JUDGMENT OF THE COURT (Third Chamber)
15 September 2016 (*)
(Reference for a preliminary ruling — Information society — Free movement of services — Commercial wireless local area network (WLAN) — Made available to the general public free of charge — Liability of intermediary service providers — Mere conduit — Directive 2000/31/EC — Article 12 — Limitation of liability — Unknown user of the network — Infringement of rights of rightholders over a protected work — Duty to secure the network — Tortious liability of the trader)
In Case C-484/14,
REQUEST for a preliminary ruling under Article 267 TFEU from the Landgericht München I (Regional Court, Munich I, Germany), made by decision of 18 September 2014, received at the Court on 3 November 2014, in the proceedings
Tobias Mc Fadden
v
Sony Music Entertainment Germany GmbH,
THE COURT (Third Chamber),
composed of L. Bay Larsen, President of the Chamber, D. Šváby, J. Malenovský (Rapporteur), M. Safjan and M. Vilaras, Judges,
Advocate General: M. Szpunar,
Registrar: V. Tourrès, Administrator,
having regard to the written procedure and further to the hearing on 9 December 2015,
after considering the observations submitted on behalf of:
– Mr Mc Fadden, by A. Hufschmid and C. Fritz, Rechtsanwälte,
– Sony Music Entertainment Germany GmbH, by B. Frommer, R. Bisle, M. Hügel, Rechtsanwälte,
– the Polish Government, by B. Majczyna, acting as Agent,
– the European Commission, by K.-P. Wojcik and F. Wilman, acting as Agents,
after hearing the Opinion of the Advocate General at the sitting on 16 March 2016,
gives the following
Judgment
1 This request for a preliminary ruling concerns the interpretation of Article 12(1) of Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the internal market (‘Directive on electronic commerce’) (OJ 2000 L 178, p. 1).
2 The request has been made in proceedings between Mr Tobias Mc Fadden and Sony Music Entertainment Germany GmbH (‘Sony Music’) concerning the potential liability of Mr Mc Fadden for the use by a third party of the wireless local area network (WLAN) operated by Mr Mc Fadden in order to make a phonogram produced by Sony Music available to the general public without authorisation.
Legal context
EU law
Directive 98/34
3 On 22 June 1998, the European Parliament and the Council adopted Directive 98/34/EC laying down a procedure for the provision of information in the field of technical standards and regulations and of rules on information society services (OJ 1998 L 204, p. 37), as amended by Directive 98/48/EC of the European Parliament and of the Council of 20 July 1998 (OJ 1998 L 217, p. 18, ‘Directive 98/34’).
4 Recitals 2 and 19 of Directive 98/48 state:
‘(2) Whereas a wide variety of services within the meaning of Articles 59 and 60 [TEC, now Articles 46 and 57 TFEU,] will benefit by the opportunities afforded by the Information Society of being provided at a distance, electronically and at the individual request of a recipient of services;
…
(19) Whereas, under Article 60 [EC, now Article 57 TFEU,] as interpreted by the case-law of the Court of Justice, “services” means those normally provided for remuneration; whereas that characteristic is absent in the case of activities which a State carries out without economic consideration in the context of its duties in particular in the social, cultural, educational and judicial fields …’
5 Article 1 of Directive 98/34 provides:
‘For the purposes of this Directive, the following meanings shall apply:
…
(2) “service”, any Information Society service, that is to say, any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services.
…’
Directive 2000/31
6 Recitals 18, 41, 42 and 50 of Directive 2000/31 are worded as follows:
‘(18) Information Society services span a wide range of economic activities which take place online …; Information Society services are not solely restricted to services giving rise to online contracting but also, in so far as they represent an economic activity, extend to services which are not remunerated by those who receive them, such as those offering online information or commercial communications, or those providing tools allowing for search, access and retrieval of data; Information Society services also include services consisting … in providing access to a communication network ...
…
(41) This Directive strikes a balance between the different interests at stake and establishes principles upon which industry agreements and standards can be based.
(42) The exemptions from liability established in this Directive cover only cases where the activity of the Information Society service provider is limited to the technical process of operating and giving access to a communication network over which information made available by third parties is transmitted or temporarily stored, for the sole purpose of making the transmission more efficient; this activity is of a mere technical, automatic and passive nature, which implies that the Information Society service provider has neither knowledge of nor control over the information which is transmitted or stored.
…
(50) It is important that the proposed directive on the harmonisation of certain aspects of copyright and related rights in the Information Society and this Directive come into force within a similar time scale with a view to establishing a clear framework of rules relevant to the issue of liability of intermediaries for copyright and relating rights infringements at Community level.’
7 Article 2 of that directive, headed ‘Definitions’, provides:
‘For the purpose of this Directive, the following terms shall bear the following meanings:
(a) “Information Society services”: services within the meaning of Article 1(2) of Directive 98/34;
(b) “service provider”: any natural or legal person providing an Information Society service;
…’
8 Section 4, headed ‘Liability of intermediary service providers’, of Chapter II of the directive is comprised of Articles 12 to 15.
9 Article 12 of Directive 2000/31, headed ‘Mere conduit’, provides:
‘1. Where an Information Society service is provided that consists of the transmission in a communication network of information provided by a recipient of the service, or the provision of access to a communication network, Member States shall ensure that the service provider is not liable for the information transmitted, on condition that the provider:
(a) does not initiate the transmission;
(b) does not select the receiver of the transmission; and
(c) does not select or modify the information contained in the transmission.
