McFadden: Free Wifi, Liability and Passwords

September 15, 2016

In Case C-484/14 McFadden v Sony Music Entertainment Germany the Court of Justice of the European Union had to consider a claim brought against the provider of a free wifi network for copyright infringements (downloading) by persons using his network.

Facts and background 

Tobias Mc Fadden runs a lighting and sound system shop in which he offers access to a wi-fi network to the general public free of charge in order to draw the attention of potential customers to his goods and services. In 2010, a musical work was unlawfully offered for downloading via that internet connection. The Landgericht München I (Regional Court, Munich I, Germany), before which the proceedings between Sony and Mc Fadden were brought, takes the view that he was not the actual party who infringed the copyright, but is minded to reach a finding of indirect liability on the ground that his wi-fi network had not been made secure. As it has some doubts as to whether the E-commerce Directive precludes such indirect liability, the Landgericht referred a series of questions to the CJEU.

The E-commerce Directive exempts intermediate providers of mere conduit services from liability for unlawful acts committed by a third party with respect to the information transmitted. That exemption of liability takes effect provided that three cumulative conditions are satisfied: (i) the provider of the mere conduit service must not have initiated the transmission; (ii) it must not have selected the recipient of the transmission; and (iii) it must neither have selected nor modified the information contained in the transmission.


The CJEU has held that making a wi-fi network available to the general public free of charge in order to draw the attention of potential customers to the goods and services of a shop constitutes an ‘information society service’ under the Directive. The Court went on to confirm that, where the above three conditions are satisfied, a service provider such as Mc Fadden, who providers access to a communication network, may not be held liable. Consequently, the copyright holder is not entitled to claim compensation on the ground that the network was used by third parties to infringe its rights. Since such a claim cannot be successful, the copyright holder is also precluded from claiming the reimbursement of the costs of giving formal notice or court costs incurred in relation to that claim.

However, the CJEU went on to decide that the E-commerce Directive does not preclude a copyright holder from seeking to have such a service provider ordered to end, or prevent, any infringement of copyright committed by its customers.

The Court took the view that an injunction ordering the internet connection to be secured by means of a password is capable of ensuring a balance between, on the one hand, the intellectual property rights of rightholders and, on the other hand, the freedom to conduct a business of access providers and the freedom of information of the network users. The Court notes, in particular, that such a measure is capable of deterring network users from infringing intellectual property rights. In that regard, the Court nevertheless underlines that, in order to ensure that deterrent effect, it is necessary to require users to reveal their identity to be prevented from acting anonymously before obtaining the required password.

The full judgment may be read here.

Laurence Eastham writes:

While I understand the CJEU’s dilemma – rock (undermine all free wifi use, the expansion of which happens to be a major Commission digital aim) and hard place (rightsholders left without remedy) – it seems pretty clear that the judges have never worked in a busy shop. Imagine the scene where the browsing customer (that’s ‘browsing’ in both senses) is asked for all the details necessary to make the password protection effective. And perhaps customers might be asked to prove identity because those aiming to download illegally might lie. Now imagine a bankrupt shopkeeper.

This judgment first came to my attention while sitting in a Welsh hotel that had completely open wifi – seems a popular thing in Brecon with many establishments doing the same. Hotels could do better – and many issue individual wifi passwords and let that sit with the ID information they have. There are serious data protection issues there but at least that is reasonably effective in protecting copyright; perhaps that was what the judges had in mind – they have probably stayed in hotels. But in shops and cafes? Pull the other one.