The internet is not a lawless wild west, and hasn't been for some time.

The EU's highest court, the CJEU, has been "laying down law" in a series of decisions that relate to the internet, including creating the “right to be forgotten” online. In the last two weeks, copyright infringement online was the hot topic for the CJEU. It issued two important decisions in that area that are immediately binding in Ireland and have important consequences for Irish businesses and individuals.

Businesses providing free Wi-Fi may now be required, by a court order, to password protect their networks and to require users to identify themselves before accessing the network.

The CJEU’s judgment in McFadden v Sony (Case C-484/14) answered the question whether, and in what circumstances, a business providing free Wi-Fi may be held liable for the copyright infringement of a user, on their Wi-Fi network. In that case, Mr. McFadden, the owner of a lighting and sound equipment business, offered free Wi-Fi to attract customers in the vicinity of his shop. Using this free network, an unidentified person uploaded a musical work and made it available for free on the internet without the copyright owner’s permission.

In court proceedings in Germany, Sony Music, holder of copyright in the musical work, sought damages and an injunction from Mr. McFadden, claiming infringement of its rights. Mr. McFadden claimed he was not liable for infringement as he had merely provided access to a network, without knowledge or control of the information transmitted over that network. The German court referred a number of questions about how to apply existing EU law to the CJEU. The CJEU held that because Mr. McFadden had had no involvement in the transmission of the copyright work, he could not be held liable for infringement. But the court also found that Sony could seek an injunction against Mr. McFadden to require him to password protect his free Wi-Fi network and to require those using the network to identify themselves in order to obtain the password. Tying an identification requirement to obtaining a password for free Wi-Fi would, at least in theory, ensure that users would not be able to act anonymously.

Businesses may still offer free Wi-Fi, but they should be aware of possible implications: if they offer free Wi-Fi without a password and without requiring user identifcation, they could be brought to court by copyright owners, or other rightsholders, and then be forced to implement such measures by the court. Password protecting networks and requiring user identification may mean avoiding a trip to court.

Those who use hyperlinks on the internet, particularly businesses, may be liable for copyright infringement if they are linking to unauthorised copyright material.

In another recent judgment of the CJEU, GS Media v Sanoma (C-160/15), the court considered whether those providing hyperlinks on one website to unauthorised copyright material on another website could be liable for copyright infringement. In that case, Sanoma, the Dutch publisher of Playboy magazine, hired a photographer to take nude photographs of a Dutch TV personality, Ms. Decker. The photographer granted Sanoma an exclusive right to publish these photographs in Playboy magazine. But before the photos were published in Playboy, they appeared, without permission, on an Australian website GS Media, the operator of a Dutch tabloid website, GeenStijl, received a tip with a hyperlink to the nude photographs on On the same day that GS Media received the link to the photos, Sanoma asked GS Media to stop the photos from being published on the GeenStijl website. The next day, despite Sanoma’s requests, GeenStijl published an online article that included a hyperlink to the site where the photos could be downloaded. Sanoma then requested GS Media to remove the hyperlink from GeenStijl, but GS Media refused to comply with that request. Sanoma, Playboy, and Ms. Dekker then issued proceedings in the Netherlands, claiming that GS Media had infringed copyright in the photographs.

The CJEU held that unless a person knows (or reasonably should know) that they are hyperlinking to unauthorised content, they cannot be held liable for copyright infringement. However, where a person or entity that is posting hyperlinks is doing so for financial gain, the burden will be on the person hyperlinking to prove that they were unaware that the content linked to was unauthorised. Now that the case returns to the Netherlands, the Dutch court, applying the CJEU’s judgment, will likely make a finding of infringement against GS Media.

Care must be taken before posting or publishing hyperlinks to copyright material, particularly when doing so for profit. Businesses, or blogs that operate for profit, should check to determine whether any copyright material that they are linking to was posted online with the copyright owner’s consent.

The internet is regulated, and businesses should be aware that they may face legal consequences for what they do, or what they fail to do, online.

This article first appeared in the Irish Independent on 7 October 2016.