…
3. This Article shall not affect the possibility for a court or administrative authority, in accordance with Member States’ legal systems, of requiring the service provider to terminate or prevent an infringement.’
10 Article 13 of Directive 2000/31, headed ‘Caching’, provides:
‘1. Where an Information Society service is provided that consists of the transmission in a communication network of information provided by a recipient of the service, Member States shall ensure that the service provider is not liable for the automatic, intermediate and temporary storage of that information, performed for the sole purpose of making more efficient the information’s onward transmission to other recipients of the service upon their request, on condition that:
(a) the provider does not modify the information;
(b) the provider complies with conditions on access to the information;
(c) the provider complies with rules regarding the updating of the information, specified in a manner widely recognised and used by industry;
(d) the provider does not interfere with the lawful use of technology, widely recognised and used by industry, to obtain data on the use of the information; and
(e) the provider acts expeditiously to remove or to disable access to the information it has stored upon obtaining actual knowledge of the fact that the information at the initial source of the transmission has been removed from the network, or access to it has been disabled, or that a court or an administrative authority has ordered such removal or disablement.’
11 Article 1 of that directive, headed ‘Beneficiaries’, provides:
‘1. Where an Information Society service is provided that consists of the storage of information provided by a recipient of the service, Member States shall ensure that the service provider is not liable for the information stored at the request of a recipient of the service, on condition that:
(a) the provider does not have actual knowledge of illegal activity or information and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or information is apparent; or
(b) the provider, upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information.
2. Paragraph 1 shall not apply when the recipient of the service is acting under the authority or the control of the provider.
3. This Article shall not affect the possibility for a court or administrative authority, in accordance with Member States’ legal systems, of requiring the service provider to terminate or prevent an infringement, nor does it affect the possibility for Member States of establishing procedures governing the removal or disabling of access to information.’
12 Article 15(1) of Directive 2000/31, headed ‘No general obligation to monitor’, provides:
‘Member States shall not impose a general obligation on providers, when providing the services covered by Articles 12, 13 and 14, to monitor the information which they transmit or store, nor a general obligation actively to seek facts or circumstances indicating illegal activity.’
Directive 2001/29/EC
13 Recital 16 of Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society (OJ 2001 L 167, p. 10) states:
‘Liability for activities in the network environment concerns not only copyright and related rights but also other areas, such as defamation, misleading advertising, or infringement of trademarks, and is addressed horizontally in Directive [2000/31], which clarifies and harmonises various legal issues relating to Information Society services including electronic commerce. This Directive should be implemented within a timescale similar to that for the implementation of the Directive on electronic commerce, since that Directive provides a harmonised framework of principles and provisions relevant inter alia to important parts of this Directive. This Directive is without prejudice to provisions relating to liability in that Directive.’
Directive 2004/48/EC
14 Article 2 of Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the enforcement of intellectual property rights (OJ 2004 L 157, p. 45, and corrigendum in OJ 2004 L 195, p. 16), headed ‘Damages’, provides:
‘…
3. This Directive shall not affect:
(a) … Directive [2000/31], in general, and Articles 12 to 15 of Directive 2000/31/EC in particular;
…’
German law
15 Paragraphs 7 to 10 of the Telemediengesetz (Law on electronic media) of 26 February 2007 (BGBl. I, p. 179), as last amended by the Law of 31 March 2010 (BGBl. I, p. 692) (‘Law on electronic media’), transpose Articles 12 to 15 of Directive 2000/31 into national law.
16 Paragraph 7 of the Law on electronic media is worded as follows:
‘(1) Service providers shall be liable for their own information which they make available for use in accordance with the general law.
(2) Service providers within the meaning of Paragraphs 8 to 10 shall be under no duty to monitor the information which they transmit or store, or actively to seek facts or circumstances indicating illegal activity. The absence of liability on the part of the service provider under Paragraphs 8 to 10 shall be without prejudice to general statutory obligations to remove, or disable the use of, information. …’
17 Paragraph 8(1) of the Law on electronic media provides:
‘Service providers shall not be liable for information which they transmit over a communication network or to which they provide access for use provided that service providers:
1. do not initiate the transmission;
2. do not select the receiver of the transmission; and
3. do not select or modify the information contained in the transmission.
The first sentence shall not apply where a service provider intentionally collaborates with a user of its service in order to undertake illegal activity.’
18 Paragraph 97 of the Gesetz über Urheberrecht und verwandte Schutzrechte (Urheberrechtsgesetz) (Law on copyright and related rights) of 9 September 1965 (BGBl. I, p. 1273), as last amended by the Law of 1 October 2013 (BGBl. I, p. 3728) (‘the Law on copyright and related rights’), provides:
‘(1) Any person who unlawfully infringes copyright or any other right protected under this law may be the subject of an action by the injured party for an injunction ordering the termination of the infringement or, where there is a risk of recurrence, for an injunction prohibiting any further commission of the infringement. The right to seek a prohibitory injunction shall exist even where the risk of infringement arises for the first time.
