Author: Samitha M, Jain University

The development of digital technologies and cloud computing has significantly impacted the way data is generated, stored, and transmitted across international borders. Internet intermediaries such as social networking sites, cloud storage services, search engines, and online shopping sites are international in scope and often host data in multiple countries at any given time. The international dimension of data hosting has raised important issues of jurisdiction with regard to the applicable law and enforcement. The law on intermediaries varies significantly across countries. In some countries, the law grants wide immunity to intermediaries, whereas in other countries, the law requires intermediaries to exercise control over the content.

This study aims to explore jurisdictional clashes that occur in cross-border data hosting services with regard to intermediary liability. The study follows doctrinal and comparative methodologies in conducting legal research. It examines legal provisions in India, the United States, and the European Union. It assesses key aspects in relation to jurisdiction, such as extraterritorial jurisdiction, safe harbor, due diligence, etc. The study reveals that there is inconsistency in legal frameworks that cause overlapping in jurisdiction. The study concludes that there is a need for a global standard in addressing jurisdictional clashes in cross-border data hosting services.

Keywords:

• Intermediary Liability, 

• Cross-Border Data Hosting,

• Jurisdictional Conflict, 

• Safe Harbour Protection,

• Digital Platforms, 

• Extraterritorial Jurisdiction

The development of the digital economy has significantly changed the way we communicate, trade, and exchange information. Internet intermediaries are key players in this new digital economy, which facilitates the hosting and transmission of user-generated content on a large scale. Internet intermediaries include internet service providers, cloud storage providers, social media, search engines, and content hosting sites. These are essentially the facilitators of interactions between users and online content, rather than the creators of such content.

Cross-border data hosting is defined as “the hosting of data produced in one jurisdiction on servers in another jurisdiction with global access.” This gives rise to complex legal issues. Multiple jurisdictions may have jurisdiction over the same data, which may give rise to conflicting legal obligations. For example, data that is legal in one jurisdiction may be illegal in another jurisdiction due to differences in laws governing defamation, hate speech, privacy, or copyright.

Jurisdictional conflicts in cross-border data hosting have also arisen due to the fact that traditional legal frameworks are territorially-based, whereas digital platforms have global reach. The location of users, servers, headquarters, and harm caused is also taken into account. Courts have been extending extraterritorial jurisdiction in cross-border data hosting cases. This means that intermediaries have to comply with domestic laws even if the data is located in another jurisdiction. This gives rise to confusion regarding compliance obligations.

 Intermediary liability is also particularly relevant in instances involving harmful content, copyright infringement, misinformation, hate speech, and privacy infringement. There are instances whereby safe harbour immunity is accorded to intermediaries, which protects them from liability for third-party content. Other instances require intermediaries to be proactive in monitoring and removing unlawful content. This leads to fragmentation in regulation.

This paper examines jurisdictional conflicts arising from intermediary liability in cross-border data hosting environments. It compares regulatory frameworks in India, the United States, and the European Union, identifies legal challenges, and proposes harmonized standards to regulate intermediaries effectively.

Existing literature on intermediary liability reveals that it is an area of debate and discussion, and there is a need to balance the level of intermediary liability in the context of user-generated content. The initial frameworks offered wide safe harbour immunity to protect the interests of innovation and growth of online platforms. However, over time, with the rise of concerns over harmful online content, there is a need to hold intermediaries more accountable.

In India, Section 79 of the Information Technology Act, 2000 grants conditional safe harbour immunity to online platforms and service providers. The section states that if the intermediary follows due diligence and does not alter or add to the information generated by the user, it is not liable to be held accountable. The Supreme Court of India in the case of Shreya Singhal v. Union of India clarified the level of intermediary liability and stated that the intermediary should not be required to delete information unless it is done in accordance with government notification or court orders.

The United States adopts a broad immunity model under Section 230 of the Communications Decency Act. Courts have interpreted this provision expansively, protecting intermediaries from liability for third-party content. Scholars argue that this approach promotes innovation and free speech but may reduce accountability for harmful content.

However, the European Union has adopted a regulatory approach through the Digital Services Act. The Act has due diligence obligations, transparency requirements, risk assessment obligations, and content moderation. According to literature, it is observed that the EU model tries to balance accountability and innovation. However, it also imposes higher compliance costs.

Moreover, literature also indicates that there are issues related to jurisdiction in cross-border data hosting. Scholars have emphasized that global platforms face conflicting laws as different jurisdictions impose different laws. The content that is allowed in one country is disallowed in other countries.

However, limited research specifically addresses jurisdictional conflicts arising from intermediary liability in cross-border data hosting environments. This study fills that gap by providing a comparative legal analysis.

