Research on the Judgement Standard of the Duty of Care of Internet Service Providers

: The internet service provider’s tort liability for general fault tort liability, which means that network service providers bear the tort liability need to subjective fault for the elements, then for the network service provider's subjective fault judgement standard objectively to rise to the network service provider's reasonable duty of care judgement standard above the problem. Up to now, about the network service provider's duty of care standard judgement is still no clear provisions, in the legal and judicial fields are more controversial. This paper explores these issues through an analysis of trial practices, seeking to establish a more standardized approach to evaluating ISPs' duty of care. The findings suggest that adopting the "good manager" standard could significantly enhance the clarity and effectiveness of managing ISPs' tort liabilities. It proposes the establishment of a dedicated management association within ISPs to implement and oversee these management policies consistently across the sector. This approach aims to not only define but also enforce a reasonable duty of care standard that is both fair and practicable.


Introduction
As the Internet's scope and influence continue to expand, Internet Service Providers (ISPs) are increasingly woven into the fabric of daily life.Their services, ranging from online shopping and social media interactions to remote work and online education, have become indispensable.ISPs, as pivotal figures in the digital era, profoundly impact society's cultural, economic, and social dimensions.
The duty of care for ISPs is defined as the obligation to provide services responsibly, ensuring that users' lawful rights and interests are safeguarded.This includes, but is not limited to, protecting the security of users' personal information, providing accurate and reliable service content, and maintaining the health of the network environment.For example, online payment platforms must secure transaction data and user privacy, while social media platforms are tasked with mitigating misinformation and preventing cyberbullying.However, in practice, due to various reasons such as profit-driven and technical limitations, network service providers may not be able to fully fulfill these obligations, resulting in a series of legal disputes and social problems.In recent years, frequent data leakage incidents and online fraud cases have exposed the deficiencies of network service providers in fulfilling their duty of care.These problems not only damage the legitimate rights and interests of users, but also pose a threat to the healthy development of the network service industry.
The purpose of this study is to deeply explore the issue of duty of care of network service providers, and to clarify the responsibility boundaries and obligation requirements of network service providers through the analysis of relevant laws and regulations, cases and academic research results [1].We will examine the specific obligations faced by different types of network service providers and how they can be implemented in practice.In addition, this study will also discuss how to find a balance between innovation and regulation to promote the sustainable development of the network service industry based on the current development status and future trends of the network service industry.At the same time, corresponding policy recommendations and practical guidance will be put forward.These recommendations are intended to help network service providers better fulfill their duty of care, and also provide decision-making reference for government regulators to strengthen the supervision and management of the network service industry.We hope that through these efforts, we can promote the construction of a fairer, more transparent and healthier network service environment, so that network services can better serve the society and the public.

Current Legislation and Judiciary of Internet Service Providers' Duty of Care
ISPs play an important role in cyberspace by providing users with various network services, such as network access and content distribution.With the continuous development of network technology and the diversification of network applications, the responsibilities and obligations of ISPs have gradually received more attention.China has regulated the duty of care of ISPs in recent years, but still faces some challenges and deficiencies.

Current Status of Legislation
The legislative status of ISPs is characterised by diversity, with different countries formulating a series of targeted laws and regulations based on their own legal systems and network development.
In the U.S., for example, laws such as COPPA (Children's Online Privacy Protection Act) and CCPA (California Consumer Privacy Act) sets stringent standards for data protection, specifically targeting the way ISPs handle children's data and consumer privacy, respectively.These laws enforce strict compliance measures on ISPs, requiring them to adopt comprehensive data security protocols and transparent data handling practices [2].In the European region, represented by GDPR (General Data Protection Regulation), a comprehensive data protection framework has been constructed to meticulously regulate the data processing activities of ISPs, enforcing strict rules on data consent, user rights, and data breach notifications.GDPR has set a benchmark for data protection, influencing other regions to consider similar comprehensive approaches [3].China has also actively promoted the process of cybersecurity legislation through China's Cybersecurity Law and Personal Information Protection Law [4].These laws focus on strengthening ISPs' obligations to secure cyberspace and protect personal information, reflecting a growing concern over the stability and security of the digital environment [5].The legislation mandates ISPs to implement stringent data governance practices and to cooperate with government surveillance and censorship efforts, which raises unique challenges in balancing state security with user privacy.

