Advocate General Szpunar has published his opinion on the issue of whether the operator of a business which offers a free Wi-Fi network is liable for copyright infringements committed by users of that network.

This opinion comes as a response to a series of questions posed to the CJEU in Case C-484/14 Tobias McFadden v Sony Music Entertainment Germany GmbH. He has concluded that the operator of a free Wi-Fi service, who offers that service to the public, will be protected by the mere conduit defence under the E-Commerce Directive and will therefore not be liable for copyright infringement committed by users of that network.


Tobias McFadden operated a business selling and renting lighting and sound systems near Munich, in which he offered a free Wi-Fi network accessible to the public. In 2010, a musical work was unlawfully downloaded via that Internet connection. Sony brought actions for damages and injunctive relief against Mr McFadden. Initially the Regional Court in Munich, Germany, took the view that he was not the actual party who infringed the copyright, but found him instead to be indirectly liable on the ground that his Wi-Fi network had not been made secure. A series of questions were referred to the Court of Justice regarding whether the E-Commerce Directive on precludes such indirect liability:

  • Is a person who, in the course of business, operates a wireless local area network with Internet access that is accessible to the public free of charge providing an information society service within the meaning of the E-Commerce Directive?  
  • To what extent may his liability be limited in respect of copyright infringements committed by third parties?  
  • May the operator of such a public Wi-Fi network be constrained by injunction to make access to the network secure by means of a password?

Article 12 E-Commerce Directive limits the liability of intermediate providers of mere conduit services for unlawful acts committed by a third party with respect to the information transmitted. That limitation of liability takes effect provided that three cumulative conditions are fulfilled: (i) the provider of the mere conduit service must not have initiated the transmission; (ii) he must not have selected the recipient of the transmission; and (iii) he must not have selected or modified the information contained in the transmission.

Detail of the Opinion

  1. 'Free Wi-Fi' services are not liable for their users' infringements - Wi-Fi services, irrespective of remuneration, fall within the scope of an 'information society service', for the purpose of Article 2(a) of the E-Commerce Directive. Advocate General Szpunar opined that, where a service is offered in the course of a business, even if 'merely ancillary' to that business, it takes place in an 'economic context'. Liability of such providers of mere conduit services for unlawful acts committed by third parties is therefore limited. Such limitation of liability under the Directive also precludes the making of orders against intermediary service providers not only for the payment of damages, but also payment of costs related to copyright infringement committed by third parties.
  2. Wi-Fi operators need not introduce passwords, disconnect or monitor their users - The E-Commerce liability framework does not shield intermediaries from injunctive relief. The courts should, however, aim to strike a 'fair balance' between competing fundamental rights of the parties involved when deciding what action should be taken by an intermediary to stop illegal activity on their services. Szpunar opined that termination of internet connections was 'manifestly incompatible' with the fair balance test, and that injunctions forcing the monitoring of communications amounts to a 'general monitoring obligation' as prohibited under Article 15 of the E-Commerce Directive. Finally, Szpunar opined that forcing Wi-Fi operators to introduce password protection does not strike a fair balance between the rights and interests involved. Password protection would discourage use and thus potentially undermine the business model of the operator as well as requiring the unnecessary processing of users' personal data. Conferring an active, preventative role on intermediary service providers would be inconsistent with their particular status, which is protected under the E-Commerce Directive.


In conclusion, the Attorney General has taken the common sense view that the safe harbour in Article 12 of the E-Commerce Directive also applies to a person who, as an adjunct to his principal economic activity, operates a Wi-Fi network that is accessible to the public free of charge.

It must be noted that this is 'only' the opinion of the Advocate General, and we will need to see how the CJEU rules on this issue. However, at first blush, the protection of free Wi-Fi services and immunity for pre-trial costs seems to be a positive decision for Wi-Fi service operators and internet access services in general. It is interesting that in coming to his opinion, Szpunar relied on the Wi-Fi operator's freedom to conduct a business more heavily than on the rights of the users.

The opinion did not consider whether the scope of E-Commerce Directive might also extend to the operation of such a network in circumstances where there is no other economic context. Until there is an opinion or a ruling on this point, operators of free, open Wi-Fi might be well advised to link the provision of the service to an separate economic activity. It is unclear at the moment whether simply placing some advertising on a landing page, or using the SSID for advertising a service for remuneration would be sufficient.