A recent European Court of Justice (ECJ) ruling highlights national court’s powers to enforce password protection on Wi-Fi networks and clarifies the instances where providers of free, unprotected wireless networks/ access points can avoid liability for intellectual property (copyright in particular) infringement carried out by third parties on such networks.

Liability for Copyright Infringement over un(password)protected Wi-Fi networks

The ECJ has ruled in Tobias McFadden -v- Sony Music Entertainment Germany GmBH Case C-484/14 that national courts can impose an injunction on the provider of an unprotected wireless network forcing it to password protect the network in order to prevent copyright infringement by 3rd parties taking place on it.

In particular this decision provides answers to questions of practical significance to many businesses across the UK and Europe which provide unprotected wireless internet access as a means of attracting more customers and/or as a means to advertise goods and services or collect information about users.

Facts and Background 

The ECJ’s ruling was based on a referral from the Munich Regional court in a case concerning a business selling lighting and sound systems owned by Mr Tobias McFadden. Mr McFadden offered an unprotected wireless network that gave passers-by free and anonymous access to the internet. He did this mainly to drive traffic to his site, attract nearby customers on to it and draw attention to his business.

In September 2010, an anonymous user uploaded a musical work produced by Sony Music Entertainment Germany GmBH (“Sony”) to the internet using Mr McFadden’s network. Sony notified Mr McFadden that its copyright in the work had been infringed. In response Mr McFadden applied to the German court to obtain a declaration that he was not liable for the infringement. Sony counterclaimed seeking damages in respect of Mr McFadden’s direct liability for the infringement of its rights in the musical work, an injunction and its costs.

Judgement was found against Mr McFadden at first instance, and on appeal he argued that he was not liable for direct infringement of Sony’s rights in the musical work. The German appeal court considered finding Mr McFadden liable for indirect infringement of Sony’s rights, but before doing so sought to clarify via the ECJ whether it was entitled to do so or if Mr McFadden was protected from such a finding of liability for the infringement based on provisions of Directive 2000/31/EC (“the E-Commerce Directive”). The ECJ considered a number of questions referred by the German Court.

Article 12 of the E-Commerce Directive provides for what is known as the ‘mere conduit’ defence. In essence, where a service provider does not initiate the transmission of data does not select the receiver of the transmission and in no way modifies the information contained in a transmission, they will not be found liable for the information transmitted. They are merely acting as a conduit for the flow of information.

In this case, the Munich court asked the ECJ to consider if making an unprotected wireless network available to the general public free of charge fell within the scope of the Article 12 defence.

The ECJ concluded that in order for the ‘mere conduit’ defence to apply, services had to be provided for remuneration. The court made clear that remuneration for a service does not require the service to be paid for by those for whom it is performed. The Court went on to state at paragraph 42 that a service was provided for remuneration even “where the performance of a service free of charge is provided by a service provider for the purpose of advertising the goods sold and services provided by that service provider, since the cost of that activity is incorporated into the price of those goods and services.

As such, where access to a wireless network is provided free of charge for the purpose of advertising the goods and services sold by the provider of the network, this would be considered an information service and so would fall within the scope of Article 12 of the Directive. The ‘mere conduit’ defence applied here.

Given that Article 12 of the E-Commerce Directive was found to apply in this case, the Court went on to state that that the provider of a free, unprotected wireless network could not be held liable for infringements carried out on the network. This meant that an IP rights holder (such as Sony here) could not seek damages or make a claim in respect of liability against the network provider for infringement carried out by third parties using the network. Of course the rights holder could try to find the infringer and sue them directly which is not always easy to do. However the question here was whether the network provider could be found liable. As a consequence, Sony was not entitled to claim its costs from Mr McFadden as Article 12 of the E-commerce Directive prevented a finding of liability.

Thus the good news for rights holders is the ECJ ruled that Article 12 of the E-Commerce Directive if applicable would mean the national courts could not claim financial compensation/ damages from the provider of an unprotected network or force it to prevent infringement of copyright on that network.

However the ECJ did go on to consider three options for a network provider to prevent infringement on its network. These were:(1) monitoring of all traffic; (2) termination of the connection; and (3) password protection. The first option was immediately disregarded by the Court as this would be contrary to Article 15 of the E-Commerce Directive which excludes the imposition of a general obligation on network providers to monitor data. Also termination of the network provider’s connection was considered by the Court to be disproportionate to the aim of preventing infringement. The Court concluded that the only proportionate injunctive relief that a right holder could seek would be to require that the network be password-protected and the password only given to individuals who reveal their identity and may therefore no longer act anonymously.

What is the practical consequence of the decision?

The ECJ’s decision has provided clarity for the thousands of businesses across Europe that provide free access to unprotected wireless network. The decision clarifies what rights holders can do when they suspect infringements are taking place on an unprotected wireless network and the issues to consider before raising an action for infringement.

Here are some key take-aways:

  • If you are offering a free, unprotected wireless network make clear that use of and access to the network is for the purposes of advertising the goods and services you supply. Think about having a landing page when a user signs into your network advertising offers/ goods and services and include suitable provisions in your terms of service (which users should agree to before access to the network is granted).
  • Rights holders should be wary of raising proceedings for infringement/ damages against the provider of an unprotected, free wireless network in instances where there network provider might seek to rely on the ‘mere conduit’ defence in the E-Commerce Directive.
  • Where a rights holder has evidence to suggest a specific unprotected wireless access point is being used to infringe its rights, it can apply to the court for an injunction to require the network provider to password protect the network. We would however question how cost-effective and commercially beneficial it may be for rights holders to apply for an injunction (or interdict in Scotland) to require a network provider to password-protect their network. The risk is there however but the likelihood is that prior notice would be given by a rights holder of its intention to apply for an injunction/interdict before it proceeded . They may choose to do this when instances of 3rd party copyright infringement are frequent on the network concerned. Should such notice be received the network provider should take it seriously and consider whether the business upside of continuing password free is worth the risk of court action and the potential liability for the legal costs of the rights holder that might ensue.