Free Wi-Fi – but at what cost?

There are a number of advantages to businesses who make their internet connection available to the public. The prospect of free Wi-Fi can not only lure customers to the business or retail space, but, as an “added extra”, it has the potential to retain or grow consumer loyalty in a competitive market place. Recent technological advances will also assist businesses in direct marketing via their open hotspots. The latest beacon technology can, for example, track the time spent by potential customers in a shop, the items browsed, and even beam special offers to them as they enter the premises. This functionality depends on the connectivity of consumers.

However, businesses that make free open Wi-Fi available to public users could leave themselves exposed to liability. With little or no control over the sites accessed by users or whether material is illegally downloaded, a Wi-Fi provider could potentially be held liable for the illegal act or infringement, particularly if individual users cannot be traced. Such was the case in 2009 when a UK pub owner was fined £8,000 because someone unlawfully downloaded copyright material over the pub’s open Wi-Fi hotspot. The pub owner was found to be responsible for the Wi-Fi service and since the user who committed the offence using the hotspot could not be identified, he was found to be liable for the infringement in a civil case bought by the copyright holder.

This issue has cropped up again recently in Germany, in a case concerning a businessman who provided password-free Wi-Fi from his shop in the hope that interest generated from people in nearby cafes and shops might drive business to his website. Unfortunately, this had the adverse effect of facilitating copyright infringement, as an unknown user used the Wi-Fi connection to share copyright protected music. While considering whether the business owner should be held liable, the court in Munich referred a number of questions to the Court of Justice of the EU (CJEU) to help it interpret the EU laws concerning third party liability for unlawful activity over electronic communication networks in the E-Commerce Directive.

The questions which were referred to the CJEU revolve around two main points of interpretation;

• Firstly, whether or not the businessman had “provided” the service (the court in Munich had noted that he did not receive payment for providing the Wi-Fi, nor did he promote the service, he simply left it open); and

• Secondly, the scope of liability for an internet provider, particularly after being made aware of the infringing acts conducted using the hotspot.

The CJEU has yet to reach a conclusion on these issues (this is expected at the end of 2015) but it is already widely acknowledged that the decision could have a significant impact on the availability of free Wi-Fi (and not just in Germany!). If providers of open Wi-Fi could be held liable for the illegal acts of its users, many businesses would need to review their practice of serving up free Wi-Fi as part-and-parcel of their business activities.

Regardless of the decision, this case could also mean that new obligations are imposed on non-private providers of Wi-Fi networks. Already it is reported that the German government plans to release draft legislation to clarify the obligations of providers of public Wi-Fi. It is expected that internet operators will need to take “reasonable measures” to secure their networks. At the very least, this is likely to mean user registration and password protection.

Whilst this German case will not have an immediate impact on UK businesses, it is, perhaps, a significant marker for where English law is heading. As a matter of public policy, the UK government will not wish to deter businesses from providing connectivity with excessive regulation, but it will also be mindful of the need to protect the interests of the creative industries and provide recourse to rights holders in the event of online infringement.

Businesses who wish to make the most of offering Wi-Fi connectivity should be aware of the risks. As a matter of good practice, a business should look to keep its public Wi-Fi network separate from its business network and ensure that users register for guest access, agreeing to a strict terms of use policy before they can access the connection. This way, businesses will be able to trace any public users who use the connection unlawfully, and escape liability for these acts by default.

Sophia Costley

This publication is not intended to be a comprehensive review of all developments in IT law and practice, or to cover all aspects of those issues referred to in it. Readers should take legal advice before applying the information contained in this publication to specific issues or transactions. For more information please contact us at updates@memerycrystal.com