Offering customers free Wi-Fi? Password protection could spare you a lawsuit

THE COURT OF Justice of the European Union has confirmed that business owners who offer free Wi-Fi are not responsible for copyright infringement carried out by customers using their service.

However, this does not affect a national court’s ability to impose injunctions against providers and to impose mandatory password protection requiring users to reveal their identity before gaining access.

A recent case before the European court involved a retailer, Tobias McFadden, who operates a business selling and renting lighting and sound systems for various events in Germany.

At his business premises, he provided use of a Wi-Fi connection free of charge to the public. In September 2010, a musical work was unlawfully offered for downloading via that internet connection. Sony Music, as holder of the rights in that musical work, issued proceedings against McFadden for copyright infringement.

Background to proceedings

The referring court, the Munich regional court, initially held that McFadden was directly liable for the infringement and granted an injunction in favour of Sony Music. He appealed that decision on the basis of the ‘mere conduit’ defence under the European e-commerce directive.

It contains a limitation on the liability of internet service providers for information transmitted in circumstances where the provider does not initiate the transmission, does not select the receiver of the transmission and does not select or modify the information contained in the transmission.

The preliminary referral to the EU court, which consisted of nine questions, focused on the scope and application of the ‘mere conduit’ defence.

The court decision

The EU court handed down its judgment on 15 September 2016, largely echoing the court advocate-general’s earlier findings.

In order to come within the scope of the e-commerce directive, the service in question must be “normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services”.

The national court requested a determination on whether the provision of free Wi-Fi could be considered economic in nature.

The advocate-general had held that although internet access is often provided free of charge in, for example, a hotel or bar, that service is matched with a monetary consideration that is incorporated into the price of other services such as the room rate.

The court ultimately confirmed that a service provided free of charge constitutes an ‘information society service’ “where the activity is performed by the service provider in question for the purposes of advertising the goods sold or services supplied by that service provider.”

The fact that McFadden could be considered a ‘mere conduit provider’ for the purposes of the e-commerce directive was not disputed. However, clarification was sought on the range of relief permissible against a mere conduit.

With regard to damages and other claims, the court, in agreement with the advocate-general, held that as a provider of mere conduit services cannot be held liable for the copyright infringement committed by users, McFadden should not be ordered to pay compensation in respect of the infringement.

However, the court also noted that this interpretation does not prevent a person from claiming injunctive relief against an internet service provider in respect of the continuation of that infringement.

Password protection

The referring court also sought clarification on whether a service provider could be required to put in place additional measures such as disconnection, password protection or monitoring.

The EU court held that a measure requiring the owner of an internet connection to examine all communications transmitted through that connection would clearly go against the prohibition on imposing a general monitoring obligation, laid down in the e-commerce directive.

A measure which requires an internet connection to be terminated was considered by the court to be incompatible with the need for a fair balance to be struck between the fundamental rights involved, since it compromises the essence of the freedom to conduct business on the part of the service provider.

The advocate-general also concluded that the imposition of an obligation to make access to a Wi-Fi network secure, such as through password protection, would be incompatible with the need for a fair balance to be struck between the various fundamental rights.

However, the court did not follow this interpretation. It was of the view that “a measure consisting in password-protecting an internet connection may dissuade the users of that connection from infringing copyright or related rights, provided that those users are required to reveal their identity in order to obtain the required password.”

The rationale behind this requirement would be to prevent users from acting anonymously. The court was of the view that omitting to place any need on service providers to secure their internet connections would be to deprive the fundamental rights to intellectual property of any protection.

However, the court emphasised that the imposition of this requirement would be a matter for the national court to ascertain.

Conclusion

This decision provides welcome confirmation that service providers can rely on the safe harbour provisions set out in the e-commerce directive, irrespective of whether they charge customers for use of their internet connections. However, business owners will no doubt be less receptive to the possibility of mandatory password protection.

The content of this article is provided for information purposes only and does not constitute legal or other advice.

Gerard Kelly is a partner in the commercial litigation team at Mason Hayes & Curran.

If you want to share your opinion, advice or story, email opinion@fora.ie.