(2) Any person who intentionally or negligently commits such an infringement shall be obliged to indemnify the injured party for the harm arising therefrom. …’
19 Paragraph 97a of the Law on copyright and related rights provides:
‘(1) Before instituting judicial proceedings for a prohibitory injunction, the injured party shall give formal notice to the infringer, allowing him an opportunity to settle the dispute by giving an undertaking to refrain from further commission of the infringement, coupled with an appropriate contractual penalty.
…
(3) Provided that the formal notice is justified, … reimbursement of the costs necessarily so incurred may be sought. …’
National case-law on the indirect liability of information society service providers (Störerhaftung)
20 It appears from the order for reference that in German law a person may be held liable in the case of infringement of copyright or related rights for acts committed either directly (Täterhaftung) or indirectly (Störerhaftung). Paragraph 97 of the Law on copyright and related rights is interpreted by the German courts as meaning that liability for an infringement may be incurred by a person who, without being the author of the infringement or complicit in it, contributes to the infringement intentionally (the Störer).
21 In this connection, the Bundesgerichtshof (Federal Court of Justice, Germany) held, in a judgment of 12 May 2010, Sommer unseres Lebens (I ZR 121/08), that a private person operating a Wi-Fi network with internet access may be regarded as a Störer where he has failed to make his network secure by means of a password and thus enabled a third party to infringe a copyright or related right. According to that judgment, it is reasonable for such a network operator to take measures to secure the network, such as a system for identification by means of a password.
Facts of the main proceedings and the questions referred for a preliminary ruling
22 Mr Mc Fadden runs a business selling and leasing lighting and sound systems.
23 He operates an anonymous access to a wireless local area network free of charge in the vicinity of his business. In order to provide such internet access, Mr Mc Fadden uses the services of a telecommunications business. Access to that network was intentionally not protected in order to draw the attention of customers of near-by shops, of passers-by and of neighbours to his company.
24 Around 4 September 2010, Mr Mc Fadden changed the name of his network from ‘mcfadden.de’ to ‘freiheitstattangst.de’ in reference to a demonstration in favour of the protection of personal data and against excessive State surveillance.
25 At the same time, by means of the wireless local area network operated by Mr Mc Fadden, a musical work was made available on the internet free of charge to the general public without the consent of the rightholders. Mr Mc Fadden asserts that he did not commit the infringement alleged, but does not rule out the possibility that it was committed by one of the users of his network.
26 Sony Music is the producer of the phonogram of that work.
27 By letter of 29 October 2010, Sony Music gave formal notice to Mr Mc Fadden to respect its rights over the phonogram.
28 Following the giving of formal notice, Mr Mc Fadden brought an action for a negative declaration (‘negative Feststellungsklage’) before the referring court. In reply, Sony Music made several counterclaims seeking to obtain from Mr Mc Fadden, first, payment of damages on the ground of his direct liability for the infringement of its rights over the phonogram, second, an injunction against the infringement of its rights on pain of a penalty and, third, reimbursement of the costs of giving formal notice and court costs.
29 In a judgement of 16 January 2014, entered in default of Mr Mc Fadden’s appearance, the referring court dismissed Mr Mc Fadden’s action and upheld the counterclaims of Sony Music.
30 Mr Mc Fadden appealed against that judgment on the ground that he is exempt from liability under the provisions of German law transposing Article 12(1) of Directive 2000/31.
31 In the appeal, Sony Music claims that the referring court should uphold the judgment at first instance and, in the alternative, in the event that that court should not hold Mr Mc Fadden directly liable, order Mr Mc Fadden, in accordance with the case-law on the indirect liability (Störerhaftung) of wireless local area network operators, to pay damages for not having taken measures to protect his wireless local area network and for having thereby allowed third parties to infringe Sony Music’s rights.
32 In the order for reference, the referring court states that it is inclined to regard the infringement of Sony Music’s rights as not having been committed by Mr Mc Fadden personally, but by an unknown user of his wireless local area network. However, the referring court is considering holding Mr Mc Fadden indirectly liable (Störerhaftung) for failing to have secured the network from which its rights were infringed anonymously. Nevertheless, the referring court wishes to know whether the exemption from liability laid down in Article 12(1) of Directive 2000/31, which has been transposed into German law by the first sentence of Paragraph 8(1) of the Law on electronic media, might preclude it from finding Mr Mc Fadden liable in any form.
33 In those circumstances, the Landgericht München I (Regional Court, Munich I, Germany) decided to stay the proceedings and to refer the following questions to the Court of Justice for a preliminary ruling:
‘1. Is the first half-sentence of Article 12(1) of Directive 2000/31, read in conjunction with Article 2(a) of that directive and Article 1(2) of Directive 98/34, to be interpreted as meaning that the expression “normally provided for remuneration” means that the national court must establish:
a. whether the person specifically concerned, who claims the status of service provider, normally provides that specific service for remuneration,
b. whether there are on the market any providers at all who provide that service or similar services for remuneration, or
c. whether the majority of these or similar services are provided for remuneration?
2. Is the first half-sentence of Article 12(1) of Directive 2000/31 to be interpreted as meaning that the expression “provision of access to a communication network” means that the only criterion for provision in conformity with the directive is that access to a communication network (for example, the internet) should be successfully provided?
