A court in Munich has asked the Court of Justice of the EU (CJEU) to provide it with guidance on how to interpret laws contained in the EU's E-Commerce Directive which concern third party liability for unlawful activity over electronic communication networks.
Munich-based technology law expert Michael Zollner of Pinsent Masons, the law firm behind Out-Law.com, said that the CJEU's judgment in the case could mean that new obligations are imposed on non-private providers of Wi-Fi networks, such as hotels, restaurants and cafés in relation to network access and security.
"The Munich court has asked the CJEU to determine whether non-private providers of Wi-Fi hotspots can be held 'liable for disturbance'," Zollner said. "This is a concept of German law that equates to a breach of duty of care. A record label in Germany has argued that an entrepreneur is liable for disturbance by operating an open, free-to-use Wi-Fi network that was used, it has claimed, to infringe its copyright."
"The entrepreneur has argued that he was not responsible for the alleged infringement and that it must have been carried out by another user of his Wi-Fi network without his knowledge. The CJEU has been asked to rule on whether or not the entrepreneur can rely on the 'mere conduit' defence under the E-Commerce Directive to escape liability for the alleged infringement," Zollner said.
The E-Commerce Directive protects service providers from liability for material that they neither create nor monitor but simply store or pass on to users of their service. The Directive says that service providers are generally not responsible for the activity of customers and that member states must not put service providers under any general obligation to police illegal activity on its service.
Service providers are not liable for infringement via their services if they do not have "actual knowledge" or an awareness of the illegal activity. In circumstances where they obtain such knowledge, providing a service provider "acts expeditiously to remove or to disable access to the information" they are not liable for that infringement.
The entrepreneur in the case, which has been referred to the CJEU by the regional court in Munich, operates a free-to-use wireless LAN (WLAN) network in his store. The network is not secured by a password.
A record label notified the entrepreneur that it had identified that his network had been used for illegal file-sharing in breach of its copyright. The entrepreneur has denied that he carried out the alleged infringement and said that he uses the WLAN network sometimes as a tool for advertising his store, by using a preloaded home page which points to his shop and by using the store's name in the name of the network. He also said he uses the network sometimes to reflect his political views.
The referring Munich regional court has approached the issue on the presumption that the entrepreneur did not infringe the record label's copyright himself, but has asked the CJEU to clarify issues to help it determine whether the entrepreneur can nevertheless be held liable for disturbance and what, if he can be held liable, the possible remedies are for the record label.
It has asked the CJEU to determine, however, whether the 'mere conduit' defence applies to commercial providers of free and open Wi-Fi networks, and if the mere conduit defence does apply, whether the E-Commerce Directive prevents those providers being served with injunctions.
In Germany, private individuals that operate a Wi-Fi network are required to provide for reasonable security measures, such as password protections, if they want to avoid being held liable for disturbance should third parties use their network to engage in copyright infringement.
This requirement was set in a judgment issued by the Federal Court of Justice in Germany in 2010. The court ruled that it was reasonable to expect individuals that run a private Wi-Fi network to at least use the standard password security mechanisms available as part of the WLAN network device.
Zollner said that the CJEU ruling could set a legal precedent which could see private individuals held to higher legal standards on Wi-Fi network access and security than businesses.
"If the CJEU confirms that non-private providers of Wi-Fi hotspots are in general not liable for disturbance in case of copyright infringement of third parties using such hotspots, this could lead to a situation that there are higher obligations for private individuals than for non-private hotspot providers," Zollner said.
Zollner said that the German government has outlined its intention to ensure availability of free Wi-Fi in all large cities in the country. He said the German government had identified the potential liability of non-private providers of free hot-spots as a barrier to achieving its objective because of legal uncertainty on the issue of liability and the extent to which the 'mere conduit' defence applies to those network access providers.
The German government said it would draft new regulations in an attempt to clarify the legal position. The new regulation would amend the German Telemedia Act. The legislative proposals were scheduled to be published before the end of October but they have not yet been made public, Zollner said.