Right to information also against access providers

A request for information according to § 18 para. 4 ECG is – contrary to the wording of the provision – not only possible against host providers according to § 16 ECG, but analogously also against access providers according to § 13 ECG. The Austrian Supreme Court saw a gap in the legal sense, because without an analogous application of § 18 para. 4 ECG to access providers, there would be a legal protection deficit for the infringer.

Since more and more infringements of rights – especially in the area of intellectual property and personality  rights – are committed “anonymously” via the Internet and since the distinction between the individual Internet providers (§§ 13 ff ECG: access and backbone, search engines, bashing, hosting, link providers) is becoming increasingly difficult in practice because many services “merge”, GEISTWERT welcomes this “extension” of the right to information. Of course, it should not be overlooked that the requirements for the request for information (“provided that they demonstrate an overriding legal interest in establishing the identity of a user and a specific unlawful circumstance and, moreover, that knowledge of this information is an essential prerequisite for prosecution” in § 18 para. 4 ECG) must be interpreted strictly, so that for a legally untrained person, namely the provider, the claim must be clear.

The decision is also to be welcomed because it means that providers can no longer hide behind the “killer argument” of data protection law. As far as core data are concerned, such as a unique e-mail address and probably also a (technically) static IP address, the telecommunications law does not stand in the way of information.

To the decision 6Ob226/19g of the Supreme Court dated May 20, 2020:

The plaintiff is a book author, historian and freelance journalist who writes a monthly guest column in an Austrian daily newspaper. In September 2018, her column appeared, which on the one hand called for support for women’s initiatives, but on the other hand called on them to rethink their “intolerant and one-sided agenda”. In response, an e-mail was sent from an e-mail address registered with the defendant to several domestic and foreign media. In the opinion of the plaintiff, that e-mail contained statements, for example “highly disturbed” and “permanently horny chick”, that were defamatory and damaging to credit,.

The e-mail address was in the name of S****, but the e-mail in question was signed by A****. The provider also allowed alias addresses and both persons were registered at the same address. To take civil and criminal action against the addressee of the e-mail address, the plaintiff submitted a request for information to the defendant. In doing so, it requested the first name, surname and address of the owner of the e-mail address registered with the defendant. The defendant refused to disclose the user data.

The plaintiff argued that due to the storage space made available, the defendant is a host provider and not an access provider. Therefore, it is subject to the obligation to provide information according to § 18 Abs 4 ECG. Furthermore, it is not reasonable to sue two people by chance.

The defendant argued that due to the small amount of storage space and the lack of the possibility to monitor the information provided, it is to be qualified as an access provider and is therefore not subject to the obligation to provide information.

The first instance court qualified the defendant as a host provider because it provides an e-mail server and stores the data until the e-mail is retrieved. In contrast, the court of appeal considered the defendant to be an access provider. The main argument was that there was only an intermediate storage of incoming e-mails and the technically required intermediate storage of sent e-mails for 30 seconds. However, the Higher Regional Court of Innsbruck allowed the appeal because there is no Supreme Court jurisdiction regarding the obligation to provide information by operators of a webmail service.

The Supreme Court allowed the appeal. A legal definition of the “service of the information society” is contained in § 3 subparagraph 1 ECG. This also includes an Internet service provider, whereby a distinction is made between access providers pursuant to § 13 ECG and host service providers pursuant to § 16 ECG.

However, the Supreme Court “circumvented” this distinction by considering the distinction to be irrelevant regarding the right to information:

The request for information according to § 18 Abs 4 ECG is limited to host service providers: “The service providers mentioned in § 16 have to provide the name and address of a user of their service, […], to third parties upon request“.

According to the wording, an access provider according to § 13 para. 1 ECG is a service provider that transmits the information entered by a user in a communication network or provides access to a communication network. According to § 16 para. 1 ECG, a host provider is a service provider that stores the information entered by a user.

It is disputed whether the storage alone is sufficient or whether it is also necessary to open access to the stored information to third parties to be considered a host provider according to § 16 ECG. Although the Supreme Court presents the different points of view in the literature as well as in the case law, it “circumvents” a final assessment: even in the case of an access provider, the obligation to provide information according to § 18 para. 4 ECG exists, namely through an analogous application.

Already in 2004, the Supreme Court recognized an analogous application of the request for information, but for telecommunication services. It held that these are comparable to service providers under § 16 ECG. Both only provide the technical devices and are generally not liable for the content distributed via their network. Due to the lack of a directly applicable right to information under the TKG, he affirmed the analogous application of § 18 (4) ECG.

The obligation to provide information is intended to enable persons whose rights have been violated by illegal activities of a user whose rights are not known to them to pursue legal action. However, if the provider of a webmail service is subject to § 13 ECG regarding the limitations of liability applicable to him, the ECG proves to be incomplete in relation to his own objectives. The web mail provider itself has no knowledge of the information sent due to the secrecy of communication in accordance with § 93 TKG and is therefore not liable for its content.

Without the infringer’s right to information, there would be a legal protection deficit. The Supreme Court has now remedied this legal protection deficit.