3. Is the first half-sentence of Article 12(1) of Directive 2000/31, read in conjunction with Article 2(b) of that directive, to be interpreted as meaning that, for the purposes of “anbieten” (“provision”) within the meaning of Article 2(b) [of that directive], it is sufficient for the Information Society service to be made available, that being, in this case, the making available of an open [wireless local area network] WLAN, or is “advertising”, for example, also necessary?
4. Is the first half-sentence of Article 12(1) of Directive 2000/31 to be interpreted as meaning that the expression “not liable for the information transmitted” precludes as a matter of principle, or in any event in relation to a first established copyright infringement, any claims for injunctive relief, damages or the payment of the costs of giving formal notice or court costs which a person affected by a copyright infringement might make against the access provider?
5. Is the first half-sentence of Article 12(1) of Directive 2000/31, read in conjunction with Article 12(3) of that directive, to be interpreted as meaning that the Member States may not permit a national court, in substantive proceedings, to make an order requiring an access provider to refrain in future from enabling third parties to make a particular copyright-protected work available for electronic retrieval from an online exchange platform via a specific internet connection?
6. Is the first half-sentence of Article 12(1) of Directive 2000/31 to be interpreted as meaning that, in circumstances such as those in the main proceedings, the rule contained in Article 14(1)(b) of Directive 2000/31 is to be applied mutatis mutandis to an application for a prohibitory injunction?
7. Is the first half-sentence of Article 12(1) of Directive 2000/31, read in conjunction with Article 2(b) of that directive to be interpreted as meaning that the requirements applicable to a service provider are limited to the condition that the service provider be any natural or legal person providing an Information Society service?
8. If the seventh question is answered in the negative, what additional requirements must be imposed on a service provider for the purposes of interpreting Article 2(b) of Directive 2000/31?
9. Is the first half-sentence of Article 12(1) of Directive 2000/31, taking into account the existing protection of intellectual property as a fundamental right forming part of the right to property (Article 17(2) of the Charter of Fundamental Rights of the European Union) and the provisions of Directives 2001/29 and 2004/48, and taking into account the freedom of information and the fundamental right under EU law of the freedom to conduct a business (Article 16 of the Charter of Fundamental Rights of the European Union), to be interpreted as not precluding a national court from deciding, in … proceedings in which an access provider is ordered, on pain of payment of a fine, to refrain in the future from enabling third parties to make a particular copyright-protected work or parts thereof available for electronic retrieval from an online (peer-to-peer) exchange platform via a specific internet connection, that it may be left to the access provider to determine what specific technical measures to take in order to comply with that order?
[10.] Does this also apply where the access provider is in fact able to comply with the court prohibition only by terminating or password-protecting the internet connection or examining all communications passing through it in order to ascertain whether the particular copyright-protected work is unlawfully transmitted again, and this fact is apparent from the outset rather than coming to light only in the course of enforcement or penalty proceedings?’
Consideration of the questions referred
The first question
34 It appears from the order for reference that, by its first question, the referring court seeks to determine whether a service, such as that provided by the applicant in the main proceedings, consisting in making available to the general public an open wireless communication network free of charge may fall within the scope of Article 12(1) of Directive 2000/31.
35 In those circumstances, it must be understood that, by its first question, the referring court is asking, in essence, whether Article 12(1) of Directive 2000/31, read in conjunction with Article 2(a) of that directive and with Article 1(2) of Directive 98/34, must be interpreted as meaning that a service, such as that at issue in the main proceedings, provided by a communication network operator and consisting in making that network available to the general public free of charge constitutes an ‘information society service’ within the meaning of Article 12(1) of Directive 2000/31.
36 From the outset, it is important to note that neither Article 12(1) of Directive 2000/31 nor Article 2 of that directive defines the concept of an ‘information society service’. However, the latter article refers for such purposes to Directive 98/34.
37 In that regard, it follows, first, from recitals 2 and 19 to Directive 98/48 that the concept of a ‘service’ used in Directive 98/34 must be understood as having the same meaning as that used in Article 57 TFEU. Under Article 57 TFEU, ‘services’ are to be considered to be services normally provided for remuneration.
38 Second, Article 1(2) of Directive 98/34 provides that the concept of an ‘information society service’ covers any service normally provided for remuneration, by electronic means and at the individual request of a recipient of services.
39 Under those conditions, the Court finds that the information society services referred to in Article 12(1) of Directive 2000/31 cover only those services normally provided for remuneration.
40 That conclusion is borne out by recital 18 of Directive 2000/31 which states that, although information society services are not solely restricted to services giving rise to online contracting but extend to other services, those services must represent an economic activity.
41 Nonetheless, it does not follow that a service of an economic nature performed free of charge may under no circumstances constitute an ‘information society service’ within the meaning of Article 12(1) of Directive 2000/31. The remuneration of a service supplied by a service provider within the course of its economic activity does not require the service to be paid for by those for whom it is performed (see, to that effect, judgment of 11 September 2014, Papasavvas, C-291/13, EU:C:2014:2209, paragraphs 28 and 29).
42 That is the case, inter alia, where the performance of a service free of charge is provided by a service provider for the purposes of advertising the goods sold and services provided by that service provider, since the cost of that activity is incorporated into the price of those goods or services (judgment of 26 April 1988, Bond van Adverteerders and Others, 352/85, EU:C:1988:196, paragraph 16, and of 11 April 2000, Deliège, C-51/96 and C-191/97, EU:C:2000:199, paragraph 56).
