Each month, our panel of crypto lawyers looks at the legal implications of some of the thorniest problems facing the industry in different jurisdictions around the world.
The arrest of Telegram CEO Pavel Durov in France has reignited a global debate on the rights and responsibilities of social media platforms.
Is it right to arrest a founder for criminal behavior on their platform they had nothing to do with? Critics have likened it to arresting the head of a phone company because criminals discussed a crime on a call.
The European Union has rolled out increasingly restrictive laws with the Digital Services Act (DSA) and the General Data Protection Regulation (GDPR).
The DSA sets strict obligations for online platforms to tackle illegal content and ensure transparency. Meanwhile, the GDPR is a comprehensive law that governs how personal data is collected, processed and stored.
With vast amounts of user-generated content (UGC) flowing across global platforms, where do we draw the line between free speech, internet safety and privacy?
Magazine spoke with a panel of legal experts to find out more: Digital & Analogue Partners co-founder Catherine Smirnova in Europe, co-chair of the Hong Kong Web3 Association Joshua Chu from Asia, and Rikka Law Managing Partner Charlyn Ho from the United States.
The discussion has been edited for clarity and brevity.
Magazine: Durov has been charged in France for allegedly allowing criminal activity and illicit content on his social media and messaging platform. We don’t often see tech executives held directly responsible for what happens on their platforms. Why do you think this case is different?
Ho: It surprised me that something like this could result in the arrest of a CEO. Often, there would be a lot of publicity around issues of perhaps fostering or permitting illicit activity over a platform, but it doesn’t typically result in the arrest of the CEO. There are so many platforms that permit the types of communications that Telegram permits. But to have the CEO arrested is quite interesting.
Smirnova: The jurisdiction was also quite surprising, I would say, because we could expect it in any country without such transparent regulation regarding digital platforms, but not in France.
From the very beginning, I didn’t think that this arrest, and detention, was anyhow connected to the creation of Telegram itself or to DSA. This was highly speculated now that DSA is in action. DSA is about companies’ liability, not personal liability.
Chu: When the news broke, it was easy for us to quickly take sides because the French police also did a poor job at drip-feeding information. We had no idea what he was arrested for, and many people assumed they were looking into Telegram’s messages. It later emerged that one of the main issues was certain illicit materials being published on their public platform, which is essentially a blog.
If you are a tech platform and you have been alerted by law enforcement that you are displaying child pornography, for example, you simply can’t ignore it.
Read also
Features
Block by block: Blockchain technology is transforming the real estate market
Features
Real AI use cases in crypto, No. 3: Smart contract audits & cybersecurity
Magazine: There’s a growing tension between platform responsibility and user freedoms. How do you see regulatory frameworks like the DSA or the Digital Markets Act reshaping the way platforms are held accountable for user content?
Smirnova: The DSA may not be as well-known as its counterpart, the DMA (Digital Markets Act). It applies to all online platforms, not just the large companies targeted by the DMA.
Originally, internet regulation in the EU and UK was based on the principle that no online platform could be liable for content posted by others. But the internet has changed significantly since its inception, and it’s both fair and reasonable to find a balance. On one hand, we have the freedom of the internet and speech; on the other, we need to make the internet a safe space — comparable to a city street.
In the US, you might see a similar trend there. While there isn’t federal regulation yet, several states have introduced laws aimed at protecting minors online. This mirrors the EU’s approach, where the DSA’s precursors were national laws aimed at internet safety, particularly for minors.
Ho: As Catherine said, there’s not a tremendous amount of specific internet safety laws on the federal level (in the US). There are certain laws that are broad and may potentially touch on aspects of internet safety, particularly with respect to children.
On the state level, there are pushes for laws. In California, you have the Age-Appropriate Design Code, which models the UK Age-Appropriate Design Code, but that has encountered legal challenges in the courts and hasn’t been fully rolled out yet.
Internet safety is a very complex topic. There is content moderation, which may potentially be covered under the Communications Decency Act. One of the key points is that unless you’re a publisher of content, you’re not generally liable. But a few years ago, an amendment was passed at the federal level that did away with that liability shield for child exploitation materials. It’s called SESTA. Regardless of whether you were the actual publisher of that content, there were certain liabilities that could apply to the platform.
Read also
Features
How to resurrect the ‘Metaverse dream’ in 2023
Features
Forced Creativity: Why Bitcoin Thrives in Former Socialist States
Magazine: What limitations do local governments face when enforcing their laws on global platforms?
