Copyright infringement: can a venue owner who provides free Wi-Fi be injuncted on the basis of a user who infringes copyright?

Written on 15 Jul 2016

Earlier this year, Advocate General Szpunar issued an opinion that the operator of a shop, hotel or bar who offers the public free access to an internet network is not liable for copyright infringements committed by users of that network and therefore is not liable for damages flowing from the infringement.

However, considering the relevant provisions of the E-Commerce Directive, the Enforcement Directive and the InfoSoc Directive, AG Szpunar opined that operators could be injuncted to cease the infringement, but ought not to be required to terminate the internet connection, password-protect the internet connection, nor monitor for copyright infringements carried out via the internet connection.

This raises a major question: what can they be ordered to do?

What was the dispute about?

In Tobias McFadden v Sony Music Entertainment Germany GmbH, the German court made a reference for a preliminary ruling to the CJEU. The court asked for clarification on the extent to which a person, who in the course of a business operates a wireless internet access and provides this free of charge to the public, is liable for copyright infringement committed by users of that network.

Mr McFadden runs a business selling and renting lighting and sound systems for events. He owns an internet connection which he provided to his customers, password-free and free of charge. In 2010, a user of that internet connection unlawfully downloaded a musical work in which copyright was owned by Sony Music. Sony Music sent a formal notice concerning the infringement of its rights. Mr McFadden asked the German court for a declaration of non-infringement and Sony counterclaimed by asking the court for an injunction and damages.

The German court granted an injunction and ordered Mr McFadden to pay damages and costs. He then appealed the decision. The appellate court made a request to the CJEU for a preliminary ruling, stating that it believed Mr McFadden was indirectly liable on the ground that his Wi-Fi network had not been made secure.

What questions did the German court ask?

The German court asked whether someone like Mr McFadden, who in the course of business operates a free, public Wi-Fi network, can have the benefit of the ‘mere conduit’ defence under Article 12 of the E-Commerce Directive. This defence exonerates a service provider for infringements committed using their service provided that they do not initiate the transmission, select the receiver of the transmission or select or modify the information in the transmission.

What was the AG’s opinion ?

In AG Szpunar’s opinion, the mere conduit defence under the E-Commerce Directive applies in cases such as this.

The AG opined that intermediary service providers cannot be liable for damages or costs. An injunction could, however, be awarded against the intermediary to end or prevent an infringement.

Nevertheless, intermediaries do not get off scot-free: a fine can still be imposed if the provider fails to comply with such an injunction. In this case the referring court had envisaged that non-compliance with such an injunction would be punishable by a fine of up to €250,000.

Scope of the injunction

Taking into account the provisions of the Enforcement Directive and the InfoSoc Directive, AG Spuznar concluded that any injunction must be fair and equitable, not be unnecessarily complicated or costly or entail unreasonable time limits or unwarranted delays. The injunction must also be effective, proportionate and dissuasive and applied in a manner so as to avoid the creation of barriers to legitimate trade. He encouraged courts to weigh the interests of the parties and also to take into account the principles of the Charter of Fundamental Rights, such as freedom of expression and freedom to conduct a business.

The AG opined, therefore, that a prohibitory injunction formulated in general terms and which does not prescribe specific measures to be taken would create legal uncertainty. In his view, the task of striking a fair balance between the fundamental rights ought to be undertaken by a court rather than it being left to the service provider. This observation is useful following the CJEU’s rulings in Telekabel, where the Austrian Supreme Court subsequently granted an injunction in very broad and imprecise terms.

The AG further concluded that a measure which required the internet connection to be terminated is ‘manifestly incompatible’ with the requirement for a fair balance to be made between the fundamental rights.

Following the CJEU’s ruling in Scarlet v SABAM, he stated that a measure requiring the owner of the internet connection to monitor all communications transmitted via that connection would conflict with the E-Commerce Directive.

Finally, the AG opined that imposing an obligation on a business owner to make a WiFi network secure could undermine the business model of companies who offer internet access in addition to their main service. Such a measure would also impose administrative constraints, as it would create the need for business owners to register users and retain their private data. In any event, he concluded, in the context of copyright infringement, network security is not the full solution and may not in fact be a relevant or proportionate measure.


If this opinion is followed by the CJEU, it will confirm that injunctions may be available against businesses that provide internet access merely as an adjunct to their main activities, such as venue owners. However, having regard to all of the qualifications and factors that the court would need to take into account, such as the balance of rights between the parties and the Charter of Fundamental human Rights, national courts may find that there is little that can practically be achieved by an injunction – in which case they may be reluctant to order an injunction at all.

If, however, a national court does consider that an injunction is appropriate, this opinion provides some guidance as to the form of the injunction – albeit mostly in the form of exclusions from what the injunction may do. This would be important given that the CJEU has previously allowed injunctions in extremely broad and imprecise terms. Nevertheless, the court will still be left with a wide discretion as to the precise form of the injunction. If operators do not comply, they may be liable to a fine for non-compliance, which makes the precise form of order a more thorny question to address whilst maintaining the balance of justice between parties.

The English court’s approach in the website-blocking orders it has granted over recent years has been to specify at a technical level what needs to be done in order to comply, rather than stipulate an outcome which may be technically impossible or disproportionately costly to achieve. This has included stipulating IP address blocking or re-routing, and the details of a system which the court accepts is compliant, thereby confirming that perfection is not required. It is to be hoped that the courts of other jurisdictions will recognise the need for balance in such cases and adopt a similar approach.