A recent decision of the Court of Justice of the European Union (“CJEU”) has provided some much needed guidance as to whether a business which offers free access to WiFi can be liable for copyright infringement if third parties make use of the free connection to illegally upload and share copyright works online (Tobia Mcfadden v Sony Music Entertainment Germany GmbH).

The facts of the case in question were that McFadden ran a business renting out light and sound systems. He offered third parties in the vicinity of his business free access to a WiFi network, as a means of promoting his business. Users were not required to identify themselves or use a password to connect to the network. The WiFi network was subsequently used by an unknown third party to illegally upload and share a copyrighted musical work, owned by Sony.

Under the E-Commerce Directive 2000 (the “Directive”), businesses that provide access to the web in return for remuneration are not generally liable for transmissions made by third parties using the network. This is since they will usually be able to avail themselves of a defence known as the “mere conduit” defence. However, this defence is only available if the business:

Did not initiate the transmission;
Did not select the recipient of the transmission; and
Did not select or modify the information contained in the transmission.
In McFadden’s case, it was clear that McFadden was simply a conduit and had no control over what users of the WiFi service did. The key issue under consideration, however, was whether McFadden could rely on the “mere conduit” defence under the Directive, as he did not charge for the WiFi access.

The CJEU held that the defence was available to McFadden. This was because, even though McFadden did not charge third parties for their use of the WiFi network, he provided the service to market his business and the costs he incurred were passed on to his customers (albeit indirectly) as part of the charges for the services he provided. This type of arrangement fell within the scope of the defence provided by the Directive.

As the mere conduit defence applied, McFadden was not liable for copyright infringement and could not be ordered to pay damages to Sony. However, the CJEU stated that a copyright owner in Sony’s position might be able to obtain an injunction (including costs) against the provider of the free WiFi access to attempt to prevent further infringement from occurring. Such an injunction could require the provider to password protect the WiFi service and oblige third parties to identify themselves before using it.

So, what should businesses which offer free WiFi take away from this decision?

Generally speaking, you won’t be liable if a third party uses your WiFi connection to illegally upload and share copyright works.
However, the “mere conduit” defence available under the Directive will only be available to you if you meet the conditions listed above.
It’s a good idea to password protect your free WiFi service and to require users to identify themselves before using it. This may make users think twice about what they use the WiFi connection for. Also, it may protect you from becoming the subject of an injunction (and paying legal costs) further down the line. But ultimately, it is not a requirement of the “mere conduit” defence that you put such security measures in place.
It is advisable to have a set of Terms and Conditions which users must accept in order to gain access to your WiFi network. Such Terms and Conditions should set out the basis on which users are entitled to access your WiFi and contain terms protecting you if third parties use the network to unlawfully share copyright works.
Further information and legal support
If you’d like more information about this decision or help drafting suitable Terms and Conditions, please contact Michelle Craven-Faulkner or Rhys Morgans or another member of the Geldards Commercial Team.