Out-Law News 2 min. read

Google executives not 'data controllers' and not liable for privacy infringement, rules Italian Supreme Court


Two senior Google staff members and another former executive at the company cannot be held liable for a breach of privacy caused when a video was uploaded to its Google Video platform in Italy, the Italian Supreme Court has ruled.

Italian lawyer Marco Consonni of Orsingher Ortu, who read the judgment, told Out-Law.com that the ruling "has finally put to a proper end" a case that had become world famous as a result of a "nonsense" decision by an Italian Tribunal four years ago.

The case came to prominence in 2010 when an Italian Tribunal ruled that Google's chief legal officer David Drummond, global privacy counsel Peter Fleischer and former chief financial officer George Reyes were criminally liable for a breach of privacy laws.

The Tribunal reached its judgment after assessing the men's responsibility for a video uploaded to the Google Video platform in September 2006 which showed Turin school pupils bullying an autistic schoolmate. Google previously said that that it removed the video "within hours of being notified by the Italian police" and that it helped police to identify the person who uploaded it.

However, Italian prosecutors said the video should not have been allowed to have been uploaded in the first place and charged four Google staff members with breaching rules on privacy and defamation. Drummond, Fleischer and Reyes were handed six-month suspended prison sentences by the Tribunal for a breach of Italy's privacy laws.

An appeal court in Italy overturned the Tribunal's original verdict last year, ruling that Google was not required to monitor the content of videos uploaded to its video platform.

The appeal court said that although Google was a 'data controller' responsible for the personal data of the people who upload videos to its site, it was not a data controller responsible for the processing of personal data within those videos. Only the users who uploaded the video were data controllers of the personal data of the persons seen in the video. As a consequence it was not Google's responsibility to obtain the consent of individuals' featured in the videos to the posting of those videos to its platform.

Consonni has now told Out-Law.com that the Italian Supreme Court has upheld the appeal court's judgment, following a challenge by Italian prosecutors.

He said the Supreme Court found that Google was merely acting as a host of content and that it could not be held liable for unlawful material others' uploaded as long as it was not aware of the existence of the material and that, when made aware of its existence, it removed it from its platform.

The EU's E-Commerce Directive protects service providers from liability for material that they neither create nor monitor but simply store or pass on to users of their service. Service providers are not exempt unless they act to remove illegal material once they are made aware of it. They also can lose exemption if they monitor content.

The Supreme Court said Google had removed the bullying video speedily enough when notified of its existence.

The Court also confirmed that the Google executives could not be deemed to be data controllers since they were not responsible for setting the purpose and method of processing of personal data uploaded to its video platform. The data controllers in the case were those who had uploaded the bullying video to the internet, it ruled.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.