This research adopts doctrinal and comparative legal methodologies to examine jurisdictional conflicts arising from intermediary liability in cross-border data hosting environments. The doctrinal method focuses on analyzing existing legal frameworks, statutory provisions, and judicial decisions that govern intermediary liability. Primary legal sources such as legislation, rules, and case law form the foundation of this analysis. These sources are examined to understand the scope of safe harbour protection, due diligence obligations, and the circumstances under which intermediaries may be held liable for third-party content. The doctrinal approach also involves interpreting judicial precedents that clarify the responsibilities of intermediaries and the extent of jurisdiction exercised by courts in cross-border disputes.

In addition to primary sources, secondary materials including scholarly articles, academic commentaries, policy papers, and institutional reports are also reviewed. These materials assist in identifying theoretical perspectives, policy debates, and evolving regulatory trends relating to intermediary liability. The use of secondary sources further helps in understanding practical challenges faced by intermediaries and the need for harmonized regulatory standards. By synthesizing both primary and secondary materials, the research develops a structured understanding of the legal landscape governing cross-border data hosting.

The comparative methodology is employed to analyze regulatory approaches adopted in India, the United States, and the European Union. These jurisdictions represent distinct models of intermediary liability. India follows a conditional safe harbour approach, the United States provides broad immunity to intermediaries, and the European Union imposes proactive regulatory obligations. Comparing these models helps identify differences in legal standards, compliance requirements, and enforcement mechanisms. The comparative analysis highlights inconsistencies that contribute to jurisdictional conflicts in cross-border digital environments.

This research is purely doctrinal in nature and does not involve empirical data collection, interviews, or surveys. The objective is to identify legal gaps, examine conflicting approaches, and propose harmonized intermediary liability standards to reduce jurisdictional uncertainty and promote effective cross-border digital governance.

Intermediaries are those entities which enable the interaction of users without any involvement in creating original content. These include internet service providers, hosting sites, search engines, and social networking sites. Intermediary liability is defined as “the legal responsibility of internet intermediaries for third-party online content.”

In the past, internet intermediaries were considered to be neutral entities and were not held responsible for any content posted by users. However, with the advent of digital technologies, these entities are becoming increasingly involved in disseminating online content. This has led to demands for greater accountability from them. On one hand, governments are demanding that these entities remove objectionable online content, while these entities are demanding safe haven.

Different jurisdictions adopt varying approaches. Some provide immunity subject to due diligence, while others impose proactive monitoring obligations. These divergent models create jurisdictional conflicts in cross-border environments.

Cross-border data hosting is defined as the storage of data in servers in other countries. The infrastructure for cloud computing allows for the intermediation of data in different countries. This leads to issues in determining which country’s laws will be applicable.

Jurisdiction may be asserted based on:

1. Location of servers

Jurisdiction may be claimed by the country in which the data is stored, as it is argued that the infrastructure for the hosting of the content is within that country’s territory. There is also the possibility that intermediaries will be required to comply with local laws on data protection, privacy, and content regulation.

2. Location of users

A country may claim jurisdiction over the case if users within its territory have accessed or are affected by the online content. This is often cited as justification for applying local laws.

3. Location of the headquarters of the company

Jurisdiction can be exercised over the place where the intermediary company is incorporated or where it has its principal place of business. The government regulates the companies that are incorporated in its territory and makes them liable under its laws.

4. Place where harm is suffered

Jurisdiction can be claimed over the place where the harmful effect of the content is felt, irrespective of the location of the server. The ‘Effects Doctrine’ enables the government to regulate the content that is hosted online and which is causing harm in its territory.

These competing factors result in overlapping jurisdictional claims. Courts increasingly exercise extraterritorial jurisdiction, compelling intermediaries to comply with foreign laws. This creates uncertainty and increases liability risks.

Intermediaries may face penalties in multiple jurisdictions for the same content. This results in regulatory fragmentation and compliance difficulties.

The protection of safe harbour is provided to the intermediary, which gives immunity from any liability for the content of the third party, provided some specific conditions are fulfilled.

India follows the principle of safe harbour protection by Section 79 of the IT Act, which states that the intermediary should exercise due diligence in removing any unlawful content.

The United States follows the principle of safe harbour protection by Section 230 of the Communications Decency Act, which states that the intermediary is not liable for any content provided by the user.

The European Union has due diligence obligations through the Digital Services Act. Risk assessments must be undertaken, and moderation tools must be implemented.

The different rules create jurisdictional conflicts in cross-border environments.

The Jurisdictional conflicts arise because different countries follow different legal standards for intermediary liability.

India follows a conditional safe harbor model under the Information Technology Act, 2000. Intermediaries are granted immunity from liability for third-party content only if they follow due diligence requirements and remove unlawful content upon receiving notice from courts or government authorities. If intermediaries fail to remove such content, they may lose safe harbor protection and become liable. This creates a reactive compliance obligation for intermediaries operating in India.

