Another Bad EU Ruling: WiFi Providers Can Be Forced To Require Passwords If Copyright Holders Demand It

from the really-now? dept

For quite some time now, we've been following an odd case through the German and then EU court system, concerning whether or not the operator of an open WiFi system should be liable for copyright infringement that occurs over that access point. Back in 2010, a German court first said that if you don't secure your WiFi, you can get fined. This was very problematic -- especially for those of us who believe in open WiFi. The EU Court of Justice agreed to hear the case and the Advocate General recommended a good ruling: that WiFi operators are not liable and also that they shouldn't be forced to password protect their access points.

The ruling, unfortunately, says that WiFi operators can be compelled to password protect their networks. It's not all bad, in that the headline story is that WiFi operators, on their own, are not liable for actions done on the network, but that's completely undermined by the requirement to password protect it if a copyright holder asks them to.

In today’s judgment, the Court holds, first of all, that making a Wi-Fi network available to the general public free of charge in order to draw the attention of potential customers to the goods and services of a shop constitutes an ‘information society service’ under the directive.

Next, the Court confirms that, where the above three conditions are satisfied, a service provider such as Mr Mc Fadden, who providers access to a communication network, may not be held liable. Consequently, the copyright holder is not entitled to claim compensation on the ground that the network was used by third parties to infringe its rights. Since such a claim cannot be successful, the copyright holder is also precluded from claiming the reimbursement of the costs of giving formal notice or court costs incurred in relation to that claim.

However, the directive does not preclude the copyright holder from seeking before a national authority or court to have such a service provider ordered to end, or prevent, any infringement of copyright committed by its customers.

Lastly, the Court holds that an injunction ordering the internet connection to be secured by means of a password is capable of ensuring a balance between, on the one hand, the intellectual property rights of rightholders and, on the other hand, the freedom to conduct a business of access providers and the freedom of information of the network users. The Court notes, in particular, that such a measure is capable of deterring network users from infringing intellectual property rights.

The details here are especially troubling. As legal experts are noting, this ruling basically says that the times when an injunction can be ordered for password protection, the reason is for the sake of identifying users:

In McFadden the CJEU appears to have decided that password protection would be effective only if the user is required to provide identity details to the service provider so that the user cannot act anonymously.

Now that should raise some very serious concerns about anonymity and privacy -- things that we thought the EU supported. Instead, the CJEU basically seems to be saying you have a right to anonymity in connecting to the internet up until the point a major copyright holder doesn't like it any more, and they can now force WiFi operators to lock up their WiFi and/or demand identification to use it. Yikes.

This also punches a HUGE hole in the previous day's announcement by the EU Commission that there would be open WiFi across Europe. Under this new CJEU ruling, that may no longer be possible. It's fairly incredible how, between the European Court of Justice and the EU Commission, they seem so oddly confused about copyright and related issues that they seem to be messing absolutely everything up in just a few short weeks.

Filed Under: cjeu, copyright, eu court of justice, injunctions, liability, mcfadden, open wifi, passwords, wifi