content regulation / Copyright / illegal content / immunities / Internet intermediaries / ISPs / notice-and-take down / safe harbour

The CJEU rules on free access to wireless local area networks in McFadden: The last(?) shudder of Article 15 ECD, the vanishing of effective remedies, and a big farewell to free Wi-Fi!


Let us now turn to the last intellectual work of the Court of Justice of the European Union (CJEU) in the field of copyright and intermediary liability [it is indeed really difficult to get rid of them!] which was released today: Case C‑484/14 Tobias Mc Fadden v Sony Music Entertainment Germany GmbH. Once again, the CJEU refused to follow its Advocate General in his previous Opinion on crucial points, and ruled that Article 12(3) of the Ecommerce Directive (ECD) did not preclude the grant of an injunction addressed to a communication network access provider; and recognised the legality of an order requesting an access provider of this type to password-protect its internet connection, provided users were required to reveal their identity.  As a reminder, Article 12(3) ECD states that the “mere conduit” intermediary liability exemption set out in Article 12(1): “shall not affect the possibility for a court or administrative authority, in accordance with Member States’ legal systems, of requiring the service provider to terminate or prevent an infringement”.

Arguably, nothing could amaze you at this stage, especially if you spent part of yesterday slowly breaking down [both in a figurative and literal sense!] the proposed copyright Directive I wrote about here, a European Commission tour de force!

But let us check! Is there anything interesting in this new ruling, which has already created a wave of protest among different parts of the legal [and non-legal] community?  One or two things… maybe!

To briefly set the scene, Mr Mc Fadden “runs a business selling and leasing lighting and sound systems.” As part of his marketing strategy he had decided (it was thus entirely intentional) to “operate an anonymous access to a wireless local area network free of charge in the vicinity of his business.” However, one day a user of Mc Fadden’s network made available on the internet free of charge a musical work without prior authorisation (on the part of the rightholders, of course). Sony who was the producer of phonogram of that work decided to react and “gave formal notice to Mr Mc Fadden to respect its rights over the phonogram.” From there, a series of judgments followed.

While the referring court (the German national court of appeal) seemed to be reluctant to find Mr Mc Fadden directly liable for copyright infringement, it was considering theories of secondary liability. However, that court had also to take into account Article 12 of the ECD and determine its effects. Hence it asked a series of 10 point of law questions to the CJEU on referral.

I will mention 3 of them:

  1. Is the first half-sentence of Article 12(1) of Directive 2000/31 to be interpreted as meaning that, in circumstances such as those in the main proceedings, the rule contained in Article 14(1)(b) of Directive 2000/31 [the hosting exemption] is to be applied mutatis mutandis to an application for a prohibitory injunction?


  1. Is the first half-sentence of Article 12(1) of Directive 2000/31, taking into account the existing protection of intellectual property as a fundamental right forming part of the right to property (Article 17(2) of the Charter of Fundamental Rights of the European Union) and the provisions of Directives 2001/29 and 2004/48, and taking into account the freedom of information and the fundamental right under EU law of the freedom to conduct a business (Article 16 of the Charter of Fundamental Rights of the European Union), to be interpreted as not precluding a national court from deciding, in … proceedings in which an access provider is ordered, on pain of payment of a fine, to refrain in the future from enabling third parties to make a particular copyright-protected work or parts thereof available for electronic retrieval from an online (peer-to-peer) exchange platform via a specific internet connection, that it may be left to the access provider to determine what specific technical measures to take in order to comply with that order?


  1. Does this also apply where the access provider is in fact able to comply with the court prohibition only by terminating or password-protecting the internet connection or examining all communications passing through it in order to ascertain whether the particular copyright-protected work is unlawfully transmitted again, and this fact is apparent from the outset rather than coming to light only in the course of enforcement or penalty proceedings?’


Question 6 could seem a bit strange at first glance. Isn’t it the case that the answer to the question should be obvious, as we have two different articles governing two different types of activities? Why would one try to argue that Article 12(1) concerning mere conduits should be read together with Article 14(1)(b) which regards hosting providers (and which essentially provides that hosting providers should not be held liable with they react promptly to unlawful content upon knowledge)? In other words, why would one try to argue that mere conduits should also promptly react upon knowledge? Where does this come from?