43 In the light of the foregoing, the answer to the first question referred is that Article 12(1) of Directive 2000/31, read in conjunction with Article 2(a) of that directive and with Article 1(2) of Directive 98/34, must be interpreted as meaning that a service such as that at issue in the main proceedings, provided by a communication network operator and consisting in making that network available to the general public free of charge constitutes an ‘information society service’ within the meaning of Article 12(1) of Directive 2000/31 where the activity is performed by the service provider in question for the purposes of advertising the goods sold or services supplied by that service provider.
The second and third questions
44 By its second and third questions, which it is appropriate to consider together, the referring court asks, in essence, whether Article 12(1) of Directive 2000/31 must be interpreted as meaning that, in order for the service referred to in that article, consisting in providing access to a communication network, to be considered to have been provided, that access must only be made available or whether further conditions must be satisfied.
45 In particular, the referring court wishes to know whether, in addition to providing access to a communication network, it is necessary, first, for there to be a contractual relationship between the recipient and provider of the service and, second, for the service provider to advertise the service.
46 In that regard, in the first place, it is clear from the wording of Article 12 of Directive 2000/31, headed ‘Mere conduit’, that the provision of the service referred to in that article must involve the transmission in a communication network of information.
47 Furthermore, the provision states that the exemption from liability laid down in that provision applies only with regard to information transmitted.
48 Finally, according to recital 42 of Directive 2000/31, the activity of ‘mere conduit’ is of a mere technical, automatic and passive nature.
49 It follows that providing access to a communication network must not go beyond the boundaries of such a technical, automatic and passive process for the transmission of the required information.
50 In the second place, it does not appear either from the other provisions of Directive 2000/31 or the objectives pursued thereunder that providing access to a communication network must satisfy further conditions, such as a condition that there be a contractual relationship between the recipient and provider of that service or that the service provider use advertising to promote that service.
51 The Court recognises that it may appear from the use in Article 2(b) of Directive 2000/31 of the verb anbieten in its German language version that that article refers to the idea of an “offer”, and thus to a certain form of advertising.
52 However, the need for uniform application and accordingly a uniform interpretation of the provisions of EU law makes it impossible for one version of the text of a provision to be considered, in case of doubt, in isolation, but requires, on the contrary, that it be interpreted and applied in the light of the versions existing in the other official languages (judgment of 9 June 2011, Eleftheri tileorasi and Giannikos, C-52/10, EU:C:2011:374, paragraph 23).
53 The other language versions of the Article 2(b), inter alia those in Spanish, Czech, English, French, Italian, Polish or Slovak, use verbs which do not imply the idea of an ‘offer’ or of advertising.
54 In the light of the foregoing, the answer to the second and third questions is that Article 12(1) of Directive 2000/31 must be interpreted as meaning that, in order for the service referred to in that article, consisting in providing access to a communication network, to be considered to have been provided, that access must not go beyond the boundaries of a technical, automatic and passive process for the transmission of the required information, there being no further conditions to be satisfied.
The sixth question
55 By its sixth question, which it is appropriate to consider in the third place, the referring court asks, in essence, whether Article 12(1) of Directive 2000/31 must be interpreted as meaning that the condition laid down in Article 14(1)(b) of that directive applies mutatis mutandis to Article 12(1) of the directive.
56 In that regard, it follows from the very structure of Directive 2000/31 that the EU legislature wished to distinguish between the regimes applicable to the activities of mere conduit, of the storage of information taking the form of ‘caching’ and of hosting in so far as those activities are governed by different provisions of that directive.
57 Against that background, it appears from a comparison of Article 12(1), Article 13(1) and Article 14(1) of the directive that the exemptions from liability provided for in those provisions are governed by different conditions of application depending on the type of activity concerned.
58 In particular, Article 14(1) of Directive 2000/31, headed ‘Hosting’, provides, inter alia, that, in order to benefit from the exemption from liability laid down in that provision in favour of internet website hosts, such hosts must act expeditiously upon obtaining knowledge of illegal information to remove or to disable access to it.
59 However, Article 12(1) of Directive 2000/31 does not subject the exemption from liability that it lays down in favour of providers of access to a communication network to compliance with such a condition.
60 Moreover, as the Advocate General has stated in paragraph 100 of his Opinion, the position of an internet website host on the one hand and of a communication network access provider on the other are not similar as regards the condition laid down in Article 14(1) of Directive 2000/31.
61 It appears from recital 42 of Directive 2000/31 that the exemptions from liability established therein were provided for in the light of the fact that the activities engaged in by the various categories of service providers referred to, inter alia providers of access to a communication network and internet website hosts, are all of a mere technical, automatic and passive nature and that, accordingly, such service providers have neither knowledge of, nor control over, the information which is thereby transmitted or stored.
62 Nevertheless, the service provided by an internet website host, which consists in the storage of information, is of a more permanent nature. Accordingly, such a host may obtain knowledge of the illegal character of certain information that it stores at a time subsequent to that when the storage was processed and when it is still capable of taking action to remove or disable access to it.
