Posted on Categories IT

No liability for free public WiFi?

According to an Advocate General at the Court of Justice, a provider of free WiFi is not responsible for the actions of its users.

Some time earlier we wrote (in Polish) about the case of Mc Fadden v Sony Music Entertainment Germany GmbH pending at the Court of Justice of the European Union (Case C-484/14), involving liabili­ty for free public WiFi. The case is worth revisiting, as an opinion on the matter favour­able to businesses offering such open networks was recently issued by Advocate General Prof. Maciej Szpunar.

The case involves a free wireless network, unsecured by a password, offered for promotional purposes by the owner of a shop in Germany selling lighting and sound systems. An unknown person using the network uploaded a music work to the Internet without the permission of the copyright holder. The holder sued the shop owner, seeking damages and an injunction against violating its copyright.

During the proceeding, the owner of the shop, Tobias Mc Fadden, maintained that he was protected from liability by the E-Commerce Directive (2000/31/EC) as implemented in Germany. Under Art. 12(1) of the directive, an information service provider is not liable for transmission of information provided by a recipient of the service, or providing access to a network, when the information service provider acts as a “mere conduit.” A condition for this limitation on liability is that the service provider does not initiate the transmission, does not select the receiver of the transmission, and does not select or modify the information contained in the transmission. Here, Mc Fadden argued that the WiFi access he provided met these conditions. But the German court was unsure, and sought a preliminary ruling from the Court of Justice on a number of related questions.

In his opinion, the Advocate General found that the inquiry essentially boiled to two issues: first, whether a business providing free WiFi access can take advantage of the limitation on liability based on Art. 12 of the directive, and second, whether the copyright holder can assert any claims whatsoever against the business—in other words, how far does the limitation of liability extend?

Can an information society service be free?

On the first issue, it was necessary to determine whether providing WiFi access in this context was an information society service, because the limitation on liability for acting as a mere conduit is available only for information society services.

The problem here is that a condition for treating provi­sion of access to a wireless network as an information society service is that the service is “normally provided for remuneration.” In this case, WiFi access was provided free of charge.

The Advocate General indicated in his opinion that this characteristic of information society services is based on the Treaty on the Functioning of the European Union and the established case law of the Court of Justice, which requires regulations concerning the internal market to be applied to services only of a commercial nature. The commercial character of services should be understood broadly, and (as is also reflected in the case law) it is not necessary for the service to be directly paid for by the WiFi provid­er. In the Advocate General’s view, free WiFi provided by a business is also a commercial service if it promotes the principal business of the service provider, i.e. helps to attract customers. The related costs can then be factored into the prices of sold items.

Thus the Advocate General took the view that the limitation on liability in Art. 12(1) of the directive also applies to a business providing free public WiFi as an auxiliary to its principal activity.

How far does the limitation on liability extend?

The second problematic issue was to determine whether the copyright holder whose rights were violated could assert any claims against the provider of free WiFi. The Advocate General took the view that this was excluded as it would impose liability on the “mere conduit,” who was protected against liability by Art. 12(1) of Directive 2000/31/EC.

He stated however that while the business owner was protected against claims for damages for copyright infringement, he was not protected against an injunction issued to halt or prevent copyright infringe­ment. (An injunction is permissible under directives 2001/29/EC and 2004/48/EC as well as Art. 12(3) of  Directive 2000/31/EC.) In his view, it was also permis­sible to impose sanctions on the “mere conduit” for failure to comply with the injunction, e.g. a fine.

So what can the holder (not) demand?

The Advocate General pointed out that under the existing case law of the Court of Justice, it is permissible for such an injunction to specify only the goal that must be achieved by the intermediary, leaving it to him to determine the appropriate means. But he added that in any case the injunction must ensure that appropriate means for complying with EU law do exist. Application of certain measures should be excluded out of hand.

First, an injunction to block the Internet connection is ruled out, because this would obviously conflict with the freedom of economic activity (i.e. providing Internet access). Second, a preventive injunction could not be issued requiring the service provider to monitor all transmitted information, which is expressly prohi­bited by Art. 15(1) of Directive 2000/31/EC. Third, an injunction to secure access to the network (requiring a password) was impermissible—the Advocate General presented extensive argumentation on this point.

Here it can only be pointed out briefly that such an injunction could undermine the business model developed on the market and impose disproportionate administrative obligations. This would also conflict with the passive role of the “mere conduit” under Directive 2000/31/EC, and in any event would not prevent copy­right infringement but only limit the group of users.  It should be noted that the Advocate General also cited the assertion by the Polish government that “providers of mere conduit services have limited means with which to follow exchanges of peer-to-peer traffic, the monitoring of which calls for the implementation of technically advanced and costly solutions about which there could be serious reservations concerning the protection of the right to privacy and the confidentiality of communications.”


The interpretation of the directive urged by the Advocate General is undoubtedly favourable to businesses providing free, open wireless access as part of their business model. The limitation on liability for content transmitted by users greatly reduces the risk borne by such a business. An obligation to combat infringements could be imposed only upon issuance of an appropriate injunction by the court.

But in analysing this position, it must be remembered that this is only the Advocate General’s opinion, and the Court of Justice will have the final word when it issues its judgment.