AustLII Home | Databases | WorldLII | Search | Feedback

Precedent (Australian Lawyers Alliance)

You are here:  AustLII >> Databases >> Precedent (Australian Lawyers Alliance) >> 2016 >> [2016] PrecedentAULA 3

Database Search | Name Search | Recent Articles | Noteup | LawCite | Author Info | Download | Help

Svantesson, Dan Jerker B --- "Internet jurisdiction: today and in the future" [2016] PrecedentAULA 3; (2016) 132 Precedent 4

INTERNET JURISDICTION

TODAY AND IN THE FUTURE

By Dan Jerker B Svantesson

In a particularly insightful article published in 1998, Bernadette Jew noted that: ‘In considering the legal issues relating to jurisdiction and their application to the internet, we are forced to think beyond the question of whether we “should” regulate the internet and to consider whether we actually “can” regulate the internet.’[1]

Today, the question of whether we should regulate the internet has already been answered – we both should and must do so. Regulating the internet is necessary to create trust in the internet; trust that benefits everyone online. But where are we at with the question of whether we actually can regulate the internet? The answer is of course that progress has been made during the 17 years since Jew’s article was published. However, that progress has been slow and we are still far from arriving at satisfactory solutions.

This article seeks to highlight a somewhat eclectic selection of particularly topical issues within the broad field of internet jurisdiction. First, I focus on just how easily we expose ourselves to foreign laws when acting online by reference to a few noteworthy recent Australian cases. Secondly, cloud computing presents both legal perils and legal opportunities, while international data privacy law embodies the greatest current internet jurisdiction challenge for (online) business. Finally, I speculate as to how we may best move forward in this complex, but fascinating, field of law.

MULTIPLE JURISDICTIONS

Due to the internet, we are constantly exposed to the laws of, and potential lawsuits from, foreign countries. To realise the scale of the problem, we need only consider the number of laws we are exposed to by engaging in social media, such as Facebook or LinkedIn. What countries’ laws do you need to take into account when posting on social media?

First of all, if you are in Australia, you will need to consider relevant state and federal laws, and given that most social media providers are based in the US, you will also need to take account of US law. Then, if your posting relates to another person, you may need to take account of the laws of the country in which that person is based, as well as the laws of any other countries in which that person may be enjoying a reputation, or to which s/he otherwise has a strong connection.

But that is, of course, not the end of the matter. Under the law of many, not to say most, countries focus may be placed on where content is downloaded or read. This means that you will also need to take into account the laws of all the countries in which your Facebook ‘friends’ or LinkedIn ‘connections’ are found; and, less predictably, the laws of all the countries in which they may be located when reading your post. It goes without saying that the number of additional legal systems to be considered grows with the number, and geographical diversity, of your friends or connections, and in light of the mobility of people, may never be fully ascertained at the time of posting.

Then things get rather messy. Given that your posts may be re-posted, you also need to take into account the laws of all the countries in which re-posted versions of your posting may be downloaded or read. Here you – as the original poster – obviously lose all possibilities of predicting the scope of laws you may be exposed to.

As if this was not complicated enough, we must also bear in mind that content placed on social media platforms is often stored in ‘the cloud’, and while we as users may not necessarily be able to find out where our content is stored, we may be legally obligated to consider the laws of the country in which the content is stored. Finally, content posted may, depending on both your settings and on how your social media platform treats those settings, be available to third parties and you may then need to also let the laws of the locations of those third parties guide your conduct.

This legal situation, of extraordinary complexity, is what 1.49 billion Facebook users expose themselves to on a daily basis; and the problems are obvious. While required to abide by a large, and unpredictable, number of foreign laws, internet users have no realistic chance of gaining access to all those laws, they cannot understand all those laws and therefore have no realistic prospect of actually abiding by those laws apart from doing so by coincidence. This highlights the dilemma that even though we may have decided that we should regulate the internet, we are yet to really figure out how that is to be done. Clearly, the described reality must affect how we regulate the internet, and what the lawmaker can reasonably expect.

AUSTRALIAN LAW

As far as private international law rules are concerned, the laws are largely similar between the different Australian states and territories. However, that does not alter the fact that Australia would benefit from more active steps towards further – why not complete – harmonisation in this field between the different Australian states and territories. Indeed, as noted by Beaumont: ‘There seems to be a consensus that the very varied provisions on direct jurisdiction in the states and territories of Australia are in need of reform to provide greater legal certainty and to reduce or eliminate exorbitant fora.’[2]

An important step towards reforming Australia’s private international law was taken in 2012 when the Attorney-General's Department – in no small part prompted by the internet’s development – issued two discussion papers that generated a substantial number of submissions.[3] However, the current state of the reform project is perhaps appropriately summarised by what is found on the Attorney-General's Department’s website under the heading ‘Improving private international law’.[4] There, at the time of writing, we find reference to materials from 2012 as well as a broken hyperlink to the now abandoned Standing Council on Law and Justice. It consequently seems that serious reform is some way off yet.

