The Court of Justice of the European Union (CJEU) has handed down its landmark ruling in the case of Mr McFadden v Sony Music. The case involved the operation by Mr McFadden of a free WIFI service. Mr McFadden runs a business selling and leasing lighting and sound systems, and he used the free WIFI service as a marketing tool to draw the attention of customers in nearby shops and cafes to his business. Unfortunately for Mr McFadden, a user of his service infringed the copyright in music owned by Sony, who issued a formal notice to Mr McFadden to respect their intellectual property rights. The notice started the ball rolling for court proceedings which resulted in a referral to the CJEU to determine the heart of the issue: whether Mr McFadden (as the operator of the service) was liable for copyright infringement on behalf of users of his WIFI network.
The CJEU ruled that he was not. Mr McFadden was able to rely on the “mere conduit” defence under the E-Commerce Directive (i.e. he was simply providing access to a communication network – his activity was of a technical, automatic and passive nature and did not go beyond what was necessary for the transmission of the information over the network). The result has some commentators pegging this as a win for Mr McFadden – the court confirmed that operators of free WIFI are not liable for copyright infringement on behalf of their users and Sony are precluded from claiming damages or costs from Mr McFadden on that basis.
But there is a little bit more to the judgment than that: the E-Commerce Directive can be fickle. Whilst it provides Mr McFadden with his “mere conduit” defence to infringement, it doesn’t stop service providers (such as Mr McFadden) from being required to terminate or prevent infringement on their network. What does this mean? Essentially, the court decided that Sony can seek an injunction (and costs related to obtaining such an injunction) against Mr McFadden which would force him to secure access to his internet connection with a password; a password that can only be obtained by users who reveal their identity. The logic appears to be that such a measure will dissuade users from infringing the intellectual property rights of others because they won’t be able to act anonymously.
It’s perhaps a fair decision on the face of it. Mr McFadden isn’t liable for the copyright infringement of his users but Sony can take steps to prevent such infringement by requiring him to password protect the network. However, taking a closer look reveals some weaknesses in the judgment. The assumption that requiring users to identify themselves will prevent infringement is just that, an assumption. Your more sophisticated internet user will almost always be able to get around such requirements and be impossible to trace. Of course, the attempt here is to make things a little bit more difficult for your average user. The problem is that password protecting doesn’t do anything except make it take slightly longer to log in at an internet café. To really dissuade file-sharing, copyright owners would need to be able to pin down the infringing action to a particular individual – and there is certainly no suggestion here that operators of free WIFI should ever be forced to monitor the activity of users. Perhaps the answer is that for some reason users really are dissuaded from infringing by this additional step, or perhaps the CJEU knew it was an empty gesture but felt the need to give some comfort to copyright owners such as Sony. Either way, it certainly feels like another legal decision out of step with the reality of technology and the internet.
It’s also a rather curious decision in light of the European Commission’s recent push for free WIFI across Europe. You can read Jean-Claude Juncker’s annual state of the union address here, where he proposes free wireless internet access in every European village and city by 2020. Notably, he warns about the need for strong privacy laws because “Europeans do not like drones overhead recording their every move, or companies stockpiling their every mouse click.” A decision which essentially requires compulsory identification of all users in case one of them infringes copyright stands out as more than a little at odds with this.