This briefing considers a recent ruling from the European Court of Justice (ECJ) in the case of McFadden v Sony1, which considered the extent to which free Wi-Fi providers could be held liable for copyright infringement by users of their Wi-Fi networks who transmit data which infringes the intellectual property rights of a third party.
This case was heard in the ECJ following a referral from a German court in relation to German legislation which implements the Electronic Commerce Directive (Directive 2000/31/EC) (the “E-Commerce Directive”) . The E-Commerce Directive2 is implemented into UK law by the Electronic Commerce (EC Directive) Regulations 2002 (the “E-Commerce Regulations”)3 and so the principles decided in this case will be relevant to similar actions brought in UK courts and elsewhere in the European Union.
In general terms, the case established that the ‘mere conduit’ defence at Article 12 of the E-Commerce Directive can apply to businesses that provide free Wi-Fi access in order to promote their business and/or increase sales (e.g. through increased patronage). Where a customer or other third party uses such a Wi-Fi network for the purpose of transmitting data which infringes the intellectual property of a third party (e.g. unauthorised copies of music, as in the McFadden v Sony case), the mere conduit defence means the Wi-Fi provider will not be liable for copyright infringement resulting from such transmission, providing that the Wi-Fi provider: (1) did not initiate the transmission of the infringing data; (2) did not select the receiver of the transmission; and (3) did not select or modify the information contained in the transmission.
However, the ECJ stated that the mere conduit defence does not prevent a party from seeking an injunction against a provider of a Wi-Fi network requiring them to take measures to avoid further use of their Wi-Fi network by users infringing their intellectual property rights. The ECJ found that, where such an injunction was granted, it would be permissible for such an injunction to require the Wi-Fi provider to ensure that the relevant Wi-Fi network is password protected and that users are required to identify themselves when they log in in or are provided with the password in order to discourage further infringement.
Of the potential measures requested by Sony in the McFadden v Sony case, the ECJ found that, balancing the rights of Sony as the rights holder, Mr McFadden as the Wi-Fi provider and the potential users of his Wi-Fi connection, the use of password protection, was a sufficient method to dissuade potential infringers, providing that users were required to reveal their identity in order to receive the password or gain access to the network.
The case provides welcome clarification for providers of free Wi-Fi networks in the course of running their business that they are likely to be deemed a ‘mere conduit’ under regulation 17 of the E-Commerce Regulations and, as such, not liable for copyright infringement committed by those accessing their Wi-Fi networks.
However, the case does make clear that it is possible, despite the ‘mere conduit’ defence, for a rights holder to seek an injunction against a free Wi-Fi provider in order to compel it to take measures to prevent further infringing use of its Wi-Fi network. Where this is the case, a Wi-Fi provider could be liable for any subsequent copyright infringement occurring as a consequence of the measures in the injunction (i.e. password protection of the network) not being implemented.
Many Wi-Fi providers already require registration of users prior to providing access to their Wi-Fi networks and, on the basis of this decision, it seems prudent to do so in order to reduce the administrative burden and potential liability, which could be considerable, arising from rights holders seeking an injunction which compels them to take these measures.