Searching the law reports – or more conveniently, searching the Australasian Legal Information Institute (AustLII) – one quickly finds that Australian courts produce a trickle rather than a flood of decisions on matters of Internet jurisdiction. Thus it is no surprise that the now classic Gutnick case,[5] decided by the High Court in 2002, remains the most influential Australian case in the field on internet jurisdiction. By now it has been cited extensively in several countries around the globe, not least in common law countries. In fact, in Australia the Gutnick case has been relied upon as a justification for placing focus on ‘downloading’ rather than ‘uploading’ also outside the context of defamation.[6] This doubtlessly represents a significant stretching of the conclusions that can be drawn from a case in which defamation-specific principles were so clearly determinative. In other words, the decision in the Gutnick case was a direct result of legal principles specific to defamation law. Consequently, great care must be taken in applying that decision to disputes outside the field of defamation law.

At any rate, looking at more recent decisions, there are a few that deserve particular mention. Starting in the field of cross-border Internet defamation, as observed by Slane, it is important to bear in mind that the Court in the Gutnick case ‘did not assume jurisdiction merely because the defamatory article was available on websites, but rather because it was actually accessed in Australia by Australian subscribers’.[7] This difference between, on the one hand, mere theoretical accessibility, and actual access, on the other hand, is of course significant. At the same time, the distinction is not always as clear as a superficial examination may suggest. After all, in many internet defamation cases, proving the actual number of times the defamatory content has been accessed is highly problematic. And where such evidence is lacking, the practical distinction between actual access and mere accessibility is not quite so clear. As noted by McColl J in the 2012 case of David v Abdishou:[8]

‘It is self-evident that a plaintiff can prove publication without calling evidence in every case that the matter complained of was in fact communicated to a third party. As Gatley says [...], if the plaintiff “proves facts from which it can be inferred that the words were brought to the attention of some third person, he will establish a prima facie case”. This will be so if it is a matter of reasonable inference that the matter complained of was “actually seen and read by some third party”[.]’[9]

Nevertheless, courts have stressed that, while a new cause of action arises on each occasion of downloading,[10] rules about multiplicity of proceedings may preclude suing upon each and every such cause of action.[11] In the 2015 case of Gacic v John Fairfax Publications Pty Ltd, Barrett JA pointed out that: ‘A plaintiff theoretically entitled to commence multiple defamation actions is [...] compelled to exercise restraint.’[12]

All this is important in relation to the question of whether a court will claim jurisdiction over a cross-border Internet defamation matter or reject it as an abuse of process. In one such case – Bleyer v Google Inc – the Supreme Court of New South Wales stated that:

‘That is not to say that the number of actual downloads identified in any individual case will always be determinative as to the likely scope of publication. It is always open to a plaintiff to identify additional facts, matters and circumstances on the strength which a wider scope of publication may be inferred, such as the popularity of the relevant website, the public profile of the plaintiff and any other factor pointing to the likelihood of the defamatory web page being downloaded by a broader range of people.’[13]

Remaining in the field of cross-border internet defamation, cases such as Duffy v Google Inc & Anor [2011] SADC 178[14] draw attention to a highly interesting question of relevance in cross-border internet defamation cases; that is, against whom should the plaintiff take action? A central feature of the dispute was whether Google’s local branch, Google Australia Pty Ltd, could be held liable for the search results produced by the Google Inc from the US. The plaintiff in the Duffy case suggested the following as justifying the conclusion that Google Australia Pty Ltd had the ability to remove the search results in question: ‘After the plaintiff’s proceedings were served on Google Australia, [...] but before they served on Google Inc, six of the URL links that were the subject of her claim were removed from the domain www.google.com.au.’[15] While this undeniably hints at a degree of influence, the court correctly noted that there is a difference between, on the one hand being able to influence another party so as to achieve a particular outcome and, on the other hand, having control over a matter.[16] In light of this, and other factors taken into account by the court, the order sought against Google Australia Pty Ltd was refused.

