Good News! USMCA (a/k/a NAFTA 2.0) Embraces Section 230-Like Internet Immunity

There’s a lot to digest in the USMCA, the NAFTA 2.0 replacement that shall not be called NAFTA. This post focuses on one piece: USMCA Article 19.17 requires its signatories to adopt Internet immunity provisions similar to Section 230. (I assume USMCA will be ratified by all three countries, but this is not guaranteed).

This is a major development in global Internet Law–and, I think, incredibly good (and unexpected) news. I believe this is the first time any international treaty or free trade agreement has affirmatively embraced Section 230-like immunity. It could be a first step towards a future where Section 230-like protection propagates to other treaties/FTAs and potentially morphs into a new global norm. Unfortunately, I don’t see how this could realistically happen in light of Europe’s continued retrenchment from the E-commerce Directive (which itself is a fair distance away from Section 230). Still, with the major North American players all embracing broad Internet immunity, anything is possible.

* * *

Here is the text applicable to Section 230:

Article 19.17: Interactive Computer Services

1. The Parties recognize the importance of the promotion of interactive computer services, including for small and medium-sized enterprises, as vital to the growth of digital trade.

2. To that end, other than as provided in paragraph 4 below, no Party shall adopt or maintain measures that treat a supplier or user of an interactive computer service as an information content provider in determining liability for harms related to information stored, processed, transmitted, distributed, or made available by the service, except to the extent the supplier or user has, in whole or in part, created, or developed the information.[FN8]

[FN8: For greater certainty, a Party may comply with this Article through its laws, regulations, or application of existing legal doctrines as applied through judicial decisions.]

[Article 19.1 says “information content provider means any person or entity that creates or develops, in whole or in part, information provided through the Internet or any other interactive computer service;” and “interactive computer service means any system or service that provides or enables electronic access by multiple users to a computer server.”]

3. No Party shall impose liability on a supplier or user of an interactive computer service on account of:

(a) any action voluntarily taken in good faith by the supplier or user to restrict access to or availability of material that is accessible or available through its supply or use of the interactive computer services and that the supplier or user considers to be harmful or objectionable; or
(b) any action taken to enable or make available the technical means that enable an information content provider or other persons to restrict access to material that it considers to be harmful or objectionable.

4. Nothing in this Article shall:

(a) apply to any measure of a Party pertaining to intellectual property, including measures addressing liability for intellectual property infringement; or
(b) be construed to enlarge or diminish a Party’s ability to protect or enforce an intellectual property right; or
(c) be construed to prevent:
(i) a Party from enforcing any criminal law; or (ii) a supplier or user of an interactive computer service from complying with a specific, lawful order of a law enforcement authority.[FN9]

[FN9: The Parties understand that measures referenced in paragraph 4(c)(ii) shall be not inconsistent with paragraph 2 in situations where paragraph 2 is applicable.]

5. This Article is subject to Annex 19-A.

Annex 19-A says:

1. Article 19.17 shall not apply with respect to Mexico until three years after entry into force of this agreement….

4. For greater certainty, Article 19.17 is subject to Article 32.1 (General Exceptions), which, among other things, provides that, for purposes of Chapter 19, the exception for measures necessary to protect public morals pursuant to paragraph (a) of Article XIV of GATS is incorporated into and made part of this Agreement, mutatis mutandis. The Parties agree that measures necessary to protect against online sex trafficking, sexual exploitation of children, and prostitution, such as Public Law 115-164, the “Allow States and Victims to Fight Online Sex Trafficking Act of 2017,” which amends the Communications Act of 1934, and any relevant provisions of Ley General para Prevenir, Sancionar y Erradicar los Delitos en Materia de Trata de Personas y para la Protección y Asistencia a las Víctimas de estos delitos, are measures necessary to protect public morals.

