Legal and Regulatory Threats to ISP Business Models

February 18, 2010


The ISPAI, in association with EuroISPA, ran a free seminar (Invitation_ISPAI Seminar) for all Internet Service Providers, both ISPAI members and non-members, on Thursday 18th February 2010. The seminar was aimed at owners and managers of ISP businesses offering public access, hosting or communication services in Ireland.

Never before have ISPs and user-focused online services faced so much European legislation and pending trade agreements that threaten their viability and competiveness.

This seminar provided a briefing on measures which appear in Directives (some overdue for tranposition and some currently in draft stages) and new Trade Agreements that place costs and liabilities on providers. An outline was given of the EU legislative process and how ISPs’ views may be better represented.



Malcolm HUTTY

The EU Data Retention Directive, 2006/24/EC is now being transposed by member states and in Ireland, “Communications (Retention of Data) Bill 2009” is just entering the report stage – the final stage before it is passed as an Act. ISPs will be expected to retain the specified data from the day it is signed into law.

Therein lies the problem. The “specified data” is not particularly well specified, it is being interpreted differently in different member states. The range of permitted retention periods and lack of clarity in what constitutes serious crime are just two of the issues that has resulted in confusion for ISPs and deharmonisation rather than the intended harmonisation – which has serious potential to distort the market and competition for Internet business across the EU. The Commission has had to set up an expert group to advise on “guidelines” for interpretation of the Directive.

Malcolm is one of the few industry representatives on the expert group. He will share with you the key issues and options being considered. He will talk about the costs and the lack of consistent cost reimbursement across the EU. The Irish Government is unmoving in their selection of very rigorous requirements and insisting that there will be no cost reimbursement. This puts Irish ISPs and their customers at a competitive disadvantage to many other EU member states.

He also examines the realities ISPs will face – what happens when you get data requests? How can they be serviced so you don’t fall foul of data protection and privacy laws? What are the time and cost implications for your business as the evidence you provide winds its way through the court system? And what about compensation for your time and effort?


Isabelle De VINCK

Maybe because Belgium is also the seat of the European Union, it seems to attract more than its fair share of legislative proposals and court actions testing European Law. The ISP business has not escaped this trend.

Isabelle will outline various Belgian cases which have had implications for ISP liability and the cost of providing our services to the public. She will also show how one of the biggest problems facing ISPs is the lack of understanding by legislators and the judiciary of the way things work on the Internet. They are applying 19th and 20th centuary paradigms to 21st centuary realities.

She shows how a united industry front in Belgium has assisted in lobbying government and that working in a concerted manner with officials, media, and law enforcement agencies has successfully influenced the outcome allowing ISPs to escape to fight another day.



ISPs work under the protection of “mere conduit” provided under the e-Commerce Directive 200/31/EC. However, this is coming under threat from many directions. Civil defamation proceedings is one such area as too often ISPs are wrongly viewed as being in a position to take action.

A new Defamation Act came into force on 1st January 2010. Absurdly this does not take into account modern developments of Web publishing and user modifiable content. As an ISP providing the services, or hosting or giving access to blogging sites, web forums, etc. what is your liability? How are ISPs to know whether some blog or posting is defamatory or true. If an ISP receives some form of notification, how do you know it is not malicious? If you remove content too hastily you may in fact be defaming the originator and lining yourself up for a law suit.

Ronan will outline the law, the precedents that have been set elsewhere and how this is stacking up against ISPs. Ronan explores the exposure of ISPs caught between the “Devil and the Deep Blue Sea” of Defamation law.


Andrea examines how right-holders (particularly the recorded music companies) have been waging a war againast ISPs to protect their out-dated business models rather than changing to exploit the opportunites provided by the Internet. They have been spending fortunes lobbying at all levels to have laws changed and are pursuing court cases against ISPs rather than the infringers. They are now strongly lobbying for schemes that compensate for financial losses which they allege are due to downloading on the Internet but they play down other market trends of their own making impacting their revenues.

Andrea will also highlight how international negotiations currently led by the European Commission risk impacting negatively on the ISP’s business.



Unfortunately every great technology is exploited by those with criminal intent. The Internet is no exception and cybercrime in all its forms is a growing problem. While ISPs are protected from culpability as “mere conduits” (though that has limitations of acting in a reasonable time once notified) there are growing expectations of actions industry should take to prevent misuse of the Internet in the areas of child exploitation, fraud, racism, and now radicalisation.

Paul will give an overview of the shared service ISPAI provides to its members through to deal reactively with child pornography, in line with our obligations under the eCommerce Directive. This protects you and your business by dealing with such material in a manner agreed with Government and Garda. It takes away the need for your company to investigate and run the risk, not only of asking an employee (or yourself) to commit a criminal act – downloading child pornography, but of an employee traumatised by exposure to such material sueing you for damages.

