The question has been a hot topic for a long time: are providers of public Wi-Fi networks liable if their anonymous clients use them to infringe copyrights? The European Court of Justice (ECJ 15 September 2016 – Case C-484/14) just recently issued a decision on this matter which provides equally joy and pain for hotels, cafés, etc.: the court rejected the possibility of claims against the provider, which had been discussed in German courts under the term of "indirect infringement". Commercial operators can, however, be obligated to secure their Wi-Fi network by taking appropriate precautions in the future, e.g. password protection forcing the users to identify themselves by name first.

ECJ Judgment Mc Fadden v. Sony Music

The judgment followed a dispute between Sony Music and Mr Tobias Mc Fadden, who had set up an unprotected Wi-Fi network for his clients in his lighting and sound systems studio. The Wi-Fi network was used to make available an album by the German band "Wir sind Helden" free of charge via an exchange platform without the consent of Sony Music. Sony Music held Mr Mc Fadden to be responsible as the owner of the Wi-Fi network ("indirect infringer") and gave formal notice to him to respect its rights on the phonogram.

The ECJ rejected the liability of the defendant as "indirect infringer": there is no claim to compensation for damages against a commercial provider of a public Wi-Fi network on the ground that the connection was used by third parties to infringe the rightsholders’ rights. The provider, however, will be obligated in the future to use reasonable measures to secure the network in order to prevent continued rights infringement. For example, it would be reasonable to secure the access to the Wi-Fi network by means of a password, where users must identify themselves by name.

The ECJ judgment, however, does not provide for legal clarity. In particular, it is disputed how the password obligation is to be implemented in practice. In addition, it is also doubtful whether this measure is actually suitable for preventing copyright infringement, if for example, made-up names could be entered.

Amendments of the German Telemedia Act

We must therefore also wait and see what consequences the judgment will have on a national level. The German Second Act To Amend The Telemedia Act ("Wi-Fi Act") entered into force on July 27, 2016. It is intended to eliminate "indirect liability" entirely by extending the liability privileges of Section 8 Telemedia Act also to operators of public Wi-Fi networks. There were no provisions about password protection, as it is now prescribed by the ECJ. Only future national case law will show whether the Wi-Fi Act releases providers in Germany from this password obligation or whether it must be interpreted in accordance with the ECJ regulations.

Practical advice:

The obligation to set up a password for the public Wi-Fi only affects providers if and when a copyright infringement has been determined in their network. Until then, the provider is not liable for damages and is not responsible for any cost of the rightsholders. The implementation of the password obligation must then, however, take place based on the ECJ regulations and the practice of German courts, which is still to be developed. This is because, according to the ECJ, the provider will then be liable for future infringements and relating costs.