* * *

A comparison of Article 19.17 and Section 230:

  • Section 230 contains several findings and policy statements. USMCA only has one, but it’s a good one: the Internet is good for digital trade.
  • Like Section 230, Points 2 and 3 use the terms “interactive computer service” and “information content provider,” and the definitions of those terms resemble Section 230’s definitions. Still, it’s unfortunate that a 21st century legal document embraces such antiquated terms. In particular, the ICS definition maintains Section 230’s ambiguous application to providing/enabling “electronic access by multiple users to a computer server.” The text makes it clear that ICS covers more than Internet access providers, but the phrasing is a throwback to the 1990s online ecology.
  • Points 2 and 3 refer to “suppliers” of ICS rather than Section 230’s “providers.” This seems like an immaterial change.
  • Point 2 does not include Section 230’s “publisher or speaker” requirement. Instead, it says ICS suppliers/users shall not be treated as ICPs for determining liability for third party content. While this should mean that websites aren’t liable for third party content, the language could create gaps. For example, in theory, a website could be liable for third party content under a legal doctrine that doesn’t purport to treat the defendant as the ICP–even if the claim is otherwise based on third party content.
  • Point 2 retains Section 230’s notion that an ICS “supplier” can partially “create or develop” information that comes from a third party. This concept has been the source of significant Section 230 jurisprudential angst because neither the “develop” or “in part” terms clearly map to the many (and diversity of) steps involved in preparing and disseminating content.
  • Point 3(a) tracks Section 230(c)(2)(a) pretty closely. It even includes the “good faith” requirement that has caused the functional demise of this safe harbor. However, Point 3(a) does not include the laundry list of objectionable content categories; it simply refers to catch-all categories of “harmful or objectionable” content. Those omissions are logical because the caselaw has typically been based on 230(c)(2)’s “objectionable” provision anyway.
  • Point 3(b) tracks Section 230(c)(2)(b) closely.
  • Article 19.17 doesn’t include an analogue to Section 230(d), an outmoded and irrelevant provision that requires consumer disclosures about filtering technology.
  • Points 4(a) and (b) address Section 230(e)(2). Point 4(b) is virtually identical to Section 230(e)(2)’s text. Point 4(a) is new, and I don’t understand it. What does it mean to “apply to any measure of a Party pertaining to intellectual property”? One likely interpretation is that Point 4(a) reinforces what Point 4(b) already says–i.e., the immunity doesn’t apply to IP claims–effectively making Point 4(a) redundant. Unfortunately, like Section 230, both Points 4(a) and (b) use the ambiguous phrase “intellectual property,” which isn’t nearly as clear as you might expect. Recall that Congress counter-intuitively excluded the federal trade secret law from the definition of “intellectual property,” and the new Music Modernization Act expressly says that the newly federalized pre-1972 sound recordings (which aren’t federal copyrights) are IP for Section 230 purposes. Congress will likely keep clarifying what is and isn’t IP in future laws. I’m not sure how clear the definition of “IP” is in Canada or Mexico. Odds are good that this point creates some thorny border cases in both countries.
  • Point 4(c)(i) covers the same ground as Section 230(e)(1). However, Section 230(e)(1)’s examples are specific to the US, so to internationalize it, Point 4(a)(i) applies to “any criminal law.” This raises an interesting point for US law. Section 230(e)(i) only excludes federal criminal law from Section 230, but Point 4(a)(i) says nothing “in this Article shall be construed to prevent a Party from enforcing any criminal law.” The reference to “any” criminal law presumably covers both state and federal criminal law, unlike Section 230’s express exclusion only for federal criminal law (and the newly added state crime exclusions in FOSTA). My understanding is that, in International treaty vernacular, Point 4’s exclusions act as permissive qualifications of Points 2 and 3, i.e., signatories can exclude criminal laws from the immunity, or not, their choice. If so, the US would still be in compliance with Point 4(c)(i) whether Section 230 excluded all criminal law, none, or somewhere in between like Section 230(e)(1) currently does. I hope that’s the case.
  • Point 4(c)(ii) has no analogue in Section 230. In general, Section 230 has not restricted law enforcement data collection efforts, so I’m not sure what circumstances this would apply to.
  • Article 19.17 doesn’t include an analogue to Section 230(e)(4), the ECPA exclusion, which makes sense because that exclusion generally describes a null set of liability.
  • Unlike Section 230(f), Article 19 does not define either the “Internet” or “access software provider,” omissions that I see as inconsequential.

* * *

A few other comments:

  • FN 8 reiterates the typical rule that countries can satisfy their treaty/FTA obligations through statutes or caselaw. My understanding is that Canada may initially adopt the posture that its caselaw is sufficient for compliance, rather than pursue new legislation. This would be an aggressive position because I don’t think Canadian cases have uniformly reached outcomes that are consistent with Section 230. For example, Canada relies on an “innocent dissemination” defense to defamation, while Section 230 applies to defamation cases even when the online republisher has some scienter about the defamatory content. Furthermore, as I’ll explain in a forthcoming essay, there are significant procedural gaps between a statutory immunity and common-law doctrines, even if both approaches reach substantively identical outcomes. Simply put, properly drafted statutory immunities should result in faster and cheaper judicial resolutions, and for that reason they should be categorically preferred. If Canada relies on common law for compliance, it will likely forego Section 230’s critical procedural benefits.
  • Annex 19-A(1) gives Mexico 3 years to comply. Unlike Canada, it appears Mexico plans to enact new legislation to comply because it doesn’t have much jurisprudence on the topic. Creating a new statutory Internet immunity is a major commitment on Mexico’s part, and a very welcome one. The legislative change could spur innovative new Mexican-grown startups as well as open up Mexico to more relocation and job creation by non-Mexican Internet companies.
  • Annex 19-A(4) reiterates that there is a catch-all exception for “measures necessary to protect public morals.” I’ve been told that this phrase has a precise meaning in international trade circles, and countries must jump through some procedural hoops to invoke it. As a non-expert in such things, the exception seems to have a problematic interplay with Internet immunity. We know that censorial and dictatorial regimes routinely justify their repression and censorship on the pretext that they are protecting public morals. Furthermore, I’m not sure if the public morals exception in other trade agreements has ever intersected with a speech-enhancing provision like Internet immunity, so we might be in terra nova; the public morals exclusion might be more problematic as applied to Article 19.17 than it has proven in other contexts. If the public morals exception can be abused, it could easily moot the entire immunity. To reinforce why this exclusion confuses me, 19-A(4) expressly identifies FOSTA as a measure that was “necessary to protect public morals.” But as we’ve quickly confirmed, FOSTA wasn’t “necessary” to redress sex trafficking or the sexual exploitation of children; indeed, it’s most likely counterproductive to both goals. And much of FOSTA already fit into Point 4(c)(i)’s exclusion of criminal laws, so extra justification for FOSTA wasn’t necessary.

* * *

Article 19.17 represents a huge step forward in protecting online intermediaries and the third party speech they publish. Section 230 plays a crucial role in  the Internet ecosystem, and international proliferation of its principles could spur innovation globally and protect a lot of socially valuable speech that is now being suppressed. Furthermore, as a statement of North American principles, the USMCA might help check Europe’s ever-expanding and seemingly accelerating effort to make all user-generated content illegal.

This blog routinely trashes Trump, but getting Internet immunity into USMCA is an important (if exceptionally rare) win for his administration. Another person who deserved credit for this development is Sen. Wyden, who has been a tireless advocate for Section 230 generally and  its inclusion in trade agreements specifically (along with Sen. Thune). I have also heard repeated praise for Ambassador Lighthizer and the USTR negotiators, who successfully incorporated this controversial provision into NAFTA renegotiations despite pushback from Canada, Mexico, and special interests in the US. If I’m missing anyone who deserves a shoutout, please let me know so I can give credit where it’s due.

A reminder that earlier this year, I wrote and submitted a letter on behalf of 55 signatories urging the NAFTA negotiators to add Section 230-like protection to NAFTA.