence.
11. Finally, it should be specified that the knowledge requirement cannot be considered integrated, as claimed by the respondent Authority (cf. page 18 of the resolution), for the sole fact that the advertising standards adopted by the company provide for the "subject to written authorization” for posting adverts promoting gambling.
In fact, it is uncontroversial, pursuant to art. 64, paragraph 2, cpa, that, in the matter in question, the users who placed the contested advertisements had not received the written authorization required by the advertising standards (as deduced by the appellant on pages 2 and 3 of the brief filed ex art. 73 cpa).
It follows that the factual basis - the issuing of such authorization by the appellant - used by the Authority to conclude that the appellant was aware of the sponsored content is lacking.
12. In conclusion, the Board believes that:
- the automated control mechanism described above is not sufficient to qualify the appellant as hosting provider active;
- effective knowledge on the part of the appellant of the illicit activity carried out by the users has not been demonstrated (lacking proof that the "proactive" measures adopted by the service manager implied knowledge of the illicit activities);
- only with the notification of the notification of the violation of the art. 9 of the Dignity Decree (which initiated the procedure resulting in the imposition of the adverse sanction) the appellant acquired knowledge of the existence of the illicit advertisements and consequently took steps to remove the "Post” subject of the dispute.
13. For the reasons highlighted, the appeal must be accepted, with absorption of the further complaints proposed.
14. The particularity of the legal issues involved justifies the full compensation of the litigation costs.
PQM
The Regional Administrative Court for Lazio (Fourth Section), definitively ruling on the appeal, as in the proposed epigraph, accepts it within the terms set out in the motivation and, as a result, cancels the resolution of the Authority for Communications Guarantees no. 422/22/CONS of 14 December 2022".
