Italian prosecutors have filed criminal charges against four Google executives for permitting a video to be posted on a Google web site which allegedly violates Italian data privacy law. This appears to be one of the first cases in which company executives are charged with criminal violations of E.U. data protection laws.
In this case, a user uploaded a video to the Italian Google web site showing a student with Down syndrome being taunted by other students. Google promptly removed the video after it received complaints about it, but an advocacy group for people with Down syndrome filed a complaint with Italian authorities alleging defamation and privacy violations. According to the International Association of Privacy Professionals, the Italian prosecutors filed charges against Google's Global Privacy Counsel, Chief Legal Officer, a former Chief Financial Officer and a former Google Video executive.
Italian law does not hold ISPs liable for content on their web sites, but Italian prosecutors have alleged that Google is a content provider, not an ISP. It is important to remember that these are legal definitions under Italian law and not necessarily the same definitions we might think of under U.S. laws. American laws provide for a legal safe harbor for Internet content providers as they do for ISPs. As long as a U.S. Internet service or content provider removes objectionable content, neither is held liable for the actual content of the posting. But Italian authorities are prosecuting Google as an Internet content provider, rather than as an ISP, and Italy's penal code states that such providers are responsible for third-party content on their sites.
What is most striking about this case is the criminal charges which have been brought against individuals for the actions taken by the company. According to Italian law, the Google executives face a maximum sentence of 36 months in prison.
This case fires a warning shot to all company executives in the U.S. that might have put E.U. privacy compliance on the backburner and highlights the European data protection authorities' increasing efforts to target company executives for privacy violations and to charge such executives with criminal, not just civil, liability.
At Loeb & Loeb we provide guidance on navigating the complex European privacy laws as well as providing U.S. businesses with cross-border privacy compliance solutions. For more information on international privacy compliance, please contact Ieuan Jolly at firstname.lastname@example.org or +1.212.407.4810.
This client alert is a publication of Loeb & Loeb LLP and is intended to provide information on recent legal developments. This client alert does not create or continue an attorney client relationship nor should it be construed as legal advice or an opinion on specific situations. For more information, please contact a member of Loeb & Loeb's Privacy Group.
Circular 230 Disclosure: To assure compliance with Treasury Department rules governing tax practice, we inform you that any advice (including in any attachment) (1) was not written and is not intended to be used, and cannot be used, for the purpose of avoiding any federal tax penalty that may be imposed on the taxpayer, and (2) may not be used in connection with promoting, marketing or recommending to another person any transaction or matter addressed herein.