Early this year the Italian government pushed to introduce new unprecedented measures where-by persons who regularly upload video to the web (such as YouTube) will have to apply for a government licence to do so. Also unprecedented was an Italian court judgment of February 24 convicting (in absentia) three Google executives of privacy violations because they did not act quickly enough to take down an online video on YouTube that showed some teens bullying an autistic boy.

What really matters is that news of this kind highlights the rather ambiguous position that internet service providers often tend to operate in - especially when operational on a cross-border multi-jurisdictional basis.

Why should e-commerce operators and intermediaries (or worse still, individual persons behind such operations, such as the Google execs) be held responsible for content posted via their platform when they didn't write or edit the content and when the operator's terms and conditions very likely disclaim responsibility for such content? At what stage does a service provider stop acting as a "mere conduit" for the content and what triggers its accountability in the eyes of the law as editor or publisher of that content?

The legal answers to these questions are somewhat blurred, and whereas EU law seemingly provides for a "mere conduit" exception, some EU member state courts are interpreting such exception rather restrictively, especially when dealing with content which potentially infringes third-party privacy rights or intellectual property rights.

In this case, the Italian court found the Google executives guilty and liable for unlawful personal data handling because they delayed unnecessarily to take down the abusive content. Apparently, taking down the content two hours following notification by the police was not "soon enough" especially because several web users had flagged the "abusive" content to Google before (which, ironically, drove the video right up to the top of a "most entertaining videos" list on the website). Yes, to drive Google that much more up the wall, its own self-imposed and self-regulatory tool seems to have garnered it more responsibility in the eyes of the law!

Indeed, this judgment shows that the privacy of an autistic boy is respected and action shall be taken to protect that privacy. Having said that, it is reported that with the cooperation of Google, justice was done with the perpetrators who were convicted and sentenced for their wrongdoing. So why blame "the Google" when it did not commit the crime?

In essence this boils down to the everlasting debate of freedom of expression on the net versus the protection of privacy rights or other rights such as intellectual property rights or public security. There are the advocates for a free net - where persons are free to speak, comment and criticise - and there are those who advocate for the prevalence of decency, respect and rule of law before "freedom" on the net.

Finding the balance between the two is ideal, but difficult; and difficult as it may be, e-commerce operators must be aware that this struggle could exist in one or several of the jurisdictions wherein they operate or target. Sometimes the weighing scales tip - and very often not on the operator's side.

So far, Maltese courts have not opined on this particular issue, and one wonders what the position at law will be. It is noted that the Maltese Electronic Commerce Act does transpose the mere conduit exception and whereas it provides that ISPs are to promptly inform public authorities of any alleged illegal activity undertaken (including of any information provided by recipients of their service) and are to grant to such authority (upon request) information enabling the identification of recipients of their service with whom they have storage agreements, it also clearly states that ISPs are not obliged to monitor the information which they transmit or store, or to actively seek facts or circumstances indicating illegal activity.

More so, the Act does not impose liability on the ISP for failure to take down the third-party content.

Naturally it is understandable that a balance is sought, including by implementing a "take-down" approach (that is, obliging operators to remove content when so requested by the police or when they are otherwise formally and properly requested to do so). But just as highway builders should not automatically be held responsible for third-party over-speeding, internet plat-form operators should also not be held automatically responsible for third-party over-speaking! It is the same as a postal service not being responsible for the content of a letter which it delivers.

But where is the line drawn? How many complaints must be flagged to the ISP for it to be deemed responsible? And, if the general principle is for an ISP to be exempt as a mere conduit under the E-Commerce Act, then to what extent can the ISP be held liable under a separate law (as seems to have happened in the Google case whereby privacy laws were applied)?

As Italy tries to mould and (re)define the internet in Italy, one hopes that the European Commission and other democratic states react to prevent further entanglement of laws and court decisions - which although are (or appear to be) directed at protecting rights (such as privacy) may rather be impinging upon the freedom and progress of the web.

Indeed such rights must be respected and protected and whereas operators should be expected to collaborate, ISPs and telcos should not be forced to become digital vigilantes - something which could impinge on network neutrality as we know it.

The rights and reasonable obligations of operators must be delineated to ensure that the progress of the net is not unnecessarily stifled. This entanglement of laws must be straightened out, lest the WWW becomes the Wild Wild West!

Dr Gonzi is an associate at Fenech & Fenech Advocates.