The argument that actions against Google search must be directed at Google Inc does not lack merit. After all, Google Inc alone operates the search engine and an order against a local branch obligating it to remove search results when it has no control over the search engine must be seen to require it to undertake something it simply does not have the power to comply with. However, it seems that courts increasingly reject this type of legal argument[17] and, in my view, globally active internet intermediaries – including search engines – ought to abandon this type of tactic which essentially confers a complicating international dimension on what are domestic disputes.

Turning to the area of jurisdiction in online contracts, it is relevant to point to Benson v Rational Entertainment Enterprises Ltd.[18] There, the plaintiff claimed that the website terms in question, including a choice of forum clause, had not been brought to his attention. The terms appear to have been provided in the form of website terms and conditions,[19] and the court accepted this contracting form without discussion. In fact, the court seems to hint at a general willingness to uphold changes to the choice of forum clause in a browse wrap contract where a person continues to use a website after terms have changed in the browse wrap agreement.[20] However, due to the ‘exceptional circumstances’ of the case, the court stated that it:

‘would not accept that the defendants could change the terms and conditions simply by establishing on their website a means for customers to click upon an icon and open the terms and conditions, without the defendants taking some additional step to positively warn their customers that the terms and conditions had changed’.[21]

While this case highlights that there are limits to the circumstances under which the courts will uphold unilateral changes to choice of forum clauses not brought to the website users’ attention, the question is of course whether such a change would be upheld in the absence of ‘exceptional circumstances’.

CLOUD COMPUTING’S COMPLICATING INFLUENCE ON INTERNET JURISDICTION

We are now firmly in an era of cloud computing, and there can be no doubt that more and more services, content and processes will move ‘to the cloud’. Early debates about Internet jurisdiction and the cloud centred on the argument that it is difficult, or even impossible, to identify the location of online activities in the cloud. While we need to continue that discussion, the greater concern as the debate has matured the greater concern is that many online activities, intentionally or unintentionally, touch upon the territories of states without having any real substantial connection with those states. For the lawmakers, this is a serious challenge, and our current laws are quite frankly not ‘smart’ enough to properly deal with this issue. This no doubt gives a significant degree of control to lawyers with a solid understanding of internet law and cloud computing. In other words, for the lawyer who understands this field, the current laws represent a huge opportunity, and for those lawyers who lack the relevant skills, the current situation represents a perilous quagmire.

INTERNATIONAL DATA PRIVACY LAW – THE LATEST AREA OF CONTROVERSY IN INTERNET JURISDICTION

One need go back only 15 years to reach a time where data privacy laws were gaining little mainstream attention; it was a field inhabited by a small number of experts mainly working as privacy advocates. Now, data privacy law is big business and since the year 2000 amendment extending the Privacy Act 1988 (Cth) to parts of the private sector, the Australian legal profession has developed considerable expertise in domestic data privacy law. However, while Australia’s domestic data privacy law, and the enforcement of that law, has some maturing to do, the biggest current data privacy challenges (at least for businesses) are to be found in the international arena. First of all, Australian businesses, and therefore the legal profession, need to take note of the considerable extraterritorial reach of foreign data privacy laws. Most significantly, the proposed EU General Data Protection Regulation makes an intentionally wide jurisdictional claim that will capture all Australian businesses that act on the EU market.[22] Second, the October 2015 decision[23] of the Court of Justice of the European Union (CJEU), invalidating the EU-US Safe Harbour arrangement allowing personal data to be exported from the EU to the US, has sent serious shockwaves and any business that transfers personal information across borders needs to carefully pay attention to the developments in that field.

THE WAY FORWARD FOR INTERNET JURISDICTION

All the above highlights that the area of internet jurisdiction is still developing and, in many ways, is maturing. Arguably the biggest obstacle for serious reform is the fact that, under our current structures, territoriality is the cornerstone of all thinking on jurisdictional claims – a state has the exclusive right to regulate all that occurs in its territory for the simple reason that it occurs in its territory. However, strict territoriality is ill-equipped for today’s modern society, which is characterised by constant, fluid and substantial cross-border interaction, not least via the internet. As noted by Jew back in 1998: ‘while the age-old idea of stretching existing laws to the new technology may appeal as the most straightforward solution, it is simply not a viable one in the case of the internet. The internet is too flexible a structure to be pinned down and controlled by territorial laws.’[24]

Ultimately, we will need to abandon territoriality as the core concept based on which we assess jurisdictional claims. Elsewhere, I have advanced the following three principles that I believe constitute the jurisprudential core on which our thinking on jurisdiction ought to be based:

In the absence of an obligation under international law to exercise jurisdiction, a state may only exercise jurisdiction where:

(1) there is a substantial connection between the matter and the state seeking to exercise jurisdiction;

(2) the state seeking to exercise jurisdiction has a legitimate interest in the matter; and

(3) the exercise of jurisdiction is reasonable given the balance between the state’s legitimate interests and other interests.[25]

A proposal for such a fundamental change will no doubt need to spend time in fermentation before being palatable to a broader public. Yet, since the use of territoriality as the point of departure for jurisdictional assessments is the biggest obstacle for real progress, we need to take this first step towards substantial reform at some point.

