The European Court of Justice (“ECJ”) recently ruled on the power of national courts to enforce password protection on Wi-Fi networks.

In the case of Tobias McFadden –v- Sony Music Entertainment Germany GmBH Case C-484/14 the ECJ confirmed that national courts are able to impose injunctions on those which provide unprotected wireless networks which could force them to ensure that such networks are protected by passwords to prevent third party copyright infringement.

This case revolved around the business of Mr McFadden which sold lighting and sound systems and gave passers-by free and unprotected access to his wireless network. This access was provided by Mr McFadden to encourage more traffic to his business website and to try to attract customers.

Back in September 2010 an anonymous user of Mr McFadden’s network uploaded some musical work which had been produced by Sony Music Entertainment Germany GmBH (which I’ll just call “Sony” from now on). Sony contacted Mr McFadden and informed him that this action of the user had amounted to an infringement of Sony’s copyright.

In response, Mr McFadden applied to the court in Germany seeking a declaration that he was not liable for the alleged infringement. Sony struck back with a counterclaim seeking damages from Mr McFadden based upon his direct liability for the copyright infringement in relation to Sony’s musical works, an injunction as well as costs.

Judgement was at first given against Mr McFadden. However, after he appealed the Munich curt sought clarification from the ECJ who held that the ‘mere conduit’ defence under Article 12 of EU Directive 2000/31/EC (“the E-Commerce Directive”) applied in this case. It was held that Mr McFadden did not need to charge users of his wireless network for the defence to apply because paragraph 42 of the Directive included providing access for the “purpose of advertising the goods and services provided” by Mr McFadden.

The ECJ went on to consider three possible options for a network provider to prevent copyright infringement from its network:

1.     monitoring all traffic;

2.     termination of connection to the network; and

3.     password protection.

The first option was immediately disregarded by the ECJ and the second was considered to be disproportionate, leaving only password protection as a workable option.

This decision has wide-ranging practical significance for the many businesses in the UK which provide Wi-Fi via an unprotected network in order to attract customers or to advertise goods or services.

By Daniel Gardener

Subject to our terms and conditions and copyright policy.