Online immunities for Internet platforms under NAFTA

August 31st, 2018 by Barry Sookman Leave a reply »

Canada and the U.S. appear to be getting close to the wire on the renegotiated NAFTA. If the USTR Fact Sheet on the UNITED STATES–MEXICO Trade Agreement is accurate, the agreement will contain a new requirement to:

Limit the civil liability of Internet platforms for third-party content that such platforms host or process, outside of the realm intellectual property enforcement, thereby enhancing the economic viability of these engines of growth that depend on user interaction and user content.

The inclusion of this provision should be no surprise. This was one of the United States’ stated objectives for NAFTA. It was also heavily lobbied for by Google and other major U.S. platforms and organizations funded by them. In particular, these platforms have lobbied to require Canada and Mexico to enact laws similar to the controversial Section 230 of the Communications Decency Act.[1]

While it is not objectionable for Internet platforms to have some immunity for damage claims where they act as passive, neutral intermediaries and are not aware and have no reason to be aware that their actions are causing damages, it would be a major extension of the law and contrary to the public interest to grant Internet platforms the types of immunities provided for by the CDA. In fact, even Google and other Internet platforms have recently acknowledged that such protection is not required for the Internet to flourish.

Section 230 of the CDA was enacted for the purpose of enabling online platforms to act responsibly to screen and block offensive materials and to foster free expression online. Yet, the CDA has been broadly interpreted to also immunize the publication of offensive conduct that would never be sanctioned in offline domains. This Internet exceptionalism provided protection for sites designed specifically to purvey offensive materials, even in the absence of any good faith efforts to address the abusive content.[2] The breadth of the immunity was recently summarized and criticized by Danielle Citron and Benjamin Wittes in a law review article published in the United States:

Platforms have been protected from liability even though they republished content knowing it might violate the law, encouraged users to post illegal content,42 changed their design and policies to enable illegal activity, or sold dangerous products. As a result, hundreds of decisions have extended Section 230 immunity, with comparatively few denying or restricting it…

Although Section 230 has secured breathing space for the development of online services and countless opportunities to work, speak, and engage with others, it has produced unjust results. An overbroad reading of the CDA has given platforms a free pass to ignore destructive activities, to deliberately repost illegal material, and to solicit unlawful activities while ensuring that abusers cannot be identified. As Rebecca Tushnet put it well, Section 230 “allows Internet intermediaries to have their free speech and everyone else’s too.”

Companies have too limited an incentive to insist on lawful conduct on their services beyond the narrow scope of their terms of service. They have no duty of care to respond to users or larger societal goals. They have no accountability for destructive uses of their services, even when they encourage those uses. In addition, platforms have invoked Section 230 in an effort to immunize a great deal of activity that has very little to do with speech. It is indeed “power without responsibility.”[3]

Lawmakers in the United States have recognized that Section 230 of the CDA has been used irresponsibly by some online platforms. For example, United States Senator Portman recently stated the following about Section 230 of the CDA in expressing his bi-partisan support for the recently enacted Enabling Sex Traffickers Act (SESTA) exemption to the CDA:

We looked at it and found out that there was a federal law put in place—with good intentions, I believe—back a couple of decades ago to try to ensure freedom of the internet, which of course all of us support. But it provided an effective immunity to these websites even if they were selling people online knowingly. We wrote legislation to get at that, spent about a year trying to get that through the process and eventually got it to a vote and got it passed. The law which provided the immunity was part of the Communications Decency Act that was meant, again, to try to encourage freedom of the internet but was taken too far, particularly in how it was interpreted by the courts.[4]

Senator Wyden, one of the authors of the immunity in section 230 of the CDA, also recently expressed concern in a conference before industry executive saying that:

Section 230 creates the ability for the user experience that [online platforms] want to create. You’ve got a responsibility to use that protection to cultivate a welcoming internet. Section 230 should be a tool for weeding out the bad actors, not an excuse for somebody to go do an ostrich act. My view is that companies have a responsibility to use the tools section 230 gives the platforms. The view that platforms are nothing but neutral pipes for speech isn’t going to fly in this unique time. … I’ve written laws to keep the old rules off your back and I did it under the idea that it was possible for technology leaders to do better. I’m concerned that your employers are now proving me wrong, and time is running out.[5]