The United States adopts a broad immunity model under Section 230 of the Communications Decency Act. This provision protects intermediaries from liability for content posted by users, even if the platform is aware of harmful content. Courts have interpreted this protection expansively, allowing platforms to host user-generated content without strict monitoring obligations. This approach promotes free speech and innovation but reduces intermediary accountability.

The European Union follows a stricter regulatory model under the Digital Services Act. It imposes proactive obligations such as transparency requirements, risk assessments, and content moderation duties. Platforms must actively monitor and mitigate harmful content.

These differing approaches create uncertainty for global intermediaries, as they must comply with inconsistent legal obligations across jurisdictions.

1. Legal Uncertainty

Intermediaries deal with various countries that have varying legal regulations and standards when it comes to online content, privacy, and liability. Since digital content is accessible across the globe, various countries’ laws may be applicable to the same platform or digital content. There is ambiguity in the application of the country’s laws that need to be complied with. For instance, if the platform is in one country and the content is accessed in another country, it may be subject to the laws of the second country. There are no uniform global regulations and standards. The rules and regulations that need to be complied with by the intermediaries are unpredictable.

2. Compliance Burden

Intermediaries have to comply with numerous legal requirements. Some of them include data protection laws, content removal laws, transparency laws, and reporting laws. Each jurisdiction may have its own set of laws, which makes it essential for intermediaries to develop unique compliance mechanisms. This adds complexity and cost, especially for smaller intermediaries. Moreover, there is also a need for developing content moderation mechanisms. There have been numerous changes in laws, which adds complexity for intermediaries. Therefore, it is essential for intermediaries to be aware of legal changes.

3. Conflicting Obligations

There is also the possibility that different jurisdictions may have conflicting legal obligations that need to be fulfilled by intermediaries. Some content may be legal in one jurisdiction but not in another. For example, in one jurisdiction, there may be a legal obligation that requires intermediaries to block certain content, but in another jurisdiction, there may be an obligation that requires intermediaries not to block that same content. This is likely to create legal dilemmas for intermediaries. If they do not comply with one jurisdiction’s laws, they may be liable in that jurisdiction, but if they comply with that jurisdiction’s laws, they may be liable in the other jurisdiction.

4. Over-Blocking of Content

To avoid liability and regulatory penalties, intermediaries may adopt a cautious approach by removing or blocking content even when it is lawful. This practice, known as over-blocking, occurs when platforms prioritize risk avoidance over content evaluation. Automated filtering systems may also incorrectly identify lawful content as harmful. Over-blocking negatively affects freedom of expression and access to information. Users may experience unjustified removal of legitimate speech, criticism, or political commentary. Excessive content removal may also undermine transparency and accountability. Thus, fear of liability often leads intermediaries to restrict lawful content beyond what is legally required.

5. Extraterritorial Enforcement

The courts are increasingly using their extraterritorial jurisdiction to order intermediaries to remove content located outside their territory. This implies that the intermediary has the obligation to abide by the court order in another country, irrespective of the absence of its physical presence. This is an extension of the territory of the country’s legislation. There are cases where the intermediary is faced with conflicting orders from different courts to remove or retain the content. This is a challenge to the intermediary. Extraterritorial enforcement is also seen to be against the principles of sovereignty, considering that the legislation of one country has universal implications.

Jurisdictional conflicts in cross-border data hosting scenarios have led to the development of considerable ‘regulatory fragmentation.’ Digital intermediaries are known to be ‘cross-border actors,’ and the legal regulations in place are ‘territorial in scope.’ This has led to the development of multiple and conflicting legal regulations that digital intermediaries need to comply with in the context of content moderation, privacy protection, data localization, and liability.

For instance, a platform may be required to remove certain content under one jurisdiction’s hate speech laws, while another jurisdiction may protect the same content under freedom of expression guarantees. This overlapping regulatory structure complicates operational decision-making and exposes intermediaries to potential liability in multiple jurisdictions simultaneously. 

Another challenge in the context of intermediary liability is over-regulation. In some jurisdictions, over-regulation can put pressure on the intermediaries to invest heavily in monitoring obligations and compliance. This can act as a barrier to entry for new innovators, especially for small players. Excessive regulation can also put pressure on the intermediaries to take a conservative approach, which may result in the blocking of legitimate online expression.

In addition, strict liability regimes may discourage intermediaries from providing open platforms for user-generated content, which may undermine the growth of digital communication and information exchange. However, it is also possible that over-regulation may pose significant risks. For instance, if intermediaries are accorded immunity from liability without adequate accountability, there is a possibility that injurious material like misinformation, hate speech, and privacy infringement will increase. The ability of victims of unlawful content to seek remedies will be impeded if intermediaries are not held liable. There is also a possibility that regulatory oversight will reduce incentives for responsible content moderation policies by platforms. Accordingly, it is important that an effective balance is struck between users’ rights and intermediary liability.

International cooperation is a necessity to effectively deal with jurisdictional conflicts. As digital platforms are global in nature, regulation of these platforms by individual countries or states is not sufficient. States should strive for harmonization of intermediary liability norms through international agreements or a set of regulatory norms. States may strive for a common understanding of what constitutes illegal content, a common notice and takedown system, and a common standard of due diligence.

Clear jurisdictional principles should also be developed to identify the applicable laws in international disputes. Various factors, such as the location of the harm, targeted audience, and location of business, may be considered for establishing jurisdiction. Further, there may be a need for the mutual recognition of legal orders between countries, which may help resolve any conflicting obligations. Such coordination may help in ensuring proper regulation of intermediaries in the global digital ecosystem.

Cross-border data hosting has greatly influenced the evolution of digital governance in terms of smooth communication, information sharing, and easy access to online services worldwide. However, the aforementioned technological advancement has also given rise to complex jurisdictional issues in the realm of intermediary liability. Intermediaries transcend territorial boundaries, but laws are still territorial in nature. Therefore, it is possible that numerous jurisdictions claim their authority over the same content, and hence there is an overlapping of laws. This is a precarious situation faced by the intermediary, as it is forced to deal with different sets of laws related to the regulation of content, privacy, and liability in different jurisdictions simultaneously.

A comparative study of regulations in India, the United States, and the European Union reveals differences in regulatory approaches. The approach in India is conditional safe harbour, in which intermediaries are required to remove unlawful content. The approach in the United States is broad immunity, in which freedom of expression and innovation are prioritized. The approach in the European Union is due diligence, in which intermediaries are required to be proactive in terms of transparency and risk assessment. This is causing confusion for international intermediaries, especially in cases involving dual jurisdictions in which content is hosted in one country and accessed in another. This leads to conflicting regulations and over-removal or non-compliance.

The absence of harmonized global standards further intensifies jurisdictional conflicts. Without coordinated regulation, intermediaries must develop separate compliance mechanisms for different jurisdictions, increasing operational costs and complexity. This fragmentation may hinder innovation and create barriers for smaller platforms. At the same time, insufficient regulation may fail to address harmful content and protect user rights. Therefore, a balanced framework is necessary to ensure accountability without undermining technological growth.

International cooperation and harmonization of the underlying principles in the regulations could be crucial in dealing with these challenges. Clear jurisdictional rules, similar notice and takedown procedures, and recognition of each other’s legal systems could be helpful in mitigating the problems that might arise.

Books

• Christopher Kuner, Transborder Data Flows and Data Privacy Law (Oxford Univ. Press 2013).

• Mark Van Hoecke, Methodologies of Legal Research (Hart Publ’g 2011).

• Lilian Edwards, Law, Policy and the Internet (Hart Publ’g 2018).

Journal Articles

• Anupam Chander & Uyên P. Lê, Data Nationalism, 64 Emory L.J. 677 (2015).

• Jack M. Balkin, Old-School/New-School Speech Regulation, 127 Harv. L. Rev. 2296 (2014).

• Giancarlo Frosio, Reforming Intermediary Liability in the Platform Economy, 37 Berkeley Tech. L.J. 1 (2022).

• Dan Jerker B. Svantesson, Extraterritoriality in Data Privacy Law, 7 Int’l Data Privacy L. 1 (2017).

• Daphne Keller, Who Do You Sue? State and Platform Hybrid Power, Hoover Inst. Aegis Series Paper No. 1902 (2019).

Statutes and Regulations

• Information Technology Act, 2000, § 79 (India).

• Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, India.

• 47 U.S.C. § 230 (Communications Decency Act) (1996).

• Regulation (EU) 2022/2065, Digital Services Act, 2022 O.J. (L 277) 1.

• General Data Protection Regulation (GDPR), Regulation (EU) 2016/679.

  
  

  Case Laws

• Shreya Singhal v. Union of India, (2015) 5 S.C.C. 1 (India).

• Google LLC v. Equustek Solutions Inc., 2017 SCC 34 (Canada).

• Zeran v. America Online, Inc., 129 F.3d 327 (4th Cir. 1997).

• Glawischnig-Piesczek v. Facebook Ireland Ltd., Case C-18/18, ECLI:EU:C:2019:821.

Reports & International Documents

• OECD, The Role of Internet Intermediaries in Advancing Public Policy Objectives (2011).

• UN Human Rights Council, Report on Online Intermediaries and Human Rights, U.N. Doc. A/HRC/38/35 (2018).

• European Commission, Proposal for Digital Services Act (2020).