The District Court’s request for a preliminary ruling was based on a typical everyday situation: the plaintiff, Tobias McFadden, operates a WLAN belong to his business which was not password-protected. This internet access was used to offer the download of a copyrighted musical work of Sony Music Entertainment Germany GmbH in an online exchange. Sony sent McFadden a cease-and-desist letter alleging copyright infringement and McFadden responded by filing suit and asking the court to find that Sony is not entitled to any claims in copyright law. Sony then filed a counterclaim seeking desistance, damages and payment of costs.
The District Court of Munich I ruled that the plaintiff did not commit the infringement independently and therefore ruled out liability as a perpetrator. However, it was inclined to affirm liability as an accessory based on the principles established in the Federal Supreme Court’s “Sommer unseres Lebens” ruling, since McFadden operated the WLAN without security measures of any kind. The District Court of Munich I therefore sought guidance from the ECJ as to whether a business owner who operates a free and public WLAN in the course of its business activities is to be seen as a service provider, therefore benefiting from the liability privilege established in Article 12(1) of Directive 2000/31/EC. In a separate question for referral to the ECJ, the court sought clarification as to whether the term “service provider” implies an economic activity.
On 15 September 2016, the ECJ issues its judgment in the matter of Sony vs. McFadden. The ECJ found that the liability privileges established in Article 12(1) of the Directive on electronic commerce apply to commercial WLAN operators which offer their network to the public free of charge insofar as this service represents an advertising measure for the goods and services offered by the provider. It further ruled that the provision of access to a WLAN network is to be assumed if the network can be accessed by means of a technical, automatic and passive process ensuring transmission of the necessary information.
The ECJ takes the view that, provided the three requirements mentioned in Article 12(1) of the Directive on electronic commerce are met, i.e. if
– the provider does not initiate the transmission;
– the provider does not select the receiver of the transmission; and
– the provider does not select or modify the information contained in the transmission;
the provider cannot be held liable for damages resulting from the infringing use of its communication network by third parties. The ECJ also rules out the possibility that third parties can be held liable for the costs of giving formal notice and court costs incurred by the copyright holder insofar as those costs relate to the damage claim.
In principle, the European Court of Justice did allow for the possibility that a court (or government authority) could require the service provider to cease or prevent the copyright infringement. Accordingly, right holders may continue to assert desistance claims, and the same applies for the costs of giving formal notice and court costs.
However, the ECJ did limit the scope of such desistance claims: since orders to cease and desist interfere with the freedom of the WLAN operator to conduct its business, the latter can only be expected to take precautions which fairly balance the right holder’s right to protect its intellectual property against the service provider’s freedom to conduct its business. In the ECJ’s view, the service provider cannot be expected to investigate all the transmitted information or to shut off internet access entirely. However, since it is also necessary to ensure effective protection of intellectual property rights, the ECJ does allow for the possibility of an order requiring the WLAN operator to protect its network with a password and to ascertain the user’s identity when issuing these passwords.
The ECJ did not examine whether other – perhaps less intrusive – measures might also ensure the desired level of protection, since this question was not addressed in the referral from the District Court of Munich I and since the ECJ assumed that no other measures were technically available. It will be necessary to carefully observe how the case law in this regard develops in the coming years.
With regard to private networks, which are not affected by Article 12(1) of the Directive on electronic commerce, the Federal Supreme Court seems to have supplied the first benchmarks in its “WLAN key” ruling of 24 November 2016. In that judgment, the Federal Supreme Court rules that the owner of a private internet connection with a WLAN function cannot be held liable as an accessory if an unknown third party uses the network to make a film available to the public by way of file sharing since, at the time of the download, the WLAN router was protected by a secure, individual password of adequate length which conformed to the encryption standard at the time.