There is no need to embed the broad safe harbor in Section 230 of the CDA into NAFTA. Even Google acknowledged this recently in a submission to a United Kingdom House of Lords Communication Committee’s inquiry on regulation of the internet. Contrary to what is being lobbied for in NAFTA, in the United Kingdom submission Google endorsed the liability framework in the European Union which only provides immunity to innocent intermediaries when they do not have knowledge that content they host violates applicable law or control or influence the content arguing that this framework has supported a vibrant Internet in the EU:

The legal framework setting out platforms’ responsibilities, underpinned by the e-Commerce Directive (ECD) has been effective in navigating this challenge. The internet is a complex ecosystem and relies upon the collaboration of multiple players including, but not limited to, users, content creators, Internet Service Providers, domain owners, hosting providers, advertisers, etc. The current framework provides a robust regime for responsibility and action, whilst also protecting a free and open internet. It balances the interests and responsibilities of all of these players – supporting transparent, responsible and informed sharing of user generated content. It ensures that those who post material online take responsibility for the content that they produce whilst also fixing platforms with a clear responsibility to act if they are notified of illegal content.

The ECD has the advantage of setting out different requirements for different types of intermediaries, rather than being aimed at a particular business activity. It has led to the growth of a wide variety of services and business models, and is flexible enough to cover the multiplicity of activities and content types online. For example, an online news site can contain content authored by the news organisation, along with material licensed from third parties and user-generated comments – the news site will be directly responsible for the editorial content it publishes, but will have different legal responsibilities with respect to user comments that the website is hosting as an intermediary. This online intermediary liability regime has fostered the huge economic and cultural benefits of the internet while ensuring platforms are taking appropriate and speedy actions in removing unlawful content.

It is important to note that the flexibility and nuance of the ECD’s platform responsibility provisions have allowed companies like ours to continue to invest in innovative ways of tackling harmful content online. Whether it’s developing a state of the art content management system for copyright owners through Content ID on YouTube, or the use of machine learning to help identify violent extremism content, we are always looking for ways to more effectively and efficiently carry out our responsibilities. This work augments our notice-and-action model and builds upon our strong cooperation with law enforcement, trusted flaggers and our community of users.[6]

Canadian and other Commonwealth country courts take an approach that is similar to the approach under the EU Ecommerce Directive. They generally only hold online intermediaries liable for publication of tortious or other illegal material when they cease to be passive intermediaries such as when they continue to host defamatory content after receiving notice that the content is defamatory.[7] Canadian law also enables courts to order online Intermediaries to take down or disable access to illegal materials including to enforce injunctions against online malfeasors, something a recent California Supreme Court has said the CDA also prohibits.[8] The existing Canadian, Commonwealth and EU standards provide a much better balance between the protection of the public and providing Internet platforms with an immunity for content they don’t control or influence or don’t or can’t reasonably know about.

There is no need for the proposed Internet platform immunity in the new NAFTA. However, should it remain in, care must be taken in working out the details of the requirement. The wording in the Fact Sheet does not clearly require the kinds of immunities provided for by Section 230 of the CDA. Undoubtedly, however, if the provision remains in the trade negotiators will be fleshing out what the summary in the Fact Sheet means. The Canada negotiating team should be wary of importing Section 230 into the new NAFTA.


[1] “Google pushes NAFTA end-run to thwart bills on child-sex-trafficking”, Google Transparency Project, online:; Letter to Ambassador Lighthizer, Secretary Guajardo, and Minister Freeland, January 21, 2018 online:; Michael Geist “Canada’s Missing Internet Provision: Why NAFTA Offers the Chance to Establish Long Overdue Online Speech Safeguards”, December 1, 2017, online: According to the U.S. Summary of Objectives for the NAFTA Renegotiation, the U.S. is seeking to “[e]stablish rules that limit non-IPR civil liability of online platforms for third party content, subject to NAFTA countries’ rights to adopt non-discriminatory measures for legitimate public policy objectives.”Office of the United States Trade Representative, Executive office of the President, Summary of Objectives for the NAFTA Renegotiation, November 2017 at

[2] Collin Lecher “SEN. RON WYDEN ON BREAKING UP FACEBOOK, NET NEUTRALITY, AND THE LAW THAT BUILT THE INTERNET”, The Verge, July 24, 2018, online:; “MPAA Comments to the NTIA on Internet Policy Priorities”, July 17, 2018, online:; Mary Leary, In bid to amend Communications Decency Act, Congress must side with trafficking victims, The Hill, 07 September 2017; Andrew Bolson, The Internet Has Grown Up, Why Hasn’t the Law? Reexamining Section 230 of the Communications Decency Act; 27 August 2013 at; Ed Klaris and Alexia Bedat, United States: Congress to Weaken Section 230 of the Communications Decency Act?, 20 January 2017 at ; George Pike, Scrutiny of Google and Facebook Increases on Both Sides of the Atlantic, 07 November 2017 at ..

