Two Italian law scholars, G. Sartor and M. Viola, have written up a nice description and analysis, in English, of the Judge's decision convicting Google executives of “processing health data without authorization,” apparently a criminal offense. Based on their description, the decision seems like a technically incompetent one as well as having bad policy implications.
The European E-Commerce Directive, which was supposed to shield ISPs from liability for the actions of their users, was not applied by the Judge, because Google was classified as a “content provider.” Google is a “content provider” because it organizes and indexes the postings of users, and profits from that (via advertising). Thus, intermediaries according to this rule, should be held responsible for the information people exchange as long as they provide a structured way to access and interact with it. Since publication of any scale of materials is impossible without organization and labeling, this means that every user-generated content service is a content provider.
The judge's opinion made it clear that he wished there was a law making Internet providers liable for allowing damaging actions on their networks. Always nice to inject one's legislative opinions into a case law decision… But he was forced to concede that there is no general obligation for hosting providers to monitor the contents of postings on their platforms. He was also forced to concede that it would not be feasible to monitor all posts in a UGC site. This leads to some question marks: as Sartor and Viola sum up, “The argument of the judge on this regard is a bit confusing since on the one hand, he expresses his wish for a negligence-based liability, but on the other hand, he affirms that monitoring each posting would be impossible…”
There are a lot of other subtleties and nuances there, but if you want that read the paper yourself.