Operator of a Wi-Fi network cannot be held liable for copyright infringements committed by users of that network.

In its judgement C-484/14 dated 15 September 2016, the Court of Justice of the European Union (CJEU) ruled that vendor who offer an open Wi-Fi network free of charge to the public, cannot be held liable for copyright infringements committed by users of such a Wi-Fi network.

If, however, the Wi-Fi network is used unlawfully, the Wi-Fi operator may be required by court or administrative order to password-protect its network in order to bring an end to or prevent such infringements. Before obtaining the password, users are required to reveal their identity to be prevented from acting anonymously.

Facts of the case

A vendor in his shop offered potential customers – in order to draw their attention to his goods and services – access to an anonymous Wi-Fi network free of charge. A customer connected to this Wi-Fi hotspot downloaded a musical work from the Internet free of charge and without the consent of the right holder, thus committing a copyright infringement.

The CJEU convened to clarify if the operator of the Wi-Fi network is liable for such copyright infringements on the grounds that he failed to secure his network against illegal downloads. Moreover, the CJEU reviewed the consistency of a possible liability with the Directive on electronic commerce (Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market).

Key provision of the directive on electronic commerce

Art 12 para 1 of the Directive on electronic commerce – the decisive provision of this Case – contains a limitation of liability for services of mere conduit of data ("information society services"). Accordingly, the service provider is not liable for information provided by the recipient of the service on the condition that the provider (i) does not initiate the transmission, (ii) does not select the receiver of the transmission and (iii) does not select or modify the information contained in the transmission. In case these requirements are fulfilled such an access provider may not be held liable.

Central statements of the CJEU case

The CJEU ruled that the limitation of liability pursuant to Art 12 para 1 of the Directive on electronic commerce must also be applied to operators of Wi-Fi hotspots who offer their network to the public free of charge, provided that the services are rendered for purposes of advertising the goods sold and services provided by the operator. In this respect, the objective provision of free Wi-Fi may be regarded as information society service within the meaning of the Directive.

Hence, the operator of a Wi-Fi hotspot cannot be held liable by the right holder on the grounds that the network was used by third parties to infringe upon its rights. Due to the lack of entitlement to damages, the right holder may not claim the reimbursement of costs incurred by giving formal notice and initiating court procedures.

However, national authorities or courts may order the Wi-Fi operator to end, or prevent, any infringement of copyright committed by its customers. Generally, the operator may choose which technical measures to take in order to comply with this obligation. In light of this, the Wi-Fi operator may not be burdened with measures that would restrict his freedom to conduct business in its entirety. In this regard in particular, the complete termination of the Internet connection or the monitoring of all information transmitted was taken into consideration. Therefore it is legitimate to require the operator to secure the Internet connection by means of a password, provided that the users of the providedWi-Fi hotspot reveal their identity to be prevented from acting anonymously before obtaining the password.

Consequences of the decision

Despite the fact that the registration process for gaining access to a Wi-Fi network by disclosing the user's identity occasionally is already common practice (e.g. at airports or in some cases also in hotels), the objective decision in its described scope does indeed constitute a rather significant restriction for the swift and uncomplicated use of laptops, smartphones and other mobile devices. In view of the fact that otherwise the operator of a private Wi-Fi network would not enjoy the limited liability of an access-provider, the users of such networks will have to get used to revealing their identity in the course of a formalised registration process. Eventually, this should serve to facilitate the prosecution of infringements committed by the actual offender on the Internet.