September 27, 2016

However, the CJEU said, such operator can be required to password-protect its network in order to bring an end to, or prevent, infringements.

Mr Tobias McFadden ran a lighting and sound system shop in which he offered access to a Wi-Fi network to the general public free of charge in order to draw the attention of potential customers to his goods and services.

In 2010, a musical work was unlawfully offered for downloading via that internet connection.

Mr McFadden brought proceedings in the German courts seeking a declaration of non-infringement. The defendant, Sony Music Entertainment Germany GmbH, counterclaimed seeking an injunction and damages.

At first instance, the German court dismissed Mr McFadden’s application and upheld Sony Music’s counterclaim, granting an injunction against Mr McFadden for direct infringement and ordering him to pay damages and costs.

Mr McFadden appealed the decision, relying on the “mere conduit” defence under Article 12(1) of the E-commerce Directive (2000/31/EC).

The German appeal court stated that, at this stage, it did not believe that Mr McFadden was directly liable, but was minded to make a finding of indirect liability on the ground that his Wi-Fi network had not been made secure.  In the meantime, it referred the case to the CJEU for guidance on whether a professional person, such as Mr McFadden, who, in the course of business, operated a free, public Wi-Fi network, fell within the scope of Article 12(1); and, if so, how the limitation of liability for intermediary service providers set out in that provision should be interpreted.

The CJEU held that making a WiFi network available to the general public free of charge in order to draw the attention of potential customers to the goods and services of a shop constituted an “information society service” under the Directive.

Further, the CJEU confirmed that, a service provider such as Mr McFadden, who provided access to a communication network, could rely on the “mere conduit” defence under Article 12(1).

Consequently, the copyright holder was not entitled to claim compensation or the reimbursement of costs on the ground that the network was used by third parties to infringe its rights.

However, the Directive did not preclude the copyright holder from seeking an injunction before a national authority or court to end and prevent any further infringement.

As for the terms of any such injunction, the CJEU held that an injunction ordering the internet connection to be secured by means of a password was capable of ensuring a fair balance between, on the one hand, the intellectual property rights of rights holders and, on the other hand, the freedom to conduct a business of access providers and the freedom of information of network users.

The CJEU said, in particular, that such a measure was capable of deterring network users from infringing intellectual property rights, provided users were required to reveal their identity and prevented from acting anonymously before obtaining the password.

However, the CJEU held that the Directive expressly ruled out imposing a requirement on the service provider to monitor information transmitted via a given network.  Similarly, a measure consisting in terminating the internet connection completely without considering the adoption of measures less restrictive of the connection provider’s freedom to conduct a business would not be a fair balance of the abovementioned conflicting rights.  (Case C-484/15 Tobias McFadden v Sony Music Entertainment Germany GmbH EU:C:2016:689 (15 September 2016) — to access the judgment in full, go to the curia search form, type in the case number and follow the link).