Lorna Woods, Professor of
Internet Law, University of Essex
Is a business which offers free
wi-fi to its customers liable if they download content unlawfully? That was the
main issue in the recent CJEU judgment in McFadden,
a rare case on Article 12 of the EU’s eCommerce
Directive, which provides that the provider of an information society
service is not liable for the transmission of information if it is a ‘mere
conduit’ (as further defined) of that information. While must of the decision seems to fit well
into existing law on intermediaries and the provisions of services in general,
there are a couple of potentially unexpected developments: those relating to
costs for injunctive relief; and the requirements of those providing access to
the Internet.
Facts
McFadden runs a lighting and
sound system shop in which he offers free access to a wi-fi network to the
general public in order to draw the attention of potential customers to his
goods and services. This network was
used to download some content unlawfully. The question was whether McFadden was
indirectly liable (for not making his network secure) or whether he could rely
on intermediary immunity from liability contained in the e-Commerce Directive.
Judgment
The first requirement for someone
to be able to rely on the e-Commerce Directive is to show that that body is an
information society service provider within the terms of the Directive. The problem here is that the wi-fi was
provided free of charge, so does McFadden provide an economic service to bring
himself within the TFEU?
The key requirement is that a
service is one which is ‘normally provided for remuneration’ (as found in the
case law on Article 57
TFEU, which defines ‘services’ for free movement purposes, as well as Article
1(2) of Directive
98/34, which sets out rules on consulting about new technical barriers to
information society services). Referring
to Recital 18 of the e-commerce directive, the Court confirmed that under a
proper interpretation of the definition of ‘information society service’ in
Article 12(1) of the directive, ‘cover only those services normally provided
for remuneration’ (para 39).
Applying this principle to this
context, the Court noted “it does not follow that a service of an economic
nature performed free of charge may under no circumstances constitute an
‘information society service’” (para 41).
For example, the service may be paid for by a third party, as is the
case in free to air television which is often financed through advertising
revenue rather than viewer subscription.
Here McFadden was providing the service as an advertising technique, so
the Court concluded that the provision of wi-fi fell within Article 12 (para
43).
The Court then considered the
application of Article 12. The national court recognised that a first
requirement would be the transmission of content, but questioned whether other
conditions – notably the existence of a contractual relationship – would also
be required. The Court confirmed that
transmission is required and – following the wording of the recital 42 – that
the activity of transmission as a ‘mere conduit’ is of a mere technical, automatic
and passive nature (para 48). While the
Court accepted that there might be an interpretation of the German language
version that suggested the existence of further requirements, there was no such
aspect in other language versions. In
the interests of a uniform interpretation of the directive across the various
language versions, the Court concluded that there were no further conditions to
be satisfied (para 54).
The next question related to the
types of immunity from liability, the provisions in relation to mere conduit,
caching and hosting being expressed in slightly different terms. So while Article 14 requires a host to act
expeditiously on becoming aware of illegal content to continue to benefit from
immunity, there is no such requirement in Article 12. The Court suggested (as the Advocate General
had done) that this difference may result from the different nature of the
services provided. In particular, a host may have greater opportunity to
identify illegal content than a mere conduit.
On this basis, the Court thought it inappropriate to imply a condition
that a mere conduit should be required to act expeditiously into Article 12
(para 65).
The national court further
questioned whether Article 12(1), read in conjunction with
Article 2(b), was to be interpreted as meaning that there were additional
conditions beyond that in Article 12 to which a service provider providing
access to a communication network would be subject. Again, the Court rejected this proposition on
the basis that it should not disturb the balance between the various interests
achieved by the legislature (para 68-69).
The Court then considered the
type of relief which an injured third party might claim, and particularly
whether such a party could seek injunctive relief against a mere conduit. While Article 12 precludes a damages claim,
and claims for costs (paras 74-75), according Article 12(3) a national court
may order the mere conduit to take action to end the infringement of copyright
(para 76), notably injunctive relief.
Costs in respect of such an action may be claimed (para 78).
The next set of questions
concerned the measures that might be required of a mere conduit, given the
relevance of Article 17(2) of the EU Charter of Fundamental Rights (EUCFR)
(right to intellectual property), Article 16 EUCFR (right to conduct a
business), and Article 11 EUCFR (freedom of expression). The Court, adopting a margin of appreciation
style approach, recognised that in case of conflict of rights it is for the
national authorities to ensure a fair balance of interests (citing the CJEU
ruling in Promusicae)
(para 83). The national court envisaged
three possible measures McFadden could take:
-
examining all communications passing through an
internet connection,
-
terminating that connection or
-
password-protecting it.