Chu: The data privacy law in Hong Kong is governed by the Personal Data Privacy Ordinance (PDPO), which is often criticized as antiquated. Introduced right after the handover, it reflects standards that even the UK has since moved away from with the introduction of GDPR. Moreover, Hong Kong has several data privacy provisions that, although passed, have not been enacted for over 20 years. This situation is appealing to companies because cross-border data transfer issues are not yet enforced, making Hong Kong an attractive business hub due to the lack of regulatory changes, influenced by both political and commercial reasons.
Tying this back to the topic of publication platforms, the issue of content removal comes into play. For instance, if you want to remove content from YouTube stored in the US, the Hong Kong government can only enforce laws within its own jurisdiction. The most they can achieve is to have it geo-blocked so it’s not accessible within Hong Kong, rather than removed entirely from the internet.
A police officer is merely a tourist outside their home jurisdiction unless they have consent from another jurisdiction.
Smirnova: GDPR has significantly influenced the market. I would even say not only the European market but all markets globally.
(It’s similar to) the SEC. We all know that the SEC acts like it’s investigating whatever it wants across the globe, even concerning companies not headquartered in the US. The same applies to GDPR.
GDPR affects every company, regardless of where it’s headquartered or whether it has legal representatives in the EU. The crucial factor is whether the company handles the private data of European citizens. GDPR also influences US regulations because they are always trying to harmonize their approaches to data. It has impacted all companies in many ways, such as requiring the localization of European users’ data within the EU and imposing strict rules on data transfer across borders.
Ho: The way the SEC operates and how privacy laws work are not exactly comparable. The SEC is an executive agency in the US, and they frankly have a very vague scope of authority. As we’ve seen, there’s been a lot of debate about whether they’ve exceeded their authority.
An executive agency in the US must be granted authority under federal law to have a specific mandate, and if they exceed that mandate, they are essentially operating outside their legal bounds. I think the SEC is not necessarily the model we should look to for how society should be governed.
Laws are passed by legislators who are elected, at least in Europe and the United States. Regardless of one’s political stance, this is how laws are made.
In terms of privacy law, and specifically GDPR, Articles 2 and 3 clearly outline who is responsible for compliance. It’s either a company established within the European Union or a company outside the EU that monitors the behavior of EU data subjects or offers goods and services to them.
Read also
Features
Exclusive: 2 years after John McAfee’s death, widow Janice is broke and needs answers
Features
DeFi vs. CeFi: Decentralization for the win?
Magazine: Platforms are increasingly seen as responsible for moderating harmful or illegal material. What do you see as the limits of this responsibility, and how should we balance privacy, safety and free speech?
Chu: These platforms are not law enforcement agencies and have no obligation to patrol the internet, approving content. They are more reactionary, and it’s up to the authorities to flag content as problematic. Even then, they must go through proper channels to address these issues. For instance, because the internet is largely borderless, the most a tech company based overseas might do, in terms of a court order, is to geo-block certain content. To actually remove content, one must navigate through the relevant jurisdictions to obtain the necessary court orders.
Smirnova: I agree they are not the police, and their primary duty is to react when they receive information about illegal content. I wouldn’t say they should receive this information only from the police, which was the norm before the DSA. The E-Commerce Directive adopted in 2000 in the EU had the same rule: You are not liable unless you, as a platform, were informed that the content is illegal. So, there were no pre-moderation obligations.
However, considering the amount of data we produce and consume every day, society needs new tools of control — in a positive sense, of course — although these can be used negatively like anything else. Especially with AI-generated content, it’s unrealistic to expect that a special department in the police or the FBI is responsible for determining which content is allowed and which is not, and if not, to apply a claim to the platform only after a compliance process. It doesn’t work like this anymore. In some countries, it still works this way, like in Brazil, where Judge (Alexandre) de Moraes has a special responsibility for the internet in a country of 200 million people.
Ho: Depending on who’s using the platform, there are First Amendment issues in the United States. We’ve had situations where political parties have pressured media companies like Meta to suppress messages such as those related to COVID. If the government directs a private company to suppress messages, that potentially raises constitutional issues.
Where the average person gets confused is that platforms themselves are not obligated to provide freedom of speech — because they aren’t the government. Only the government has to respect the Bill of Rights. A platform has every right to introduce content moderation policies, and they can determine how much or how little they want to police the content.
Subscribe
The most engaging reads in blockchain. Delivered once a
week.
Yohan Yun
Yohan Yun is a multimedia journalist covering blockchain since 2017. He has contributed to crypto media outlet Forkast as an editor and has covered Asian tech stories as an assistant reporter for Bloomberg BNA and Forbes. He spends his free time cooking, and experimenting with new recipes.