He will then outline the current proposals being considered in the European Council and Commission and being promoted by various pressure groups which place severe liabilities and costs on ISPs. These are often based on misunderstandings of the existing reactive systems and threaten “mere conduit”. However, the legislators are shying from offering protection of a legal framework and talk about “non-legislative” measures. What do these mean for ISPs?




Malcolm HUTTY, Head of Public Affairs
LINX, The London Internet Exchange


Malcolm’s role at LINX involves liaising with government and regulatory authorities on behalf of the LINX’s membership of ISPs and other network operators, representing the interests of members to government and briefing members on regulatory developments.

In 2008 he was elected President of EuroISPA, the pan-European organisation of membership associations representing the interests of Internet Service Providers.

Malcolm also acts as Regulatory Affairs spokesman for Euro-IX, the European association of Internet Exchanges. He is a member of a number of organisations relating to Internet regulation in the United Kingdom, including the Communications Industry / Law Enforcement Liaison Group, the UK Council for Children’s Internet Safety and the Electronic Communications Resilience and Response Group

He has previously served as Chair of the Network Security Information Exchange, a Director of the Internet Watch Foundation and as an elected member of the Nominet Policy Advisory Board.



Isabelle De VINCK, Secreatry General
ISPA Belgium, The Belgian ISP Association


Isabelle runs the ISPA Belgium Secretariat and has been involved in the main regulatory issues affecting the ISP sectors in Belgium. She takes particular interest in Internet Regulation and attends a wide range of Government and Industry meetings in this area, providing strategic political advice and practical lobbying support to her members.

Before joining the Association, Isabelle worked in the marketing and communication field in a Brussels based IT company and at the Belgian Embassy in Harare (Zimbabwe), where she held the post of First Secretary.

Isabelle graduated with a Master’s degree in Business from ISC Saint Louis Business School (Brussels) and also holds a Master’s Degree in Political Sociology and in European Studies from the Free University of Brussels.



Ronan LUPTON, Barrister at Law
The Law Library, Four Courts, Dublin


Ronan Lupton, Barrister-at-Law, is a member of the Irish Bar. Ronan practices in the areas of commercial, chancery, defamation, intellectual property/copyright and competition law. Prior to practice he spent 12 years in various regulatory and engineering roles in the Internet and communications markets.

He served as Head of Regulatory Affairs at Verizon Business in Ireland. He is Chair of ALTO, a member of the Department of Justice, Internet Safety Advisory Council, Irish IPv6 Task Force, and the Irish ENUM Policy Advisory Board. He is an experienced industry and regulatory advocate and has worked on major international projects and transactions in the Internet and communications environment. He holds a BA (Management), M.Sc. (Strategic Management), and the degree of Barrister-at-Law (King’s Inns).



Andrea D’INCECCO, Public Affairs Manager
Political Intelligence and EuroISPA


Andrea D’Incecco is an Italian qualified lawyer. Before joining EuroISPA he worked for prestigious international law firms specialising in antitrust law, advertising law and consumer protection issues. Andrea also gained valuable experience in the IT regulatory field working as consultant in the legal and regulatory affairs department of a Swiss telecommunications company, Fastweb.

Andrea holds a LL.M. in European Studies from the Free University of Brussels. He graduated from the Law University of Teramo and spent a year at the Phillips Universitaet of Marburg in Germany as part of his undergraduate studies. In 2002, he completed a postgraduate degree in European Union Law from Pescara’s University of Economics and since 2006 he has been conducting Ph.D. research in competition law with the Law University of Perugia.



Paul DURRANT, General Manager
Internet Service Providers Association of Ireland (ISPAI)


Paul heads up the ISPAI secretariat based in Dublin which works to promote the interests of ISPs in Ireland. He also manages the ISPAI service, which provides a shared service for ISPAI members to deal with the legal obligations of ISPs to react to reports from the public of suspected illegal content on the Internet.

He is a member of the Internet Safety Advisory Council to the Government’s Office for Internet Safety. He is a member of the European Commission’s Safer Internet Focus Group and a EuroISPA Council member.

Paul has over 30 years experience in the Information and Communications Technologies sector providing Internet infrastructure, e-commerce and digital media production consultancy to the private sector, Government agencies and the European Commission, DG InfoSoc both as an independent consultant and later as Principal Consultant with Mason Communications. Previously he was M.D. of Multimedia Technologies Ireland, the national centre promoting digital media information systems development; Technical Director at CACI Dublin, developing simulation software applications and prior to this he worked in IBM Ireland for over ten years as a Software Development Manager and Systems Engineer.