This article was first published on Lexis®PSL IP & IT, September 2016 

In brief: Free Wi-Fi providers required to password-protect their network (Tobias Mc Fadden v Sony Music Entertainment Germany GmbH)

IP&IT analysis: The Court of Justice of the European Union (CJEU) has ruled that a provider of free Wi-Fi internet access, provided for the purpose of promoting their business, cannot be held liable for IP infringements committed by users of the network if he satisfies the conditions for application of the ‘mere conduit’ defence to liability under the e-Commerce Directive. However, a rights holder whose IP has been infringed by a user of a free Wi-Fi network can obtain an injunction against the Wi-Fi provider requiring that—the network is password-protected and users must register their name in order to gain access to the network. Andrew Butcher, associate at Bristows LLP, considers the case of Tobias Mc Fadden v Sony Music Entertainment Germany GmbH.

C-484/14: Tobias Mc Fadden v Sony Music Entertainment Germany GmbH

What was this case about?

The case concerns the owner (Mr Mc Fadden) of a shop in Germany that provides lighting and sound systems, where visitors to the shop can make use of a free, open-access Wi-Fi network. The Wi-Fi network is, in essence, a marketing tool, which attracts customers to the shop and drives traffic to the shop’s website.

In 2010 Mr Mc Fadden’s WiFi network was used by a third party to unlawfully download a music track owned by Sony, resulting in court proceedings between Sony and Mr Mc Fadden relating to infringement of Sony’s copyright. The decision of the first German court to hear the case was appealed by Mr Mc Fadden and a number of questions regarding the liability of intermediary service providers were later referred to the CJEU.

Advocate General (AG) Szpunar gave his opinion in this case in March 2016. His view was that a person who provides access to a Wi-Fi network 'in an economic context', even if it is offered free of charge, should be able to benefit from the defences to liability available to intermediaries under the e-Commerce Directive 2000/31/EC.

In respect of the form of injunction that a provider of free Wi-Fi could be made subject to in order to prevent IP infringement, the AG said that the provider cannot be required to: withdraw the internet access; examine all communications transmitted over the network; or even password-protect the network. It is this third finding that is most likely to have surprised and frustrated rights holders.

What did the court decide?

The CJEU agreed with the AG that providers of free Wi-Fi internet access within the course of their economic activity can benefit from the 'mere conduit' defence to liability under the e-Commerce Directive, provided that the three conditions laid down in of Directive 2000/31/EC, art 12(1) are satisfied. In particular, the CJEU held that free Wi-Fi providers can benefit from the 'mere conduit' defence if the Wi-Fi is provided for the purpose of advertising their goods and services.

However, the CJEU disagrees with the AG’s opinion in one key respect. The AG’s view was that even a requirement for a Wi-Fi network provider to password-protect his network would be incompatible with EU law, because such a requirement would not strike a fair balance between the protection of IP, on the one hand, and the right to freedom of information and freedom to conduct a business on the other hand.

The CJEU considered the need to strike the same 'fair balance' as considered by the AG, but reached a different conclusion. While the CJEU accepts that a requirement for password-protection could have some detrimental effect on the freedom to conduct a business and on the right to freedom of information, the court’s view is that the potential harm is outweighed by the harm that would be done to protection of IP if no restriction at all were imposed on access to free Wi-Fi networks. In this respect, it is important to note that the CJEU only considered three potential measures (ie those envisaged by the German court) that a Wi-Fi network provider could implement in order to comply with an injunction—withdrawing the Wi-Fi network (ie terminating the internet connection), examining all communications passing through the network, or password-protecting the network. The first potential measure was rejected on the basis that it would constitute too great a restriction on the freedom to conduct a business and the second potential measure was rejected on the basis that it is incompatible with the prohibition against the imposition of a 'general obligation to monitor' contained in Directive 2000/31/EC, art 15.

Finally, the court also held that the imposition of password-protection can only have the effect of dissuading users of the Wi-Fi network from infringing IP rights via the network if 'those users are required to reveal their identity in order to obtain the required password and may not therefore act anonymously'.

What should IP & IT lawyers take note of?

The last finding set out above is of particular interest, as it is in direct opposition to the AG’s opinion. In his opinion, the AG suggested that any general obligation to identify and register users of a free Wi-Fi network could lead to a system of liability that would be inconsistent with the prohibition against the imposition of a general obligation to monitor contained in Directive 2000/31/EC, art 15.

Overall, rights holders will likely be pleased with the CJEU’s ruling that providers of free Wi-Fi can be made subject to an injunction requiring that the network is password-protected and users must register their name in order to gain access to the network. These measures will not, of course, prevent IP infringements occurring via the network, and nor will they allow infringers to be identified in the event that they have registered with false details.

However, it seems reasonable that a free Wi-Fi network that is known to have been used for IP infringement can be made subject to at least some form of restriction, and it is difficult to think of any additional or alternative restriction on free Wi-Fi networks which would not impose too great a restriction on freedom of information or the freedom to conduct a business. Many interested parties are likely to believe that rights holders should target their enforcement resources at specific websites whose entire reason for being is to facilitate IP infringement, rather than at imposing restrictions on free Wi-Fi networks.

If you want to know more: Providers of free WiFi networks not liable for users'infringements, says the CJEU