Current Status of the Judiciary
The judiciary's interpretation of ISPs' duty of care varies significantly across cases, particularly in matters of tort liability.An illustrative example is the "Quan Zhou a company v. Wan mou, Zhe Jiang a company case" , where the plaintiff accused Zhe Jiang, a network company, of failing to adequately address complaints of infringement.The plaintiff demanded that Zhe Jiang be held jointly and severally liable.Zhe Jiang responded by implementing "delete and block" measures.Despite these efforts, the first trial rejected the plaintiff's claims, and during the appeal, the demand for Zhe Jiang to assume responsibility was withdrawn.This case highlighted the judiciary's interpretation under the notice-deletion rule, where Zhe Jiang's actions were deemed sufficient, thus absolving the company of joint liability.This situation underscores the necessity for clearer legal guidelines regarding what constitutes "reasonable measures" under the notice-deletion rule.
In the case of "Cai Jiming v. Baidu", Baidu did not take timely measures after receiving Cai Jiming's complaint of infringement, and did not take measures such as deleting the information until it received a formal letter from the lawyer.The court held that, baidu company in the period after receiving the complaint is slack in the performance of the management of the obligation of the aftermath, its subjective fault, leading to the expansion of the consequences of infringement damage, should bear the corresponding tort liability, netizens in the platform infringement of other people's rights and interests should bear the corresponding responsibility for negligence so the use of the principle of the rule of fault in this case.Under the premise of the principle of fault rules, "negligent management" of the determination of a clearer standard, whether more than one day can be judged as subjective fault, or a clear stipulation of how long the excess did not respond to be considered subjective fault.
The above cases show that the ISPs's duty of care also needs to consider the subjective fault issue.If ISPs are aware of the infringement but fail to take appropriate action, they may be found to have failed in their duty of care, and thus be held liable.

Scholarly Perspectives on the Duty of Care Standards for Internet Service Providers
ISPs not only guard the interests of copyright holders as well as Internet users, but also carry the important task of promoting the development of China's Internet economy.The duty of care is an important factor in determining whether an ISPs is liable for indirect infringement, and the establishment of its content and applicable standards is crucial for regulating the online environment.When setting up the duty of care for ISPs, it should be based on the principle of balance of interests, clarify the functional position of the duty of care for ISPs in specific cases, and at the same time, it is also necessary to take into account a variety of factors affecting the application standard of the duty of care for ISPs.

Adjusting Duty of Care Based on Judicial Discretion
One scholarly viewpoint emphasizes the need for flexibility in the duty of care standards applied to ISPs, suggesting that these standards should vary depending on the specifics of each case [6].This approach aims to prevent ISPs from becoming overwhelmed by overly stringent duties that might detract from their ability to manage network services effectively and promote industry development.
For instance, in scenarios involving routine data handling where risk of harm is low, a lower standard of care might be appropriate, whereas higher standards should be applied in situations involving sensitive user data or significant potential for harm [7].However, this flexible approach introduces challenges in judicial interpretation, as it grants judges substantial discretion in determining what constitutes a "higher" or "lower" duty of care.This can lead to inconsistencies in legal outcomes, potentially creating a legal environment where ISPs cannot predict how standards will be applied from one case to another.

Balancing Ex Ante and Ex Post Review Obligations
The second scholarly view is that ISPs should fulfill both proactive (ex ante) and reactive (ex post) obligations in monitoring their networks.The ex ante obligation requires ISPs to continuously monitor their networks to detect and mitigate potential illegal activities before they occur.This proactive approach is intended to prevent harm by ensuring that ISPs take preemptive action against potential violations, such as copyright infringement or the spread of illegal content.Conversely, the ex post obligation focuses on the ISPs' responsibility to act once they have actual knowledge of illicit activities.This typically involves removing or blocking access to infringing content upon notification.
The requirement to integrate both ex ante and ex post review obligations raises concerns about the practicality and enforceability of such measures.Critics argue that the expansive nature of ex ante obligations could stifle innovation and the free flow of information by imposing undue burdens on ISPs.This could potentially harm the platform's operational efficiency and conflict with the broader interests of online freedom and cultural diversity.Furthermore, the effectiveness of ex ante measures is often questioned due to the sheer volume of data and the dynamic nature of online content.On the other hand, relying solely on ex post measures might not sufficiently deter or swiftly address all types of online misconduct, particularly in rapidly evolving situations where delay can lead to significant harm [8].