63 However, as regards a communication network access provider, the service of transmitting information that it supplies is not normally continued over any length of time, so that, after having transmitted the information, it no longer has any control over that information. In those circumstances, a communication network access provider, in contrast to an internet website host, is often not in a position to take action to remove certain information or disable access to it at a later time.
64 In any event, it follows from paragraph 54 above that Article 12(1) of Directive 2000/31 does not provide for any further condition other than for the service at issue to provide access to a communication network which does not go beyond the boundaries of a technical, automatic and passive process for the transmission of the required information.
65 In the light of the foregoing, the answer to the sixth question is that Article 12(1) of Directive 2000/31 must be interpreted as meaning that the condition laid down in Article 14(1)(b) of that directive does not apply mutatis mutandis to Article 12(1).
The seventh and eighth questions
66 By its seventh and eighth questions, which it is appropriate to consider together and in the fourth place, the referring court asks, in essence, whether Article 12(1) of Directive 2000/31, read in conjunction with Article 2(b) of that directive, must be interpreted as meaning that there are conditions other than the one mentioned in that provision to which a service provider providing access to a communication network is subject.
67 In that regard, Article 12(1) of Directive 2000/31, read in conjunction with Article 2(b) of that directive, expressly provides for only one condition as regards such a service provider, namely that of being a natural or legal person providing an information society service.
68 In that regard, it appears from recital 41 to Directive 2000/31 that, by adopting that directive, the EU legislature struck a balance between the various interests at stake. It follows that that directive as a whole, and in particular Article 12(1) read in conjunction with Article 2(b) thereof must be regarded as giving effect to the balance struck by the legislature.
69 In those circumstances, it is not for the Court to take the place of the EU legislature by subjecting the application of that provision to conditions which the legislature has not laid down.
70 To subject the exemption laid down in Article 12(1) of Directive 2000/31 to compliance with conditions that the EU legislature has not expressly envisaged could call that balance into question.
71 In the light of the foregoing, the answer to the seventh and eighth questions is that Article 12(1) of Directive 2000/31, read in conjunction with Article 2(b) of that directive, must be interpreted as meaning that there are no conditions, other than the one mentioned in that provision, to which a service provider supplying access to a communication network is subject.
The fourth question
72 By its fourth question, which it is appropriate to consider in the fifth place, the referring court asks, in essence, whether Article 12(1) of Directive 2000/31 must be interpreted as meaning that it does not preclude a person harmed by the infringement of its rights over a work from claiming injunctive relief against the recurrence of that infringement, compensation and the payment of costs of giving formal notice and court costs from a communication network access provider whose services were used in that infringement.
73 In that regard, it should be noted that Article 12(1) of Directive 2000/31 states that the Member States must ensure that service providers supplying access to a communication network are not held liable for information transmitted to them by the recipients of that service on the threefold condition laid down in that provision that such providers do not initiate such a transmission, that they do not select the receiver of that transmission and that they do not select or modify the information contained in the transmission.
74 It follows that, where those conditions are satisfied, a service provider supplying access to a communication network may not be held liable and therefore a copyright holder is, in any event, precluded from claiming compensation from that service provider on the ground that the connection to that network was used by third parties to infringe its rights.
75 As a result, a copyright holder is also, in any event, precluded from claiming the reimbursement of the costs of giving formal notice or court costs incurred in relation to its claim for compensation. In order to be well founded, such an ancilliary claim requires that the principal claim is also well founded, which is precluded by Article 12(1) of Directive 2000/31.
76 Nevertheless, Article 12(3) of Directive 2000/31 states that that article is not to affect the possibility, for a national court or administrative authority, of requiring a service provider to terminate or prevent an infringement of copyright.
77 Thus, where an infringement is perpetrated by a third party by means of an internet connection which was made available to him by a communication network access provider, Article 12(1) of the directive does not preclude the person harmed by that infringement from seeking before a national authority or court to have the service provider prevented from allowing that infringement to continue.
78 Consequently, the Court considers that, taken in isolation, Article 12(1) of Directive 2000/31 does not prevent that same person from claiming the reimbursement of the costs of giving formal notice and court costs incurred in a claim such as that outlined in the preceding paragraphs.
79 In the light of the foregoing, the answer to the fourth question is that Article 12(1) of Directive 2000/31 must be interpreted as precluding a person harmed by the infringement of its rights over a work from claiming compensation from a provider of access to a communication network on the ground that such access was used by a third party to infringe its rights and the reimbursement of the costs of giving formal notice or court costs incurred in relation to its claim for compensation. However, that article must be interpreted as meaning that it does not preclude such a person from claiming injunctive relief against the continuation of that infringement and the payment of the costs of giving formal notice and court costs from a communication network access provider whose services were used in that infringement where such claims are made for the purposes of obtaining, or follow the grant of injunctive relief by a national authority or court to prevent that service provider from allowing the infringement to continue.
The fifth, sixth and seventh questions
80 By its fifth, ninth and tenth questions, which it is appropriate to consider together and in the sixth place, the referring court asks, in essence, whether, having regard to the requirements deriving from the protection of fundamental rights and to the rules laid down in Directives 2001/29 and 2004/48, Article 12(1) of Directive 2000/31, read in conjunction with Article 12(3) of that directive, must be interpreted as precluding the grant of an injunction such as that at issue in the main proceedings, which requires, on pain of payment of a fine, a provider of access to a communication network allowing the public to connect to the internet to prevent third parties from making a particular copyright-protected work or parts thereof available to the general public from an online (peer-to-peer) exchange platform via an internet connection available in that network, where, although that provider may determine which technical measures to take in order to comply with the injunction, it has already been established that the only measures which the provider may in practice adopt consist in terminating or password-protecting the internet connection or in examining all communications passing through it.
