T&Cs & Privacy Policy Consent – Why avoid it? | IT-Medienrecht

Discover why active consent for T&Cs and Privacy Policies is often problematic for SaaS & online shops. Avoid legal risks & streamline your user…

Why Consent to General Terms and Conditions is Not Necessary

In my consulting practice, I frequently encounter a common question. Providers of SaaS solutions or online stores often wonder whether they should ask users to actively agree to their general terms and conditions or privacy policies. This usually stems from uncertainty or a desire for legal protection.

However, the opposite can be true. In many cases, such a request is unnecessary and may even lead to legal problems. This article explains why active consent to general terms and conditions is often superfluous. It also clarifies why requesting consent for data protection declarations can be problematic, and how you, as a provider, can proceed in a legally correct manner.

General Terms and Conditions: Why Consent is Not Required

The General Terms and Conditions (GTC) define the contractual rights and obligations between you, the provider, and your users. Under German law, specifically Section 305 (2) of the German Civil Code (BGB), GTCs only need to be "effectively included" to become part of the contract. Active user consent is not a prerequisite for this. The crucial factor is that the GTCs are reasonably perceptible to the user, meaning they are easily accessible before the contract is concluded.

What Does “Reasonable Perceptibility” Mean?

Why a Consent Requirement for GTCs Can Be Problematic

Practical Tip for General Terms and Conditions:

Ensure your GTCs are clearly visible and easily accessible. Place a prominent link in your website's footer or integrate it into the ordering and registration processes. Avoid using checkboxes for consent. Instead, use clear statements like “By using our services, you accept our terms and conditions.”

Privacy Policy: Why Consent Can Be Problematic

The General Data Protection Regulation (GDPR) mandates that users be informed about the processing of their personal data. This information obligation is fulfilled through your privacy policy. Contrary to popular belief, however, active consent to the privacy policy itself is generally not required. In many scenarios, requesting it would even be legally incorrect.

Why Consent to a Privacy Policy is Not Required

Problems with Requesting Consent for Privacy Policies

Practical Tip for Privacy Policies:

Make sure your privacy policy is easily accessible. A link in your website's footer or within the registration process is ideal. Do not require active consent to the privacy policy. Instead, inform your users clearly and transparently about data processing, in accordance with Art. 12 GDPR.

How Providers Can Proceed in a Legally Correct Manner

Rather than actively seeking user consent, you should focus on implementing the following best practices:

  1. Ensure Reasonable Perceptibility:

    Place links to your terms and conditions and your privacy policy in clearly visible locations. This includes during the order process or when a user registers.

  2. Use Notices Instead of Checkboxes:

    Phrases such as “By using our services, you agree to our terms and conditions” are sufficient to ensure their inclusion in the contract.

  3. Obtain Consent Only When Absolutely Necessary:

    Only request active consent if it is genuinely required by law. Examples include specific marketing purposes or the use of non-essential cookies.

  4. Maintain Clear Separation of Information and Consent:

    Ensure that your privacy policy is exclusively informative. It should not be combined or confused with consent mechanisms.

  5. Legally Compliant Design of Your Documents:

    Regularly review your general terms and conditions and privacy policies. This ensures they comply with current legal requirements and remain up-to-date.

Conclusion: Fewer Hurdles Create More Trust

While asking for active consent to terms and conditions or a privacy policy might seem sensible initially, it actually introduces unnecessary risks and user hurdles. Instead, prioritize clear information, transparency, and streamlined processes. By doing so, you not only meet all legal requirements but also build greater trust with your customers. If you need support with drafting your terms and conditions or privacy policy, or have any related questions, I am happy to advise you.