Good Stewardship as a Standard of Care
A third view of scholars is that the standard of "good stewardship" should be used to clarify the ISPs' duty of reasonable care.Described by Rabeau, "the degree of knowledge of things should be such that it is neither the most careful nor the most careless, but is acquired by general ideas."If this standard is applied to the platform party's duty of care, the ISPs can have a relatively reasonable standard of review, and the judge can determine the subjective fault of the platform party through the standard of good stewardship.
The ISPs's standard of "good stewardship" is reflected in the fact that the ISPs is required to fulfil the form of review in normal circumstances, and to achieve Substantive Review.Formal review should be within the scope of the ISPs's discernment ability, and can be completed efficiently and quickly to avoid causing a lot of energy and financial losses.Good stewardship draws parallels with the Roman law principle of the "good father" (bonus pater familias), which judges an individual's actions against what is reasonably expected from someone in a similar situation.This analogy helps clarify the duty of care for ISPs, providing a clear and consistent standard that aids in legal assessments and helps ISPs understand their obligations [9].
By adopting this model, regulators can create guidelines that enable ISPs to implement effective, feasible measures to safeguard their networks and users, thus balancing operational efficiency with the duty of care.This balanced approach ensures that ISPs can continue to innovate and expand while maintaining a commitment to user safety and regulatory compliance.

Perfection of the Judgment Standard of Duty of Care of Network Service Providers
To enhance the framework within which the duty of care for ISPs is evaluated, it is essential to align the principle of consistency of responsibilities and interests across all stakeholders involved.ISPs must be afforded a degree of autonomy to encourage innovation and effective service delivery, yet this autonomy should be framed within clearly defined behavioral boundaries.

Improve the Judgment Standard of the Duty of Care of Internet Service Providers
The judgment standard of duty of care should follow the principle of unity of responsibility, rights and interests, then the judgment standard of "good manager" is more suitable for China's current situation.Giving judges a certain degree of discretion, and implementing formal duty of care in normal times, and implementing substantive duty of care in special cases, gives ISPs a judgment standard.
A "good manager" approach to ISP duty of care involves applying a formal level of care under normal operating conditions, where routine compliance and preventive measures are maintained consistently.However, in instances where special circumstances arise, such as data breaches or severe security threats, a more substantive duty of care is required.This heightened duty demands that ISPs take immediate, effective actions to mitigate damages and protect user data, beyond their standard operational procedures [10].
This dual approach to duty of care-formal for everyday operations and substantive for exceptional circumstances-provides a flexible yet robust framework.It enables ISPs to be held accountable without stifling their ability to innovate or respond dynamically to challenges.This standard also encourages ISPs to foster a culture of proactive compliance and vigilance, which can significantly enhance the overall security and reliability of their services.
Moreover, refining the judgment standards for duty of care should involve extensive consultation with technological experts, legal authorities, and consumer advocacy groups.This inclusive process ensures that the standards developed are comprehensive and reflect the diverse interests and concerns of all stakeholders.By involving multiple perspectives in defining these standards, regulators can craft a more resilient and adaptive legal framework that accommodates the fast-paced evolution of internet technologies and the complex web of interactions they facilitate.

Clarify the Duty of Care and Performance Standards of Network Service Providers
under the Principles of "Notice-Delete" and "Fault Rule" The principles of "notice-delete" and "fault rule" serve as foundational elements in defining the responsibilities and liabilities of ISPs.Clear definitions and criteria under these principles are crucial for both ISPs and the judiciary to handle infringement cases effectively, ensuring that all parties understand the expectations and legal thresholds involved.

