Can Wi-Fi providers be liable for the actions of their users?

Many cafes, restaurants, hotels and shops provide free Wi-Fi to customers, this may often be provided free of charge with no or only basic security, sometimes there may be no password to connect the Wi-Fi or the password may be the name of the establishment.

As the provider, it is difficult to control the actions of users on an unprotected Wi-Fi, and the users could be infringing the copyright of others without the provider’s knowledge or control.

Can such business owners be liable for the activities of their users on their Wi-Fi?

The recent decision of the European Court of Justice (ECJ) in McFadden v Sony Music Entertainment Germany GmbH has clarified the position for providers of both password-protected and unprotected free Wi-Fi.

Tobias McFadden ran a business selling and leasing lighting and sound systems in Germany. As part of his business, Mr McFadden provided free Wi-Fi as a way of promoting his business to prospective customers in his locality.

In September 2010, the Wi-Fi network provided by Mr McFadden was used to make recorded music available to the general public free of charge on the internet without the permission of the rights holders. Sony Music, who had produced the music recording, gave Mr McFadden formal notice of its rights over the recording.

In response to the formal notice, Mr McFadden sought a declaration before the Munich Regional Court that he had not committed any infringement. Sony made several counterclaims against Mr McFadden seeking damages for the infringement of its rights over the recording, an injunction and costs. The Court dismissed Mr McFadden’s action and upheld the counterclaims of Sony Music.

The question that was referred to the ECJ was whether Mr McFadden was able to rely on the mere conduit defence for information society service (ISS) providers under the Article 12(1) of the E-Commerce Directive. Under the mere conduit defence, internet service providers, website providers and some telecoms providers have a defence from copyright infringement and defamation if they are just acting as a “mere conduit” of information passing through their service.

In order to rely on the defence, the provider must prove that they did not:

  • initiate the transmission
  • select the receiver of the transmission; or
  • select or modify the information contained in the transmission.

In Mr McFadden’s case, The ECJ held that:

  • Mr McFadden was not liable for infringement. The provision of a free-unprotected Wi-Fi service fell within the remit of the mere conduit defence, as the service was used to advertise the business.
  • Significantly, Article 12(1) of the E-Commerce Directive did not prevent a person harmed by the infringement from seeking injunctive relief along with payment of associated costs.
  • Any imposed injunction could include
  1. examining all communications passing through the Internet connection
  2. terminating the connection and
  3. password protecting.

Consequently, business owners offering free wifi should look to follow these key steps in order to minimise liability for infringement:

  1. Password-protect your Wi-Fi.
  2. Have terms of use of your Wi-Fi – which make it clear that such as copyright infringement and other unlawful activity is not permitted.
  3. Deal with any objections to material transmitted through the service promptly.

This is good news for retailers and all other business owners who provide free Wi-Fi for their customers. However, it doesn’t mean that they are completely safe. Retailers should follow the key steps above to ensure that they fall within the scope of the regulation and can therefore rely on the mere conduit defence.