Saturday 17 September 2016

Public wi-fi and liability for illegal downloads: the CJEU judgment in McFadden

Lorna Woods, Professor of Internet Law, University of Essex

Is a business which offers free wi-fi to its customers liable if they download content unlawfully? That was the main issue in the recent CJEU judgment in McFadden, a rare case on Article 12 of the EU’s eCommerce Directive, which provides that the provider of an information society service is not liable for the transmission of information if it is a ‘mere conduit’ (as further defined) of that information.  While must of the decision seems to fit well into existing law on intermediaries and the provisions of services in general, there are a couple of potentially unexpected developments: those relating to costs for injunctive relief; and the requirements of those providing access to the Internet.


McFadden runs a lighting and sound system shop in which he offers free access to a wi-fi network to the general public in order to draw the attention of potential customers to his goods and services.  This network was used to download some content unlawfully. The question was whether McFadden was indirectly liable (for not making his network secure) or whether he could rely on intermediary immunity from liability contained in the e-Commerce Directive.


The first requirement for someone to be able to rely on the e-Commerce Directive is to show that that body is an information society service provider within the terms of the Directive.  The problem here is that the wi-fi was provided free of charge, so does McFadden provide an economic service to bring himself within the TFEU?

The key requirement is that a service is one which is ‘normally provided for remuneration’ (as found in the case law on Article 57 TFEU, which defines ‘services’ for free movement purposes, as well as Article 1(2) of Directive 98/34, which sets out rules on consulting about new technical barriers to information society services).  Referring to Recital 18 of the e-commerce directive, the Court confirmed that under a proper interpretation of the definition of ‘information society service’ in Article 12(1) of the directive, ‘cover only those services normally provided for remuneration’ (para 39).

Applying this principle to this context, the Court noted “it does not follow that a service of an economic nature performed free of charge may under no circumstances constitute an ‘information society service’” (para 41).  For example, the service may be paid for by a third party, as is the case in free to air television which is often financed through advertising revenue rather than viewer subscription.  Here McFadden was providing the service as an advertising technique, so the Court concluded that the provision of wi-fi fell within Article 12 (para 43).

The Court then considered the application of Article 12. The national court recognised that a first requirement would be the transmission of content, but questioned whether other conditions – notably the existence of a contractual relationship – would also be required.  The Court confirmed that transmission is required and – following the wording of the recital 42 – that the activity of transmission as a ‘mere conduit’ is of a mere technical, automatic and passive nature (para 48).  While the Court accepted that there might be an interpretation of the German language version that suggested the existence of further requirements, there was no such aspect in other language versions.  In the interests of a uniform interpretation of the directive across the various language versions, the Court concluded that there were no further conditions to be satisfied (para 54).

The next question related to the types of immunity from liability, the provisions in relation to mere conduit, caching and hosting being expressed in slightly different terms.  So while Article 14 requires a host to act expeditiously on becoming aware of illegal content to continue to benefit from immunity, there is no such requirement in Article 12.  The Court suggested (as the Advocate General had done) that this difference may result from the different nature of the services provided. In particular, a host may have greater opportunity to identify illegal content than a mere conduit.  On this basis, the Court thought it inappropriate to imply a condition that a mere conduit should be required to act expeditiously into Article 12 (para 65).

The national court further questioned whether Article 12(1), read in conjunction with Article 2(b), was to be interpreted as meaning that there were additional conditions beyond that in Article 12 to which a service provider providing access to a communication network would be subject.  Again, the Court rejected this proposition on the basis that it should not disturb the balance between the various interests achieved by the legislature (para 68-69).

The Court then considered the type of relief which an injured third party might claim, and particularly whether such a party could seek injunctive relief against a mere conduit.  While Article 12 precludes a damages claim, and claims for costs (paras 74-75), according Article 12(3) a national court may order the mere conduit to take action to end the infringement of copyright (para 76), notably injunctive relief.  Costs in respect of such an action may be claimed (para 78).

The next set of questions concerned the measures that might be required of a mere conduit, given the relevance of Article 17(2) of the EU Charter of Fundamental Rights (EUCFR) (right to intellectual property), Article 16 EUCFR (right to conduct a business), and Article 11 EUCFR (freedom of expression).  The Court, adopting a margin of appreciation style approach, recognised that in case of conflict of rights it is for the national authorities to ensure a fair balance of interests (citing the CJEU ruling in Promusicae) (para 83).  The national court envisaged three possible measures McFadden could take:

-          examining all communications passing through an internet connection,
-          terminating that connection or
-          password-protecting it.

Article 15 precludes requiring intermediaries to monitor traffic and therefore the first obligation would be contrary to the  terms of the eCommerce Directive. Requiring McFadden to terminate the connection would constitute a serious interference with his rights to run a business under Article 16 EUCFR and so cannot be considered as reaching a ‘fair balance’ (paras 88-89). The third measure also constitutes a restriction of Article 16 as well as the Article 11 rights of users. In neither instance, however, is the essence of the right undermined.  The Court noted that ‘the measure adopted must be strictly targeted, in the sense that it must serve to bring an end to a third party’s infringement of copyright or of a related right but without thereby affecting the possibility of internet users lawfully accessing information using the provider’s services’, as otherwise the measure would – following the CJEU ruling in UPC Wien – be disproportionate (para 93).  Securing the network by password protecting it (but not blocking access to any particular content)

‘may dissuade the users of that connection from infringing copyright or related rights, provided that those users are required to reveal their identity in order to obtain the required password and may not therefore act anonymously’ (para 96).

Given that this third option is the only possible option, not securing the network would result in the right to intellectual property being deprived of any protection. Requiring password protection therefore strikes a fair balance.


In terms of following its Advocate General to find a free service to fall within the scope of the e-Commerce Directive (and indeed the treaty framework) the Court’s approach is not unexpected.  This is a long-standing approach of the Court in relation to services in general – indeed the Court refers to old television jurisprudence as authority – and also follows its approach in Papasavvas (C-291/13), which related to an online service which was funded through advertising revenue, rather than direct payments by users. 

This approach is potentially necessary in the context of the Internet, where many services are provided ‘free’ but in actual fact paid for by advertising or other secondary uses of user data.  Nonetheless, it is worth noting that in McFadden there was some economic context: McFadden was using the offer of free wi-fi as a form of advertisement.  The extent to which some such connection is required has not been addressed.  The Advocate General noted that 'there is no need to consider whether the scope of Directive 2000/31 [the e-commerce Directive] might also extend to the operation of such a network in circumstances where there is no other economic context' (para 50).  The Court did not address this at all.

The judgment contains little new as far as the conditions for the application of Article 12 are concerned, though it is perhaps useful to have the confirmation that further conditions should not be implied into the Directive. 

The Court determined that Article 12 (and presumably also Articles 13 and 14) give protection against costs – which as the Advocate General noted – could be as punitive as damages themselves.  Note however the distinction between an action for damages and an action for injunctive relief.  Article 12 does not protect an intermediary from being on the receiving end of an injunction, and the prohibition on costs does not extend to costs incurred in relation to given notice or an action for an injunction.  This is a difference in approach from that of the Advocate General and may be significant for those companies which have challenged injunctions.  The litigation in England and Wales in regard to blocking injunctions for trademarks in Cartier may be a case in point.

The extent to which intermediaries are under an obligation to put an end to infringing behaviour by end users has been the subject of much discussion and this judgment is useful in bringing some clarity.  The Court locates this discussion within the framework of fundamental rights, and starts off by indicating that this is a matter for national authorities – seemingly taking a leaf out of the Strasbourg court’s book on margin of appreciation. In practice, however, the Court gives a pretty clear steer to the national court on the ‘right’ outcome and in this there is a marked difference between its approach and that of the Advocate General.  Both agree that the first two possible measures are not possible. The Advocate General took the view at para 145 of his opinion that imposing security obligations

'would not in itself be effective, and thus its appropriateness and proportionality remain open to question'.

He also thought that forcing password protection could discourage or hinder usage of the WiFi service, undermining the business model of the operator. In contrast, the Court stated that the password protecting of the network is permissible; indeed, it could be seen as suggesting that the enforcement of copyright requires the network to be protected as the only means to protect Article 16. Does this suggest that all networks would be required to impose such measures on the chance that someone might use them to infringe copyright? On that basis, this judgment could have worrying implications for anonymity on the Internet, and certainly may have implications for the development of wi-fi/public access services.

Photo credit:

No comments:

Post a Comment