Why the Google-Italy Privacy Case Matters to Your Business
Posted by: Nick Leiber on March 03, 2010
What makes this event so troubling, and important not just for multinational corporations like Google but small startups, is that none of the three men had any connection with the incident at the heart of the case.
This is a post by guest blogger Jonathan I. Ezor.
On February 24, after a case lasting more than two years, an Italian court convicted three Google executives, including its global privacy counsel Peter Fleischer, of criminal invasion of privacy, and sentenced the men to six months in jail (although the sentences were automatically suspended under Italian law). What makes this event so troubling, and important not just for multinational corporations like Google but small startups, is that none of the three men had any connection with the incident at the heart of the case. In fact, at least in the case of Fleischer, his conviction arose because he happened to work in one country, for a company based in another country, because of Internet-based activity in a third country.
The case arose from a September 2006 posting on Google Video by a group of Italian students of a 3-minute video in which they bullied a learning-disabled classmate. The video was online for two months, at which point Google was notified by an advocacy group and removed it less than 24 hours later. In January 2008, Peter Fleischer, in Milan for a conference, was arrested in connection with the video posting, which allegedly violated Italy's privacy laws, and was later put on trial with Google colleagues David Drummond, senior vice president and chief legal officer, George Reyes, a former chief financial officer, and Arvind Desikan, a marketing executive. Although Desikan was acquitted, the other three were convicted, and now plan to appeal the verdict.
This is not the first time that the borderless nature of the Internet, and the conflicting legal regimes it crosses, has resulted in criminal cases brought against employees because of actions happening in another country. In one famous incident, after U.S.-based Compuserve connected its service to parts of the Internet in late 1995, its Munich-based general manager, Felix Somm, was arrested and later convicted in Germany on charges of spreading pornography based upon sexually explicit content available via his employer's service, even though Somm (like Peter Fleischer and his colleagues) had had nothing to do with either the creation or dissemination of the material; the conviction was finally overturned two years afterwards.
Whatever the ultimate result of the Google case in Italy, the broader implications for even small companies using the Internet are crucial. Even today, when legislatures and courts have a much better understanding of how the Internet works than may have been the case when Felix Somm was arrested, it is still possible for an employee of a company to face criminal charges in other countries for an Internet-based activity done by (or via) the employer's service that may have been perfectly legal in the company's or employee's home, even when the employee has no contact with the activity, merely because the Internet extended the company's reach into a place where the action was illegal. Nor is this limited to content-related cases alone. Consider a small U.S. software vendor that sells its products via download throughout the world, but doesn't collect taxes for sales outside of its home state. This could violate the EU's e-VAT directive, which requires any company selling digital content or services to consumers in Europe to collect and pay the relevant value-added taxes, whether or not the seller is Europe-based. If there happens to be a criminal penalty for failure to make such payments in a particular country, an executive from the software vendor might find an overseas business or personal trip cut short by her arrest on tax charges. Similarly, online contests and sweepstakes open to all countries may violate numerous local consumer protection laws, a growing issue given the popularity of Twitter-based prize promotions, and some countries' particular religious or political cultures may lead to criminal liability for even commonplace activities elsewhere.
Obviously, smaller companies in particular do not have the resources to research or comply with every possible country's laws, nor need they. On the other hand, to the extent that the business may have affiliates in other countries, or even may have employees or executives planning on traveling abroad, it can be helpful to at least consider what the company may be doing online, and whether it could violate local law in those countries where the company or its people may have exposure. If there is a significant possibility of problems, a call to counsel, or perhaps a change in destination, may be in order.
Jonathan I. Ezor is the director of the Touro Law Center Institute for Business, Law and Technology, and an assistant professor of law and technology. He also serves as special counsel to The Lustigman Firm, a marketing and advertising law firm based in Manhattan. A technology attorney for more than 15 years, Ezor has represented advertising agencies, software developers, banks, retailers, and Internet service providers, and has been in-house counsel to an online retailer, an Internet-based document printing firm, and a multinational Web and software development company.