The case of Tobias Mc Fadden v Sony Music Entertainment Germany GmbH dealt with the provision of an unprotected wireless network connection by Mr Mc Fadden at his business selling and leasing lighting and sound systems, which aimed to bring in business and interest for his endeavor. In late 2010 a song was shared in his network by a third-party (the rights to which Sony Music owned), and Sony subsequently sent Mr Mc Fadden a notice to this effect. Mr Mc Fadden then took the matter to court, seeking a negative declaration of infringement, to which Sony counterclaimed infringement. The matter ultimately ended up in the CJEU, who sought to take on the matter of liability of infringement for the provider of an unprotected wireless network.
The referring court asked eight questions of the CJEU, who took each question in turn to answer the matter.
The first question dealt with whether the provision of an open WiFi connection could fall under Article 12(1) of the E-Commerce Directive, i.e. whether the service would be classed as an 'information society service'. The Court quickly saw that, even in the light of a lack of remuneration (as required by EU legislation in this instance), the service would be classed as an 'information society service' under the Directive if "...the activity is performed by the service provider in question for the purposes of advertising the goods sold or services supplied by that service provider". The provision of the service is clearly therefore equated to one producing a monetary gain, even if not charged for on the outset, possibly therefore being afforded safe harbor protection as a 'mere conduit'.
The CJEU then moved onto questions two and three, which they summarized together as asking whether Article 12(1) of the Directive only requires the provision of the aforementioned service so as to be included, or if further conditions have to be met for it to be deemed as have been provided under the Article. This would include a contractual relationship and the advertisement of the provider's services. The Court concluded that, for the service to have been provided under the provision, the access must not "...go beyond the boundaries of a technical, automatic and passive process for the transmission of the required information, there being no further conditions to be satisfied". This follows recital 43 to the tee, and clearly the mere passive provision of such a service would be deemed to have been 'provided' by virtue of doing only that.
|Password required? Not interested!|
This was followed by questions seven and eight, which the CJEU clumped together, summarizing them as asking whether Article 12(1) includes any further provisions in addition to the one within the Article, which are not expressly mentioned. The Court quickly dismissed this assertion, as further conditions would clearly impede the balance sought by the legislature in the introduction of the provision.
The Court then moved onto question four, which, in essence, asked whether a person (or entity) harmed through the infringement of a right could seek injunctive relief and/or possible costs for the harm caused using the above service to do so. If read in seclusion, the Article does preclude a person harmed from seeking such remedies; however, it does not expressly prevent them from doing so using national authorities to prevent the infringement from continuing. This would seem correct, as Article 12(3) expressly does not preclude national authorities from requiring such actions and/or allowing for the retrieval of costs.
Finally, questions five, nine and ten remained, which asked effectively whether the granting of an injunction such as the above is allowed (and complied with by the provider), when the provider is required to secure their connection through either a password or by monitoring the connection used. The Court emphasized the need to strike a balance between the rights afforded by the Directive and the Enforcement Directive 2004/48, especially when multiple rights are engaged in such an issue (as is the case here). The Court considered the different ways in which IP rights could be protected, and decided that "...a measure intended to secure an internet connection by means of a password must be considered to be necessary in order to ensure the effective protection of the fundamental right to protection of intellectual property". This measure would, according to the Court, protect both rights in intellectual property, as well as the freedom to conduct business through the supply on a wireless connection and the right to information in using the above. One has to, though, provide their details in order to be able to use the connection and therefore be identified if needed.
The CJEU's decision sets out a practical approach to protecting both interests, while not overly restricting the provision of wireless connections. The striking of this balance was key, and the CJEU seem to have settled on the right answer. The measures required are by no means excessive, and afford the provider plenty of protection in the event of the connection's abuse.