81 As a preliminary matter, it is common ground that an injunction, such as that envisaged by the referring court in the case at issue in the main proceedings, in so far as it would require the communication network access provider in question to prevent the recurrence of an infringement of a right related to copyright, falls within the scope of the protection of the fundamental right to the protection of intellectual property laid down in Article 17(2) of the Charter of Fundamental Rights of the European Union (‘the Charter’).
82 In addition, in so far as such an injunction, first, places a burden on the access provider capable of affecting his economic activity and, second, is capable of restricting the freedom available to recipients of such a service from benefiting from access to the internet, the Court finds that the injunction infringes the former’s right of freedom to conduct a business, protected under Article 16 of the Charter, and the right of others to freedom of information, the protection of which is provided for by Article 11 of the Charter.
83 Where several fundamental rights protected under EU law are at stake, it is for the national authorities or courts concerned to ensure that a fair balance is struck between those rights (see, to that effect, judgment of 29 January 2008, Promusicae, C-275/06, EU:C:2008:54, paragraphs 68 and 70).
84 In that regard, the Court has previously held that an injunction which leaves a communication network access provider to determine the specific measures to be taken in order to achieve the result sought is capable, under certain conditions, of leading to such a fair balance (see, to that effect, judgment of 27 March 2014, UPC Telekabel Wien, C-314/12, EU:C:2014:192, paragraphs 62 and 63).
85 In the present case, it appears from the order for reference that the referring court envisages a situation in which there are, in practice, only three measures that the addressee of the injunction may take, namely examining all communications passing through an internet connection, terminating that connection or password-protecting it.
86 It is therefore on the sole basis of those three measures envisaged by the referring court that the Court will examine the compatibility of the envisaged injunction with EU law.
87 As regards, first, monitoring all of the information transmitted, such a measure must be excluded from the outset as contrary to Article 15(1) of Directive 2000/31, which excludes the imposition of a general obligation on, inter alia, communication network access providers to monitor the information that they transmit.
88 As regards, second, the measure consisting in terminating the internet connection completely, it must be found that so doing would cause a serious infringement of the freedom to conduct a business of a person who pursues an economic activity, albeit of a secondary nature, consisting in providing internet access by categorically preventing that provider from pursuing the activity in practice in order to remedy a limited infringement of copyright without considering the adoption of measures less restrictive of that freedom.
89 In those circumstances, such a measure cannot be regarded as complying with the requirements of ensuring a fair balance is struck between the fundamental rights which must be reconciled (see, to that effect, as regards an injunction, judgment of 24 November 2011, Scarlet Extended, C-70/10, EU:C:2011:771, paragraph 49, and, by analogy, judgment of 16 July 2015, Coty Germany, C-580/13, EU:C:2015:485, paragraphs 35 and 41).
90 As regards, third, the measure consisting in password-protecting an internet connection, it should be noted that such a measure is capable of restricting both the freedom to conduct a business of the provider supplying the service of access to a communication network and the right to freedom of information of the recipients of that service.
91 Nonetheless, it must be found, in the first place, that such a measure does not damage the essence of the right to freedom to conduct its business of a communication network access provider in so far as the measure is limited to marginally adjusting one of the technical options open to the provider in exercising its activity.
92 In the second place, a measure consisting in securing an internet connection does not appear to be such as to undermine the essence of the right to freedom of information of the recipients of an internet network access service, in so far as it is limited to requiring such recipients to request a password, it being clear furthermore that that connection constitutes only one of several means of accessing the internet.
93 In the third place, it is true that, according to case-law, the measure adopted must be strictly targeted, in the sense that it must serve to bring an end to a third party’s infringement of copyright or of a related right but without thereby affecting the possibility of internet users lawfully accessing information using the provider’s services. Failing that, the provider’s interference in the freedom of information of those users would be unjustified in the light of the objective pursued (judgment of 27 March 2014, UPC Telekabel Wien, C-314/12, EU:C:2014:192, paragraph 56).
94 However, a measure adopted by a communication network access provider consisting in securing the connection to that network does not appear to be capable of affecting the possibility made available to internet users using the services of that provider to access information lawfully, in so far as the measure does not block any internet site.
95 In the fourth place, the Court has previously held that measures which are taken by the addressee of an injunction such as that at issue in the main proceedings when complying with that injunction must be sufficiently effective to ensure genuine protection of the fundamental right at issue, that is to say that they must have the effect of preventing unauthorised access to the protected subject matter or, at least, of making it difficult to achieve and of seriously discouraging internet users who are using the services of the addressee of that injunction from accessing the subject matter made available to them in breach of that fundamental right (judgment of 27 March 2014, UPC Telekabel Wien, C-314/12, EU:C:2014:192, paragraph 62).
96 In that regard, the Court finds that a measure consisting in password-protecting an internet connection may dissuade the users of that connection from infringing copyright or related rights, provided that those users are required to reveal their identity in order to obtain the required password and may not therefore act anonymously, a matter which it is for the referring court to ascertain.