4.2.1."Notice-Delete" Principle
Under the "notice-and-delete" principle, ISPs are required to remove or block access to infringing content upon receiving a proper notification.The effectiveness of this principle hinges on the clarity with which "necessary measures" are defined.Necessary measures should be proportional to the risk and severity of the infringement, considering both the potential harm from the infringing activity and the harm from failing to act.This proportionality ensures that actions taken are justified and tailored to the specific situation, rather than being arbitrary or overly punitive.The concept of timeliness is critical in this context.A standard such as a 24-hour window to respond to notices can be implemented to ensure swift action.Establishing such a timeframe provides a clear benchmark for both ISPs and the judiciary, facilitating more uniform and predictable legal outcomes.This timeframe should, however, be flexible enough to account for the complexity and obviousness of the infringement, allowing ISPs a reasonable period to verify claims and act accordingly.

4.2.2."Fault Rule" Principle
The "fault rule" principle focuses on the behavior of the ISP in cases where there is an allegation of infringement.Under this principle, fault is generally associated with the ISP's knowledge of the infringement and their subsequent failure to take appropriate action.Clarifying what constitutes "fault" involves specifying what actions or inactions on the part of the ISP indicate negligence or willful disregard for the rights of copyright holders and users.
A more concrete approach to defining fault could include criteria such as the failure to act on a credible notice of infringement, the repetitive nature of such infringements, or the disregard for standard industry practices in monitoring and controlling content.The existence of subjective malice, such as knowingly allowing infringing activities to continue for personal or corporate benefit, should be clearly categorized as a fault, leading to higher penalties or stricter enforcement.
Moreover, this principle should externalize the concept of "exploitation" and "infringement" into more tangible terms such as "conflict of interest" and "actual harm caused."This approach helps in demystifying abstract legal concepts, making them more accessible and enforceable within the judicial system.

ISPs Associations and Their Role in Enhancing the Judgment Standard of Duty of Care
ISPs associations are central to fostering collaboration and setting standards within the network service industry, playing a crucial role in defining and enhancing the judgment standard of duty of care for network service providers.By acting as bridges for exchange and cooperation among enterprises, these associations significantly contribute to the development of practices that safeguard consumer rights and ensure the quality of services.
ISPs associations should actively develop and enforce industry standards that directly influence the judgment standards of duty of care.These standards help create uniform guidelines for service provision, which are essential for preventing unfair competition and avoiding market monopolies.By standardizing protocols, especially in critical areas such as data security and privacy protection, the associations can ensure a baseline of duty of care that all member ISPs must meet.
Furthermore, ISPs associations should often work closely with government agencies, legal bodies, and international organizations to influence the legislative environment that defines the duty of care.Through their advocacy and advisory roles, these associations can help shape laws and regulations that are both practical for ISPs and protective of consumer interests.This collaborative approach ensures that the duty of care standards are not only theoretically sound but also practically applicable, reflecting the latest technological capabilities and market realities.
On the international front, ISPs associations play a key role in harmonizing standards across borders, which is crucial given the global nature of the internet and digital services.By participating in international forums and contributing to the development of international standards, these associations ensure that the duty of care recognized in one jurisdiction is compatible with those in others.

Conclusion
The duty of care for ISPs has increasingly become a focal point of regulatory discussions due to the inherent ambiguities in the laws and regulations that govern this area.These ambiguities often lead to challenges in judicial practice, notably in the inconsistency of rulings due to the broad discretion granted to judges and the impact of varying external factors.Therefore, under the guidance of the relatively free and equal management concept of the network, infringement regulation can be upgraded from the fault identification factor to the duty of care.Compared with other theories, "good manager" offers a pragmatic approach by balancing the need for responsible oversight with the practicalities of managing vast and complex digital networks.In this paper, the theoretical research system of this concept is combined with legal practice to further explore, and in combination with China's national conditions and the development of network information, the ISPs's duty of reasonable care has a relatively clear trend.Furthermore, as network technologies evolve and the digital ecosystem becomes more integrated globally, the standards of care must adapt to these changes, ensuring that they remain relevant and effective in protecting user rights and promoting a healthy digital environment.