[3] Danielle Keats Citron* and Benjamin Wittes “THE PROBLEM ISN’T JUST BACKPAGE: REVISING SECTION 230 IMMUNITY” 2 GEO. L. TECH. REV. 453 (2018), online: See, also, Mary Graw Leary “The Indecency and Injustice of Section 230 of the Communications Decency Act”, 41 HARV. J. L. & PUB. POL’Y

553 (2018), online:

[4] “Portman on the Senate Floor: SESTA Already Making A Significant Difference in Combating Online Sex Trafficking” July 19, 2018, online,

[5] Senator Wyden, Introductory Remarks by Pre-recorded Video at Santa Clara University

Conference: Content Moderation & Removal at Scale (Feb. 2, 2018), The broad scope of the CDA was recently also criticized by Judge Cuellar (with whom Judge Stewart concurred) in a dissenting opinion in Hassel v Bird, Cal. Rptr. 3d 867 (S.Ct.Cal;. 2018) “Even — indeed, perhaps especially — in a society that values free expression, people expect courts and statutes to offer them minimal protections from disparaging misrepresentations or abject lies deliberately circulated to the public. Today’s plurality opinion does not. Despite clear evidence that the federal Communications Decency Act of 1996 (47 U.S.C. § 230 (hereafter section 230))[25] was no trump card letting providers of “interactive computer service” (§ 230(f)(2)) such as Internet platforms evade responsibility for complying with any state court order involving defamation or libel, the plurality opinion posits that our state’s protections against the willful spread of false, damaging information are just not compatible with the Internet. In reaching this conclusion, the plurality opinion unfortunately misconstrues the Communications Decency Act and misapplies our precedent. It also runs the risk of misjudging the consequences of implying, in the early 21st century, that protections from libel, defamation, so-called “revenge porn,” and similar actions are plenty available except, of course, where they arguably matter most: on the digital network that gives a lone voice in the public square a megaphone loud enough to be heard in the most remote corners of the planet.”

[6] Online: The EU E-commerce framework was also endorsed by the Internet Service Providers’ Association (ISPA UK), online: “Since its inception in 2000, the E-Commerce Directive has served both the public and the industry well with a robust and flexible legal framework. There is currently a live debate about what the nature of the regulation of the internet should be following Brexit and ISPA is eager to make constructive contributions to this debate wherever possible; however, we would caution against diverging significantly from the guiding principles of the Directive which have struck an appropriate balance between the competing considerations at play. In its submission, Facebook also referred to the E-commerce Directive framework without criticism and accepted it had a responsibility to protected people from hqarmful content, online:, “At the outset, it is worth noting that there is extensive regulation that applies online and for internet companies. Under the e-Commerce Directive platforms have significant responsibilities to remove illegal content when notified. In addition the EU General Data Protection Regulation fundamentally regulates the way that platforms such as Facebook can handle data. There is a range of other broad regulatory frameworks, for example covering competition, which equally apply to the online and offline environments. Facebook believes it has a broader sense of responsibility including in relation to the content on our platform and the experience of our users. At Facebook, we believe everyone online should be empowered to manage risks and stay safe and that technology companies have a responsibility to take action to protect people from harmful content.” For a summary of the decisions of the CJEU interpreting the EU Directive, see, Eleonora Rosati “Has the CJEU quietly changed the conditions for safe harbour availability?” August 22, 2018 online:

[7] See Society of Composers, Authors and Music Publishers of Canada v. Canadian Assn. of Internet Providers, [2004] 2 SCR 427 and Crookes v. Newton, 2011 SCC 4, describing the attributes of passive instrumental intermediaries; Barry Sookman, “Google’s loss in online defamation case Trkulja v Google good reason to resist CDA in NAFTA” June 25, 2018, online: In the U.K., see Gavin Sutter, The UK’s Broad Rejection of the §230 Model, The Recorder, 10 November 2017

[8] See, Hassel v Bird, Cal. Rptr. 3d 867 (S.Ct.Cal;. 2018).

Print Friendly, PDF & Email
%d bloggers like this: