Lorna Woods, Professor of Internet Law, University of Essex

A recent Court of Justice of the European Union (CJEU) case, McFadden, examined whether businesses offering free wi-fi are responsible for customers’ illegal downloads. This case centered around Article 12 of the EU’s eCommerce Directive, which protects “mere conduits” of information from liability. While generally aligning with existing laws, the ruling raised potentially significant points regarding injunction costs and internet access provision requirements.

Facts

Mr. McFadden, owner of a lighting and sound system store, offered free wi-fi to attract customers. When the network was used for illegal downloads, the question arose: was McFadden indirectly liable for not securing his network, or was he exempt under the eCommerce Directive’s intermediary immunity?

Judgment

To benefit from the eCommerce Directive, one must first qualify as an “information society service provider.” Since McFadden’s wi-fi was free, it was unclear if he provided an economic service as defined by the Treaty on the Functioning of the European Union (TFEU).

Citing legal precedent, the court stated that a service typically requires payment. However, they clarified that free economic services can exist, using the example of ad-funded free-to-air television. Since McFadden’s wi-fi served as an advertising tool, the court classified it under Article 12.

Next, the court addressed Article 12’s application. They confirmed that content transmission was necessary and, based on the Directive’s wording, clarified that a “mere conduit” acts technically, automatically, and passively when transmitting. While acknowledging potential differing interpretations across language versions, the court ultimately found no additional conditions in the Directive’s text.

The types of liability immunity were then examined. Unlike Article 14, which compels hosts to remove illegal content upon discovery, Article 12 lacks this requirement. The court attributed this to the difference in service nature, as hosts have more opportunity to identify illegal content. Therefore, they found it inappropriate to impose an expeditious action requirement on mere conduits.

Furthermore, the court rejected the notion of additional obligations for communication network providers, stating it would disrupt the balance between legislative interests.

Regarding remedies for injured parties, the court determined that while Article 12 prevents damage claims and associated costs, it allows for injunctions to stop copyright infringement. Importantly, costs related to such injunctions can be recovered.

The court then addressed permissible measures for mere conduits, considering relevant articles in the EU Charter of Fundamental Rights concerning intellectual property, business conduct, and freedom of expression. They acknowledged the need for national authorities to balance these rights.

Three potential measures were considered: monitoring all internet traffic, terminating the connection, and password protection. Monitoring was deemed incompatible with the eCommerce Directive. Terminating the connection was deemed disproportionate interference with business rights. Password protection, while restricting both business and user rights, was deemed acceptable as long as it stopped infringement without hindering lawful internet access.

According to the court, requiring password protection while not blocking specific content might deter infringement if users must identify themselves for access, preventing anonymity. This option, being the only viable one, was deemed necessary to protect intellectual property rights. Therefore, mandatory password protection was deemed a fair balance.

Comment

The court’s decision to classify a free service under the eCommerce Directive, following the Advocate General’s opinion, aligns with existing jurisprudence on service provision, particularly in cases involving advertising-funded online platforms. This approach is particularly relevant in today’s internet landscape, where many seemingly free services rely on advertising or data utilization.

While McFadden’s case involved an economic context (using wi-fi as an advertising tool), the court did not address the extent to which this connection is required, leaving the question open for services without a clear economic aspect.

The judgment reinforces existing understanding of Article 12’s application, confirming no implied conditions. Additionally, it clarifies that intermediaries are protected from costs associated with damages but not from injunctions and related costs, potentially impacting companies involved in such litigation.

The ruling provides clarity regarding intermediary obligations to address user infringement. While acknowledging national authorities’ role in balancing rights, the court provides a clear direction on acceptable measures. Contrary to the Advocate General’s view that password protection might be ineffective and disproportionate, the court deemed it a permissible and necessary measure to safeguard intellectual property. This raises concerns about potential implications for internet anonymity and the future of public wi-fi services.