97 In the fifth place, it should be recalled that, according to the referring court, there is no measure, other than the three measures that it referred to, that a communication network access provider, such as the applicant in the main proceedings, could, in practice, take in order to comply with an injunction such as that at issue in the main proceedings.
98 Since the two other measures have been rejected by the Court, to consider that a communication network access provider need not secure its internet connection would thus be to deprive the fundamental right to intellectual property of any protection, which would be contrary to the idea of a fair balance (see, by analogy, judgment of 16 July 2015, Coty Germany, C-580/13, EU:C:2015:485, paragraphs 37 and 38).
99 In those circumstances, a measure intended to secure an internet connection by means of a password must be considered to be necessary in order to ensure the effective protection of the fundamental right to protection of intellectual property.
100 It follows from the foregoing that, under the conditions set out in this judgment, a measure consisting in securing a connection must be considered to be capable of striking a fair balance between, first, the fundamental right to protection of intellectual property and, second, the right to freedom to conduct the business of a provider supplying the service of access to a communication network and the right to freedom of information of the recipients of that service.
101 Consequently, the answer to the fifth, ninth and tenth questions referred is that, having regard to the requirements deriving from the protection of fundamental rights and to the rules laid down in Directives 2001/29 and 2004/48, Article 12(1) of Directive 2000/31, read in conjunction with Article 12(3) of that directive, must be interpreted as, in principle, not precluding the grant of an injunction such as that at issue in the main proceedings, which requires, on pain of payment of a fine, a communication network access provider to prevent third parties from making a particular copyright-protected work or parts thereof available to the general public from an online (peer-to-peer) exchange platform via the internet connection available in that network, where that provider may choose which technical measures to take in order to comply with the injunction even if such a choice is limited to a single measure consisting in password-protecting the internet connection, provided that those users are required to reveal their identity in order to obtain the required password and may not therefore act anonymously, a matter which it is for the referring court to ascertain.
Costs
102 Since these proceedings are, for the parties to the main proceedings, a step in the action pending before the national court, the decision on costs is a matter for that court. Costs incurred in submitting observations to the Court, other than the costs of those parties, are not recoverable.
On those grounds, the Court (Third Chamber) hereby rules:
1. Article 12(1) of Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the internal market (‘Directive on electronic commerce’), read in conjunction with Article 2(a) of that directive and with Article 1(2) of Directive 98/34/EC of the European Parliament and of the Council of 22 June 1998 laying down a procedure for the provision of information in the field of technical standards and regulations and of rules on information society services, as amended by Directive 98/48/EC of the European Parliament and of the Council of 20 July 1998, must be interpreted as meaning that a service such as that at issue in the main proceedings, provided by a communication network operator and consisting in making that network available to the general public free of charge constitutes an ‘information society service’ within the meaning of Article 12(1) of Directive 2000/31 where the activity is performed by the service provider in question for the purposes of advertising the goods sold or services supplied by that service provider.
2. Article 12(1) of Directive 2000/31 must be interpreted as meaning that, in order for the service referred to in that article, consisting in providing access to a communication network, to be considered to have been provided, that access must not go beyond the boundaries of a technical, automatic and passive process for the transmission of the required information, there being no further conditions to be satisfied.
3. Article 12(1) of Directive 2000/31 must be interpreted as meaning that the condition laid down in Article 14(1)(b) of that directive does not apply mutatis mutandis to Article 12(1) of Directive 2000/31.
4. Article 12(1) of Directive 2000/31, read in conjunction with Article 2(b) of that directive, must be interpreted as meaning that there are no conditions, other than the one mentioned in that provision, to which a service provider supplying access to a communication network is subject.
5. Article 12(1) of Directive 2000/31 must be interpreted as meaning that a person harmed by the infringement of its rights over a work is precluded from claiming compensation from an access provider on the ground that the connection to that network was used by a third party to infringe its rights and the reimbursement of the costs of giving formal notice or court costs incurred in relation to its claim for compensation. However, that article must be interpreted as meaning that it does not preclude such a person from claiming injunctive relief against the continuation of that infringement and the payment of the costs of giving formal notice and court costs from a communication network access provider whose services were used in that infringement where such claims are made for the purposes of obtaining, or follow the grant of injunctive relief by a national authority or court to prevent that service provider from allowing the infringement to continue.
6. Having regard to the requirements deriving from the protection of fundamental rights and to the rules laid down in Directives 2001/29 and 2004/48, Article 12(1) of Directive 2000/31, read in conjunction with Article 12(3) of that directive, must be interpreted as, in principle, not precluding the grant of an injunction such as that at issue in the main proceedings, which requires, on pain of payment of a fine, a provider of access to a communication network allowing the public to connect to the internet to prevent third parties from making a particular copyright-protected work or parts thereof available to the general public from an online (peer-to-peer) exchange platform via an internet connection, where that provider may choose which technical measures to take in order to comply with the injunction even if such a choice is limited to a single measure consisting in password-protecting the internet connection, provided that those users are required to reveal their identity in order to obtain the required password and may not therefore act anonymously, a matter which it is for the referring court to ascertain.
[Signatures]
* Language of the case: German.