Free customer WiFi: the risks

10 January, 2017

Providing free customer WiFi access is a popular and low-cost way to attract clients, and is becoming increasingly widespread (and indeed is often expected by customers) in cafés, hotels and other business outlets open to the public. While this is generally a good business strategy it can pose an element of risk, as the business providing internet access often has little or no control over what users do on its network. Users may, for instance, download or upload illegal or

infringing content. Infringement of others’ intellectual property (IP) rights is particularly common online, and can happen without even the user himself being aware of it.

As this is a relatively recent phenomenon, it has not always been clear where the liability for such infringements lies. Aggrieved owners of IP in online content may be tempted to take action against businesses providing the internet access concerned, as they tend to be more easily identifiable and have deeper pockets than the individuals who actually committed the infringement. But can a business really be asked to compensate IP owners for infringements that it was not directly involved in, and often not even aware of?

Liability for IP infringements by retailers

Some light has been thrown on the issue by the recent case McFadden v Sony[1], which ruled that businesses which offer free internet access to the public are not liable for infringements of IP rights committed by their network’s users. McFadden, a German sound system and lighting retailer, offered a free and unsecure WiFi service to customers, but also to nearby residents and customers of other local businesses in a bid to attract more people to his shop. In 2010, someone made use of his network to illegally download a song, the rights to which were owned by Sony.

The Court held that while IP owners may issue an injunction against the business to force them to stop the infringement going forward, they would not usually be able to claim compensation for the infringement itself or require the business to terminate its internet connection, provided the business acts as a “mere conduit” of the infringing content.

The “mere conduit” defence

In this situation, a business providing WiFi acts as an intermediary between its customers and the websites they access. Provided the business complies with the E-Commerce Directive, it will not be liable for any material where it acts as a “mere conduit”. The E- Commerce Directive requires the following three conditions to be satisfied: (i) the provider of the service must not have initiated the illicit transmission; (ii) it must not have selected the recipient of the illicit transmission; and (iii) it must neither have selected nor modified the information contained in the illicit transmission. A business acts as a mere conduit when it provides nothing more than access to a communication network.

This defence meant that Sony could not claim compensation from McFadden for any infringement by its users. Further, the court clarified that network access providers are not obliged in general to monitor their internet network for any illegal activity that may take place, although they might be required, as a result of the injunction, to password-protect their internet service in order to identify any users who do commit such infringements.

Practical steps

This case is a step in the right direction for businesses providing WiFi access to customers, as it reassures them that they may continue to do so without risking liability for IP infringements by their users.

However, despite the acknowledgement by the court that monitoring is not required, providers of free WiFi should still take measures to make it difficult for their users to infringe others’ IP rights, and to make users who do so identifiable. For instance, they might place limits on the amount of data users can upload or download on the WiFi they provide, and require users to give details such as an email address and password before allowing access to the network.

Businesses need to ensure all relevant agreements give them proper protection on this issue. Appropriate terms on liability and compensation should be sought in premises leases, service supplier contracts and WiFi terms of use.  This, in combination with the above measures, should help protect businesses from liability in the event of IP infringements by their users.

For more information about e-commerce, internet law or any aspect of intellectual property law, please contact Elliot Fry on +44 (0)1732 224 034 or


[1] McFadden v Sony Music Entertainment Germany GmbH, Case C-484/14, 15 September 2016 (Bailii)