Article 15 precludes requiring
intermediaries to monitor traffic and therefore the first obligation would be
contrary to the terms of the eCommerce
Directive. Requiring McFadden to terminate the connection would constitute a
serious interference with his rights to run a business under Article 16 EUCFR
and so cannot be considered as reaching a ‘fair balance’ (paras 88-89). The
third measure also constitutes a restriction of Article 16 as well as the
Article 11 rights of users. In neither instance, however, is the essence of the
right undermined. The Court noted that ‘the
measure adopted must be strictly targeted, in the sense that it must serve to
bring an end to a third party’s infringement of copyright or of a related right
but without thereby affecting the possibility of internet users lawfully
accessing information using the provider’s services’, as otherwise the measure
would – following the CJEU ruling in UPC
Wien – be disproportionate (para 93).
Securing the network by password protecting it (but not blocking access
to any particular content)
‘may dissuade the users of that
connection from infringing copyright or related rights, provided that those
users are required to reveal their identity in order to obtain the required
password and may not therefore act anonymously’ (para 96).
Given that this third option is
the only possible option, not securing the network would result in the right to
intellectual property being deprived of any protection. Requiring password
protection therefore strikes a fair balance.
Comment
In terms of following its
Advocate General to find a free service to fall within the scope of the
e-Commerce Directive (and indeed the treaty framework) the Court’s approach is
not unexpected. This is a long-standing approach
of the Court in relation to services in general – indeed the Court refers to
old television jurisprudence as authority – and also follows its approach in Papasavvas
(C-291/13), which related to an online service which was funded through
advertising revenue, rather than direct payments by users.
This approach is potentially
necessary in the context of the Internet, where many services are provided
‘free’ but in actual fact paid for by advertising or other secondary uses of
user data. Nonetheless, it is worth
noting that in McFadden there was some economic context: McFadden was using the
offer of free wi-fi as a form of advertisement.
The extent to which some such connection is required has not been
addressed. The Advocate General noted
that 'there is no need to consider whether the scope of Directive 2000/31 [the
e-commerce Directive] might also extend to the operation of such a network in
circumstances where there is no other economic context' (para 50). The Court did not address this at all.
The judgment contains little new
as far as the conditions for the application of Article 12 are concerned,
though it is perhaps useful to have the confirmation that further conditions
should not be implied into the Directive.
The Court determined that Article
12 (and presumably also Articles 13 and 14) give protection against costs –
which as the Advocate General noted – could be as punitive as damages
themselves. Note however the distinction
between an action for damages and an action for injunctive relief. Article 12 does not protect an intermediary
from being on the receiving end of an injunction, and the prohibition on costs
does not extend to costs incurred in relation to given notice or an action for
an injunction. This is a difference in
approach from that of the Advocate General and may be significant for those
companies which have challenged injunctions.
The litigation in England and Wales in regard to blocking injunctions
for trademarks in Cartier may be a case in
point.
The extent to which
intermediaries are under an obligation to put an end to infringing behaviour by
end users has been the subject of much discussion and this judgment is useful
in bringing some clarity. The Court
locates this discussion within the framework of fundamental rights, and starts
off by indicating that this is a matter for national authorities – seemingly
taking a leaf out of the Strasbourg court’s book on margin of appreciation. In
practice, however, the Court gives a pretty clear steer to the national court
on the ‘right’ outcome and in this there is a marked difference between its
approach and that of the Advocate General.
Both agree that the first two possible measures are not possible. The
Advocate General took the view at para 145 of his opinion that imposing
security obligations
'would not in itself be
effective, and thus its appropriateness and proportionality remain open to
question'.
He also thought that forcing
password protection could discourage or hinder usage of the WiFi service,
undermining the business model of the operator. In contrast, the Court stated
that the password protecting of the network is permissible; indeed, it could be
seen as suggesting that the enforcement of copyright requires the network to be
protected as the only means to protect Article 16. Does this suggest that all
networks would be required to impose such measures on the chance that someone
might use them to infringe copyright? On that basis, this judgment could have
worrying implications for anonymity on the Internet, and certainly may have
implications for the development of wi-fi/public access services.
Photo credit: www.amazon.co.uk