Mr McFadden ran a business selling and leasing lighting and sound systems. He provided free wifi with no password required where users could be anonymous in the vicinity of his business in order to draw the attention of customers in nearby shops and other passers-by into his shop.

Unfortunately, one customer used the free service to download illegal copies of music owned by Sony. Sony gave formal notice to Mr McFadden to respect its rights over the recording. Mr McFadden applied for a negative declaration from a German court. In reply, Sony made several counterclaims seeking damages from Mr McFadden on the ground of his direct liability for the infringement of its rights, an injunction and reimbursement of its legal costs.

The German court dismissed his action and upheld Sony’s counterclaims. Mr McFadden appealed on the ground that he was exempt from liability under the provisions of German law transposing the mere conduit defence in Article 12(1) of the E-Commerce Directive (2000/31/EC) (the Directive) (Article 12(1)). The German court referred to the ECJ the question of whether Mr McFadden could be exempt from liability on this basis.

The ECJ assessed Mr McFadden’s wifi provision as an information society service, as referred to in Article 12(1), since it was provided with an economic purpose. The court confirmed that information society services cover only those services normally provided for remuneration but they do not have to be paid for (Papasavvas v O Fileleftheros Dimosia Etairia Ltd and others C-291/13; www.practicallaw.com/8-584-9625). Where a service is free of charge but is provided for the purposes of advertising the goods sold and the services provided by that service provider, it qualifies as an information society service as the cost of that activity is incorporated into the price of those goods or services (Adverteerders and others v The Netherlands C-352/85; Deliège v Ligue francophone de judo et disciplines associées ASBL and others C-51/96 and C-191/97).

The ECJ ruled that the access to information provided by the service provider must not go beyond the boundaries of a technical, automatic and passive process for the transmission of the information in order for it to be a mere conduit, but that there are no further conditions, such as a contractual relationship between the provider and the user of the service, or an advertising purpose for the service.

The ECJ was asked whether the prerequisites for the exemption from liability under the hosting provisions of the Directive also applied to the provision of a free wifi service (Article 14(1)). It held that in order to benefit from the exemption from liability of internet website hosts laid down in Article 14(1), a host must act expeditiously on becoming aware of illegal information to remove or to disable access to it.

Although both hosting and conduiting involve a (initially at least) passive service provider, the service provided by an internet website host consists of the storage of information and is of a more permanent nature and so the host could take steps to prevent the further dissemination of illegal material once it has been made aware of it. Whereas a communication network access provider (such as a provider of free wifi) does not normally continue the service of transmitting information that it supplies over any length of time; after having transmitted the information, it no longer has any control over it. Therefore, the obligation to disable access does not apply to a mere conduit service like this.

Article 12(1) states that EU member states must ensure that providers of access to a communication network are not held liable for information transmitted to them by the recipients of that service on the three conditions under that provision.

Where those conditions are satisfied, as a service provider may not be held liable, a copyright owner is precluded from claiming compensation from that service provider on the ground that the connection to that network was used by third parties to infringe its rights. As a result, the ECJ held that a copyright owner is also precluded from claiming the reimbursement of the costs of giving formal notice or court costs incurred in relation to its claim for compensation.

However, under Article 12(3), a rights holder can seek injunctive relief to prevent the service provider from allowing an infringement to continue, and the ECJ concluded that the rights holder could therefore claim the reimbursement of the costs of giving formal notice and costs in relation to the claim for injunctive relief.

The ECJ ruling aimed to balance:

Where several fundamental rights protected under EU law are at stake, it is for the national authorities or courts to ensure that a fair balance is struck between those rights (Productores de Música de España (Promusicae) v Telefónica de España SAU C-275/06; www.practicallaw.com/7-380-9415). In UPC Telekabel Wien, the ECJ held that in order to achieve a fair balance, while an injunction could be granted, it should be left to the service provider to determine the specific measures that needed to be taken to achieve the aim of the injunction (C-314/12; see News brief “Website-blocking injunctions: going further than ever before”).

The German court had proposed three measures that the service provider could take if injuncted:

It was only on the basis of these three measures that the ECJ carried out its assessment of their suitability and compatibility with the Directive.

The ECJ found that monitoring all of the information transmitted was contrary to Article 15(1) of the Directive, which excludes the imposition of a general obligation on, among other things, communication network access providers to monitor the information that they transmit.

Terminating the internet connection of the provider completely was found to be excessive in order to remedy a limited infringement of copyright without considering the adoption of less restrictive measures, as it would cause a serious infringement of the fundamental freedom to conduct a business, even though the provision of internet access was secondary to the main business. A fair balance would not be struck between the fundamental rights which must be reconciled (Scarlet Extended C-70/10; Coty Germany C-580/13).

The ECJ noted that password-protecting an internet connection is capable of restricting both the freedom to conduct a business of the provider supplying access to a communication network and the right to freedom of information of the recipients of that service. However, it nevertheless found that a measure of this kind does not damage the essence of the right to freedom to conduct the business of a communication network access provider in so far as the measure is limited to marginally adjusting one of the technical options open to the provider in exercising its activity. Neither does it undermine the right to freedom of information of the recipients of an internet network access service, in so far as it is limited to requiring the recipients to request a password, and it is clear that that connection constitutes only one of several means of accessing the internet.

However, when complying with the injunction, the measures taken by the provider must be sufficiently effective to ensure genuine protection of the fundamental right at issue; that is, they must have the effect of preventing unauthorised access to the protected subject matter or, at least, of making it difficult to achieve, and of seriously discouraging the users of the services from accessing the subject matter made available to them in breach of that fundamental right (UPC Telekabel Wien).

The ECJ noted the requirement from case law that the measure adopted to achieve the effect of the injunction must be strictly targeted, in the sense that it must serve to bring an end to a third party’s infringement of copyright or of a related right, but without affecting the possibility of internet users lawfully accessing information using the provider’s services.

Use of a password, provided that users were required to reveal their identity to get the password, would be sufficient to dissuade users from infringing copyright, without restricting access to websites, and would achieve this balance. However, the ECJ said that it is for the referring court to ascertain whether this would be sufficiently effective to prevent anonymity.

Nevertheless, not to secure the internet connection would deprive the fundamental right of protection for IP, which would be contrary to the idea of a fair balance. So a measure intended to secure an internet connection by means of a password must be considered to be necessary in order to ensure the effective protection of the fundamental right to protection of IP. Any measure must be judged against the fundamental rights to protection of IP, freedom to conduct the business of a provider supplying access to a communication network and freedom of information of the recipients of that service.

In practice, in the time since this action was initiated in 2010, most businesses have started using password-protected wifi and most, although not all, require users to give their details before using it. Rights holders are more likely to deal with this through blocking requests to hosting internet service providers before considering action against wifi providers.

Although not required to monitor the traffic through their services, businesses that continue to provide free wifi without fulfilling the requirements of any injunction brought against them will be liable to a fine as well as damages in relation to any continuing infringements.

Preventing anonymous access seems likely to be a requirement of injunctions following this decision, so if not already in place, businesses would do well to set up protections of this kind in order to be seen to be acting in the most dissuasive and protective manner.