CJEU rules that a provider of free Wi-Fi access, provided for the purpose of promoting their business, cannot be held liable for users’ infringements but can be required to password-protect the Wi-Fi network.

The CJEU has handed down judgment today in the case of Tobias Mc Fadden v Sony Music Entertainment Germany GmbH (Case C-484/14). The case concerns the owner (Mr. Mc Fadden) of a shop in Germany that provides lighting and sound systems, where visitors to the shop can make use of a free, open-access Wi-Fi network. The Wi-Fi network is, in essence, a marketing tool, which attracts customers to the shop and drives traffic to the shop’s website.

In 2010 Mr. Mc Fadden’s WiFi network was used by a third party to unlawfully download a music track owned by Sony, resulting in court proceedings between Sony and Mr. Mc Fadden relating to infringement of Sony’s copyright. The decision of the first German court to hear the case was appealed by Mr. Mc Fadden and a number of questions regarding the liability of so-called “intermediaries” (such as Mr. Mc Fadden) for intellectual property infringement were later referred to the CJEU.

The CJEU has ruled that the provider of free Wi-Fi internet access (provided for the purpose of promoting their business) cannot be held liable for intellectual property infringements committed by users of the network, provided that the network provider:

1. did not initiate the infringing transmission;

2. did not select the recipient of the transmission; and

3. did not select or modify the information contained in the transmission.

However, the CJEU has held that the free Wi-Fi provider can be made subject to an injunction to prevent intellectual property infringement (or to bring an infringement to an end) that requires the network provider to:

1. password-protect the network; and

2. ensure that users must register their name to gain access to the network.

Although this judgment does not require providers of free Wi-Fi internet access to take immediate action, providers of free Wi-Fi may wish to consider password-protecting their network and requiring users to register their details, so that the provider is not at risk of being made subject to an injunction that orders these measures to be implemented.