The Court of Justice of the European Union has made a troubling ruling regarding open wifi spots in the case of McFadden v Sony Music (C-484/14). This just following the also problematic case of GS Media makes it a rather bad week for balance in copyright.
The case involves Tobias McFadden, who lives in Germany and has a sound system business. He runs an open wifi hotspot in his premises to attract costumers. At some point in 2010, someone used the spot to make music owned by Sony available to the public using his open network. Sony contacted Mr McFadden with a letter informing him of the infringement taking place in his network, and he replied by suing Sony asking for a negative declaration from the court to demonstrate that there was no liability on his part. The court in first instance dismissed the request, and Mr McFadden appealed. Sony replied asking that Mr McFadden should be made liable for not securing his network. The regional Munich court referred the case to the CJEU several questions.
The heart of the referral rests on the nature of Mr McFadden’s network, and the fact that it is a free and open not-for-profit service. The issue then is whether the provider of such a service has obligations under copyright law, but most importantly, whether it is to be considered an information society service in accordance to the E-Commerce Directive. Secondly, the referring court asks whether a provider of such an open service has immunity from liability as a mere conduit of a communication. Thirdly, the Munich court asks whether service providers should be required to excercise some form of technical control over their network to protect intellectual property.
The CJEU answers the first question positively. While the court considers that the concept of an ‘information society service’ covers any service normally provided for remuneration, ” it does not follow that a service of an economic nature performed free of charge may under no circumstances constitute an ‘information society service’’. This means that under some circumstances, free services could be considered as covered by the E-commerce, particularly because it is a promotional offer, the prize of the service is included in the price of the other goods sold.
Secondly, the court decided that a service provider of an open wifi can be a mere conduit in the sense of the E-Commerce Directive.
But the most eye-opening part of the ruling, and the one that has been criticised the most, is that the court seems to make it an obligation to protect open networks, as these can be used easily to infringe copyright. The court muses three possible measures to secure a network, namely, “examining all communications passing through an internet connection, terminating that connection or password-protecting it.” The first two measures are considered excessive, as they would interfere with the rights of the user and the business. But the court expresses that there must be some sort of control, otherwise an open network would affect copyright rightsholders, as the network can be used easily to infringe copyright. The court then decides that the best viable option is to protect via passwords:
“In that regard, the Court finds that a measure consisting in password-protecting an internet connection may dissuade the users of that connection from infringing copyright or related rights, provided that those users are required to reveal their identity in order to obtain the required password and may not therefore act anonymously, a matter which it is for the referring court to ascertain. […]
It follows from the foregoing that, under the conditions set out in this judgment, a measure consisting in securing a connection must be considered to be capable of striking a fair balance between, first, the fundamental right to protection of intellectual property and, second, the right to freedom to conduct the business of a provider supplying the service of access to a communication network and the right to freedom of information of the recipients of that service.”
This seems extremely problematic for various reasons. While the court does not declare that all open networks must immediately be protected by passwords, it is allowed for national courts to issue an injunction to that effect. The failure to do so is not clear, but there seems to be a strong implication that failure to secure an open network may open the service provider to liability in the future.
Yet another baffling decision by the CJEU, one which seems to erode further the intermediary liability regime contained in the E-Commerce Directive.