Well, not unsurprisingly such a question can be explained by the [convoluted?] test used by the CJEU to determine whether service providers fall within the domain of Articles 12 to 14, i.e. dependent on whether the activity of the service provider is “of a mere technical, automatic and passive nature…”. The latter phrase means [awkwardly?] that “such service providers have neither knowledge of, nor control over, the information which is thereby transmitted or stored” [this reasoning is slightly flawed as I explained previously here].

The answer of the CJEU is reassuring… [on this point and on this point only!]: Article 12(1) and Article 14(1) are not the same thing. See paras. 58 and 59:

In particular, Article 14(1) of Directive 2000/31, headed ‘Hosting’, provides, inter alia, that, in order to benefit from the exemption from liability laid down in that provision in favour of internet website hosts, such hosts must act expeditiously upon obtaining knowledge of illegal information to remove or to disable access to it.

However, Article 12(1) of Directive 2000/31 does not subject the exemption from liability that it lays down in favour of providers of access to a communication network to compliance with such a condition.

Phew, all is not lost, but we were not (that) far from it!

Questions 9 and 10 will be discussed together.

Remember the CJEU’s Telekabel judgement from 2014, in which the “the Court ha[d] previously held that an injunction which leaves a communication network access provider to determine the specific measures to be taken in order to achieve the result sought is capable, under certain conditions, of leading to such a fair balance” (para. 84).

If the operator of an (anonymous) access to a wireless local area network free of charge is both an information society provider and a mere conduit, then it can be exempted from financial liability (as long as it meets the conditions of Article 12(1))(a)-(c)). However, it can be the addressee of injunctions and, in particular, [after Telekabel] (apparently) technologically-neutral injunctions (leaving the intermediary to determine the specifics of the measures to be implemented as aforementioned)?

Okay, but what can an operator of an anonymous access to a free-of-charge wireless local area network really [and, more importantly, effectively] do about its users’ copyright infringements?

The CJEU recognises that there are, realistically, 3 possibilities in this respect:

  1. Examining all communications passing through the internet connection;
  2. Terminating the internet connection; or,
  3. Password-protecting the internet connection

Which one would you pick? Which one did the CJEU pick? Option 1 cannot work. And this because of Article 15 of the ECD! Yeah!!! Article 15 is still alive when it comes to mere conduits at least! Remember the Scarlet case of 2011. The CJEU has not (yet) forgotten it!  Note that the CJEU only mentions Article 15 and, once again, is oblivious of privacy and data protection considerations. [But we can’t have everything!]

Option 2 cannot work as well! Because of the freedom to conduct a business… there might also be a remote issue of freedom of expression somewhere, maybe…

What about Option 3? This is the winner because it does not “damage the essence of the right to freedom to conduct its business of a communication network access provider in so far as the measure is limited to marginally adjusting one of the technical options open to the provider in exercising its activity.” (para. 91).

Yes but, the question that is now burning on your lips is no doubt whether such an option is effective at all?! Of course, says the CJEU as long as: “users are required to reveal their identity in order to obtain the required password and may not therefore act anonymously, a matter which it is for the referring court to ascertain.” To be more precise, the CJEU states that such a measure may dissuade the users (…) from infringing copyright or related rights”. [Really, should “may dissuade” be the threshold?]

So what is the upshot of all of this? The multiplication of injunctions could spell the end of FREE Wi-Fi, oh my! [but will this multiplication really happen?] [This was not really the message of the European Commission yesterday!]

Last but not least, claimants requesting injunctive orders against mere conduits can also claim “the reimbursement of the costs of giving formal notice and court costs incurred in a claim” [i.e. for injunction] as per para. 78 [that is not entirely surprising], even if the same claimant is “precluded from claiming the reimbursement of the costs of giving formal notice or court costs incurred in relation to its claim for compensation.” [emphasis added]. In other words, and this where the logic of the CJEU’s message is ruthless, “mere conduits, you are actually being given an incentive to react upon notifications requests from rightholders to password-protect your connection”!

Logic… or magic?

Sophie Stalla-Bourdillon

Leave a Reply