Sony vs. McFadden - How to Fight a Publicly Open Wifi Hotspot in the EU


Yesterday, the European Court of Justice (CJEU or ECJ) gave judgment in McFadden (C-484-14) in regards to the liability for user copyright infringement of those providing Wi-Fi connections for free, see here

This preliminary reference arose from proceedings against Tobias McFadden in Germany, whom had provided free Wi-Fi connection for public usage to promote his lighting business near Munich. 

It resulted in Sony taking an infringement action against McFadden when an unknown third party has tapped on that connection to download musical works in which Sony had copyright.  

The issues in the case centred upon the question of who could be classified as an intermediary pursuant to the the E-Commerce Directive 2000/31/EC as well as what remedies the Copyright owner might seek.

The German court has asked the following questions, in broad terms:

1. Is a professional who, in the course of business, operates a Wi-Fi network which is accessible for free an ‘information society service’ under the E-Commerce Directive? 

2. To what extent can that professional’s liability be limited under the Directive for acts of infringement committed by third parties?

3. May the operator of a free Wi-Fi network be subject to an injunction requiring him to restrict access to the network using a password?

The ECJ opinion followed the opinion of Advocate General Szpunar only partially, which is peculiar. The ECJ has found that:

1. Provision of a free Wi-Fi network to the public in the course of business constitutes an ‘information society service’ under the E-Commerce Directive. 

2. Provided the relevant conditions under the Directive are satisfied, a service provider such as McFadden cannot be liable for infringement for the use of the network by a third party. 

3. A copyright owner may, however, seek an injunction to require that such a service provider ends or takes step to prevent any copyright infringement committed by such third party users. This injunction may require that access to the internet connection be secured with a password. The injunction may not, however, require that the service provider take steps to monitor information being transmitted over the network or that the internet connection be terminated completely. 

This final point 3 is a significant area in which the decision made by CJEU is in contrast with the Advocate General\\'s opinion, whom argued that no password protection could be mandated. For me, I find this deviation surprising. Earlier, I thought that the CJEU would permit unprotected data traffic over commercial Wifi hotspots. This is due to the e commerce directive exculpating internet intermediaries rather explicitly.

One may feel that now, it is clearer over there that there is not any use in going after the Wifi hotspot provider as an intermediary. This CJEU decision for the first time confirms that those whom provide Wi-Fi services for free will gain advantage from the safe harbours of the E-Commerce Directive where the service has some form of economic element. 

But it develops the possibility of copyright owners implementing password protection requirements on such providers too, which leads to significant implications in practice.

This aspect of the decision also constitutes a contradiction with the ecommerce directive, in which monitoring of the data traffic is not included. How can the Wifi router provider check the eligibility of the Wifi router user without monitoring the generation of data traffic? 

The EC stated that national courts may impose that the provider of the Wifi router holds the password and provides it to those who want to use the Wifi as a deterrent and this implies that ECJ wanted to express that the injunction cannot go so far as to having the the Wifi provider needed to monitor information that is transmitted on the network. Evidently, the idea was that the provider of Wifi router is merely monitoring the access to the Wifi router, not the data transmitted on it. In this, the technical background of Wifi networks is not being taken into account: for monitoring the access to the Wifi router one must monitor the data transmitted on it.

A more interesting aspect of the ECJ decision is that the ECJ attempted to strike a balance between the intellectual property rights of rightholders and the freedom to conduct a business of access providers and the freedom of information of the network users. I have not heard of such a constitutional rights approach when it comes to assessing if there is an injunction against an intermediary pertaining to Intellectual Property rights. 

In this case, the most vital aspect for me is that the Wifi provider is not perceived as a infringer of copyright, but only as an intermediate. 

I keep indicating that Internet will eventually kill Copyright.