In its judgement dated 15 September 2016, the European Court of Justice (ECJ) answers general questions on the liability of the operator of a public WLAN hotspot. The Regional Court (LG) of Munich presented the ECJ with questions in a so-called preliminary ruling procedure to find out how exactly individual passages of the European Directive on Electronic Commerce must be understood.
What is it about? Under German law, the entity who grants third parties access to its WLAN is generally liable as so-called interferer even for breaches of law not committed by itself via this WLAN, but by the third party. Violations of copyright law by downloading and disseminating music, movies or computer games are classic examples. At any rate, the aggrieved party has injunctive relief against not only the person who actually commits the deed, but also against the subscriber (the interferer). It is different for claims for damages, where the mere ownership of the connection is generally not sufficient under German law.
In the specific case, Sony Music Entertainment Germany Gesellschaft mit beschränkter Haftung (GmbH) sought injunctive relief against and damages from the commercial operator of so-called WLAN hotspots because a third party the operator granted access to the network had downloaded and disseminated a music album via this network. The LG Munich now had to clarify how the European Directive must be understood in order to decide whether the operator is liable and what requirements it would need to meet in order to operate the hotspot.
The ECJ decided that the operator of such a network is generally not liable for infringements committed by third parties. At first, this sounds like a complete success for the affected operator and in general for all operators of WLAN hotspots, such as cafés, bars, hotels, etc. – However, this is followed by a big “but”: The ECJ also decided that the aggrieved party is entitled to have the infringement ended and to prohibit the operator from its continuation. In other words: The operator must not repeat this infringement in the future (including through third parties). However, this means nothing other than the liability of a WLAN hotspot operator to cease and desist. Moreover, the ECJ determines that the party whose rights were infringed (here: Sony) can demand to have the WLAN access secured by a password. It may furthermore demand that every user of the hotspot must identify themselves to receive the password in order to break anonymity.
Conclusion: Even though the ECJ first determines that there is generally no liability of a hotspot operator for infringements committed by a user of this hotspot, it immediately breaks up this determination by its further explanations and determines that injunction proceedings can be brought against the operator of such a hotspot and it can be obligated to grant access only upon registration and via a password.
This means that nothing really changed in practice. After the first written warning at the latest, the provider of a hotspot will (have to) install password protection for its own safety and only grant access upon registration. Most providers of such WLAN hotspots follow this approach already. From a lawyer’s point of view, we continue to urgently recommend protection by a password that is only given to the user after they have registered. This is the only way the hotspot operator can take recourse to the person actually committing the deed e.g. for the lawyer’s fees claimed with the written warning.