In a judgement of 15 September 2016 (Case C-484/14), the European Court of Justice (ECJ) has ruled that a store, which provides free Wi-Fi to its clients (i.e. a service provider), may not be held liable for copyright-related infringements through its Wi-Fi network by its clients. As a result, a copyright holder is precluded from claiming damages from the service provider. On the other hand, however, the service provider may be legally required to establish adequate security measures.
The case concerns a German store that made its Wi-Fi network freely available for its clients. In 2011, a client had downloaded illegal content using the Wi-Fi network. Subsequently, the major music company Sony accused the store of the illegal offering of copyright-protected music through its Wi-Fi network. On appeal, the German judge decided that the store could not be held directly liable since it had not committed any infringements of copyright itself. In order to ascertain whether the store had to bear indirect liability for not adequately securing its Wi-Fi network, the German court decided to refer the case to the ECJ.
Analysis of the European Court of Justice
First of all, the ECJ confirmed the judgement of the German court by ruling that “a service provider supplying access to a communication network may not be held liable and therefore a copyright holder is precluded from claiming compensation from that service provider on [such] ground”. More importantly however, the ECJ also ruled that the fact that the service provider could not be held directly liable does not affect the possibility, for a national court or administrative authority, to impose an injunction upon the service provider to terminate or prevent an infringement of copyright.
In order to know which injunctions are considered acceptable, the ECJ refers to the “fair balance” test, which intends to strike a fair balance between the fundamental rights at stake (i.e. protection of intellectual property, freedom to conduct the business of a provider supplying the service of access to a communication network and the freedom of information of the recipient of that service).
According to the ECJ, such a balance may be struck best through password-protecting, since “[such] measure […] may dissuade the users of that connection from infringing copyright or related rights, provided that those users are required to reveal their identity in order to obtain the required password and may therefore not act anonymously […]”. Hence, a service provider, like the German store in the case at hand, could be exposed to an injunction by which it is legally required to adequately secure its Wi-Fi network with a password, in view of establishing a deterrent effect upon the users, since they will be prevented of acting anonymously.