This article has been peer reviewed in line with standard academic practice.

Dan Svantesson is Professor and Co-Director, Centre for Commercial Law, Faculty of Law, Bond University (Australia); researcher, Swedish Law & Informatics Research Institute, Stockholm University (Sweden). Professor Svantesson is the recipient of an Australian Research Council Future Fellowship (project number FT120100583). The views expressed herein are those of the author and are not necessarily those of the Australian Research Council. EMAIL Dan_Svantesson@bond.edu.au.


[1] B Jew, ‘Cyber Jurisdiction – Emerging Issues & Conflict of Law when Overseas Courts Challenge your Web’ (1998) 24 Computers and Law, at 24.

[2] P Beaumont, Series Editor’s Preface, in A Dickinson et al (eds), Australian Private International Law for the 21st Century (Hart Publishing, 2014), px.

[3] Attorney-General’s Department, Private International Law Consultation, (December 2012), was the main paper.

[4] http://www.ag.gov.au/Internationalrelations/PrivateInternationalLaw/Pages/ImprovingPrivateInternationalLaw.aspx (accessed 13 November 2015).

[5] Dow Jones and Company Inc v Gutnick [2002] HCA 56.

[6] See, for example, Australian Competition & Consumer Commission v 1Cellnet LLC [2004] FCA 1210.

[7] A Slane, ‘Tales, techs, and territories: Private international law, globalization, and the legal construction of borderlessness on the Internet’ (2008) 71 Law & Contemporary Problems 129, at 142.

[8] [2012] NSWCA 109.

[9] David v Abdishou [2012] NSWCA 109, para 286. See also: Bristow v Adams [2012] NSWCA 166.

[10] For an interesting discussion of this ‘multiple publications’ rule in the Internet setting, see: U Connolly, ‘Multiple Publication and Online Defamation – Recent Reforms in Ireland and the United Kingdom’ (2012) 6(1) Masaryk University Journal of Law and Technology, 35.

[11] Gacic v John Fairfax Publications Pty Ltd [2015] NSWCA 99, para 245 (per Barrett JA).

[12] Ibid, para 246 (per Barrett JA).

[13] Bleyer v Google Inc [2014] NSWSC 897, para 30.

[14] See also Trkulja v Google (No. 5) [2012] VSC 533, as well as the New Zealand case, A v Google New Zealand Ltd [2012] NZHC 2352.

[15] Duffy v Google Inc & Anor [2011] SADC 178, at para 24.

[16] Ibid, at para 25.

[17] See, for example, Google Spain SL, Google Inc v Agencia Española de Protección de Datos, Mario Costeja González (Case C-131/12) and Equustek Solutions Inc v Jack (2014) BCSC 1063.

[18] [2015] NSWSC 906.

[19] The court noted that: ‘In a manner that is common with websites, the contents of this site are set out in a manner that enables a person, who has accessed the site, to click on particular documents in order to open them. It appears that, when the plaintiff obtained the printouts that he annexed to his affidavit, he was selective in the documents that he opened. He did not select and open, and print out, the ‘Terms & Conditions’. The defendants’ solicitor did.’ (Benson v Rational Entertainment Enterprises Ltd [2015] NSWSC 906, para 60).

[20] ‘The defendants did not tender any evidence to establish that the plaintiff had utilised his contract with the defendants (for example, by playing games of poker) in a manner that would support a submission that he had elected to continue his contract, but on the standard terms and conditions issued by the defendants.’ (Benson v Rational Entertainment Enterprises Ltd [2015] NSWSC 906, para 66).

[21] Ibid [2015] NSWSC 906, para 67.

[22] General Data Protection Regulation, Article 3.

[23] C-362/14 (Schrems).

[24] B Jew, see note 1 above, at 38.

[25] D Svantesson, ‘A New Jurisprudential Framework for Jurisdiction: Beyond the Harvard Draft’ (2015) 109 American Journal of International Law Unbound, 69-74.



AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.austlii.edu.au/au/journals/PrecedentAULA/2016/3.html