Advocate General's opinion on free WiFi & copyright @ 23 Mar 2016
By Paddy Leersen, EDRi intern
Last week, Advocate General Szpunar published his opinion in the McFadden-case before the Court of Justice of the European Union (CJEU).

The facts of the case  In 2010, Berlin businessman Tobias McFadden was offering free, non-password protected WiFi to his customers. Sony Music claimed that the network was being used to infringe their copyrighted material, and applied for an injunction to bring this to an end, also demanding compensation of their legal fees. The German Court of Appeal referred the case to the CJEU in order to clarify the scope of McFadden's liability, as well as the possible scope of the injunctions.

Legal issues 
The issues that arose were, firstly, whether WiFi operators could be asked to pay for illegal activities undertaken over their networks and, secondly, whether an an injunction could be imposed to prevent infringements by (I) terminating the internet connection infringing users; (II) introducing password protection on the network in order to identify users; and (III) monitoring users' communications in order to detect infringements.

Related to this second topic, another question touched on in this case is how specific injunctions must be. Is it up to the court to determine the appropriate measures for compliance with an injunction, or can it be left to the intermediary to a certain extent?  The Opinion  (Free) WiFi services are not liable for their users' infringements  Under European Union law, certain internet-related services are exempted from liability for the activities of their users. One category of protected intermediaries is the so-called 'mere conduit', where the access provider is understood to be a “dumb pipe” between the user and the Internet . But does it also include free WiFi hotspots?  Yes, according to AG Szpunar. He reasons that all necessary conditions were met for McFadden to qualify as an 'information society service' and as a 'mere conduit' for the purposes of the e-Commerce Directive. The Opinion is a relatively straightforward application of the law and it contains two important clarifications : Firstly, irrespective of remuneration, WiFi access services provided by businesses can be qualified as an economic activity, therefore allowing them to fall under the e-Commerce framework. Secondly, he notes that the e-Commerce liability exemptions also protect intermediaries against liability for pre-litigation costs and court costs.

WiFi operators need not disconnect or monitor their users, nor introduce password protections  It is important to note that the e-Commerce liability framework does not shield intermediaries from injunctive relief. While they are exempt from paying any damages, intermediaries can still be compelled to take action in stopping illegal activity on their services. How far these duties can go, has been the subject of much debate and speculation. AG Szpunar concludes that the measures proposed (terminating the connection of users, introducing passwords and monitoring communications) do not meet the test established in earlier case law that injunctions must strike a 'fair balance' between the competing fundamental rights involved. These rights include the intermediary's freedom to conduct a business as well as the users' rights to privacy and to seek and impart information. Regarding the termination of Internet connections, Szpunar makes clear that any such measure is 'manifestly incompatible' with the fair balance test, 'since it compromises the essence of the freedom to conduct business of persons who, if only in ancillary fashion, pursue the economic activity of providing Internet access'. This strong wording leaves little doubt that disconnecting users from the Internet is off the table when it comes to copyright enforcement.

Injunctions forcing WiFi operators to monitor the communications of their customers are also rejected rather unambigiously. The AG concludes that this amounts to a 'general monitoring obligation' as prohibited under Article 15 of the e-Commerce Directive prohibits. The notion is done away with without much further ado.

The question of password protection is likely the most interesting aspect of the case for many readers, as codes and case law provide little guidance on this issue. The AG notes that forcing password protection can discourage or hinder usage of the WiFi service and thus undermine the business model of the operator. The envisaged measure also requires the otherwise technically unnecessary processing of users' personal data. Szpunar comments that 'conferring an active, preventative role on intermediary service providers would be inconsistent with their particular status, which is protected under Directive 2000/31'. He adds that open WiFi networks tend to have limited bandwidth and are therefore not particularly susceptible to being used for copyright infringement; and that open WiFi points offer great potential for innovation which could be diminished by the introduction of password protection. Therefore, forcing WiFi operators to introduce password protections is not a proportionate strategy for copyright enforcement and does not strike the necessary fair balance between the rights and interests involved.

Injunctions need to be specific (well, sometimes, at least)  In the earlier case of UPC Telekabel, the Court already held that national courts issuing injunctions can leave it to intermediaries to determine what specific measures must be taken to end an infringement (assuming that this is permissible under national law). At issue was an Austrian Erfolgsverbot, which specifies the desired outcome (i.e. ending copyright infringements) but not the measures which must be taken to that end. In that case, the Court reasoned that intermediaries are often better placed to assess what is the most appropriate measure, in light of their particular resources, abilities and legal obligations. On the other hand, it can also be argued that such open-ended injunctions create a great deal of legal uncertainty for the intermediary. In many cases it would be impossible or disproportionate to end every single infringement., so when can the intermediary be sure that it has done enough? The Court in Telekabel tried to provide guidance by stating that they must 'at least make difficult' and 'have the effect of seriously discouraging' infringements, but this still obviously leaves a lot of room for interpretation, and, as illustrated by this case, creates a serious risk of the adopted measures restricting the fundamental freedoms of innocent users. In this new opinion, Szpunar adopts a narrow view of the specificity of injunctions, arguing that they cannot be applied in cases, 'in which the very existence of appropriate measures is the subject of debate'. In other words, where it is unclear which measures might strike a 'fair balance' between the competing rights at stake, the Court must step in and exercise its judgement rather than leaving the issue open to interpretation by the intermediary.

Conclusion 
The Opinion is certainly welcome and it is to be hoped that the broad lines of the thinking are followed by the full Court ruling. Szpunar's clarifications on the protection of free services, as well as on immunity for pre-trial costs, are also helpful–not only for WiFi services but to internet access services in general.

It is somewhat noteworthy that Szpunar relies on the WiFi operator's freedom to conduct a business more heavily that on the rights of the users.

The specificity of injunctions may seem like a relatively obscure, formalistic topic. However, looking at the range of possible infringements of both citizens' and business' rights that could be inflicted by either injunctions (or by inference, liability protections not being extended to such operators) it is in fact a crucial matter in the protection of digital rights. AG Szpunar, by emphasising the role of the courts in striking a fair and predictable balance, lessens the burden on intermediaries in a way which appears to give real meaning to the “provided for by law” obligation in Article 52 of the EU Charter. In this regard, it is encouraging that Szpunar writes: 'given that determining what measures it is appropriate to adopt entails striking a fair balance between the various fundamental rights involved, that task ought to be undertaken by a court, rather than left entirely to the addressee of an injunction'. (emphasis mine) However, the opinion fails to address how much specificity and what national law safeguards are necessary for the court order to be valid. The term 'entirely' does suggest that intermediaries will continue to share at least in part the responsibility to strike a fair balance when implementing the injunction, as was already determined in UPC Telekabel.

More importantly, given the analysis of the Advocate General, it seems logically impossible for EU legislators to impose any greater level of liability on Internet providers than is currently the case, because restrictions on fundamental rights would be virtually inevitable as a consequence.