With this article, I am about to launch a review of in-depth studies that aim to reveal the delicate issues of responsibility inherent in the publication of illegal content online.
The topic, in fact, now of daily relevance, involves not only the authors of the illicit contents but also the internet service providers that host the contents (better known as internet service providers or, more simply, ISPs) and, more or less indirectly , third party users of the contents.
Let's take for example a typical case (today, perhaps, one of the most common): John Doe, without Jerry Doe's authorization, shares content on a platform managed by an ISP that discredits Jerry Doe's honor and reputation.
Let's examine, in this first article, the position of John Doe.
The art. 15 of the Privacy Code states that “anyone who causes damage to others as a result of the processing of personal data is required to pay compensation pursuant to article 2050 of the civil code”. The second paragraph of art. 15, moreover, adds that non-pecuniary damage can be compensated even in case of violation of the obligation to process personal data in a lawful and correct manner.
So let's see what the Privacy Code means by "personal data". The art. 4, in this regard, establishes that this is "any information relating to a natural person, identified or identifiable, even indirectly, by reference to any other information, including a personal identification number".
Similarly, the European Regulation 679/2016 concerning the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data, establishes the right, for anyone who suffers material or immaterial damage caused by a violation of the regulation, to obtain compensation for damage.
Having said this, it should be noted that the right to privacy is configured under a double perspective: on the one hand, it is the right to exclude third parties from one's sphere of intimacy and private life; on the other hand, it is the right to maintain control over one's own information and, therefore, be the sole holders of the right to choose whether or not to publish one's own information.
Especially according to this last extended meaning, it seems perfectly acceptable to consider that the "damage" referred to in art. 15 of the Privacy Code does not necessarily have to lead to the injury of a personal value but may already exist in itself in the presence of an unauthorized publication of content relating to a person.
John Doe, therefore, by making public a content relating to the person of Jerry Doe, without his authorization, on a platform managed by an ISP, is in effect liable to action for damages by Jerry Doe for violation of the obligations established by the Privacy Code.
In the second part of this article, we will instead deal with the responsibility of the ISP in hosting the illicit content shared by John Doe.
For any further information on IT-legal matters, do not hesitate to contact SilentWave!