• Mehr als 3 Millionen Wörter Inhalt
  • |
  • info@itmedialaw.com
  • |
  • Tel: 03322 5078053
Rechtsanwalt Marian Härtel - ITMediaLaw

No products in the cart.

  • en English
  • de Deutsch
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Kurzberatung
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Rechtsanwalt Marian Härtel - ITMediaLaw

Can Cloudflare be used permissibly?

7. November 2022
in Data protection Law
Reading Time: 3 mins read
0 0
A A
0
security 2168233 1280
Key Facts
  • The Schrems II decision against US SaaS providers is crucial for data protection in Germany.
  • Cloudflare could violate the GDPR if users' personal data is affected.
  • Cologne Higher Regional Court found that Cloudflare is liable for copyright infringements when using temporary DDoS.
  • Data encryption is a key point that Cloudflare mentions in its privacy policy.
  • Zendesk offers extensive encryption standards such as HTTPS/TLS for secure working.
  • It is currently not possible to select the storage location of the data with Cloudflare.
  • The use of Cloudflare should be carefully checked by data protection officers.

The issue of whether US SaaS providers can be used permissibly or whether products such as Jira, Zendesk, various CRM systems and others do not violate data protection law has actually been clear since the ECJ’s Schrems II decision(see here).

As things stand, you can find out how to offer SaaS system as a US provider in Germany in a longer article here.

By the way, this issue affects many popular WordPress plugins and services like Cloudflare. In the case of Cloudflare, it is especially true that the OLG Cologne has just ruled that the provider would be liable for copyright infringement(see this post). Because Cloudflare, at least if you use more than just the services to possibly prevent DDoS attacks, stores the content itself on their servers to provide caching and CDN services. What is not very problematic for a normal website that ONLY provides content, such as a blog or similar (apart from the copyright infringements relevant in the OLG Cologne case), is no longer so unproblematic for dynamic content and personal user data. This would affect, for example, forums, communities, and sites that you can log into. Although a CDN does not log user data as such, it does log the personal data that is entered when using the portal. At least, if the provider does not configure CDN usage properly and excludes dynamic user content.

In all places where Cloudflare’s caching or CND services are used, the storage on whichever Cloudflare servers is used is not only for the transmission of the requested information. However, due to the missing Privacy Shield requirements, this probably leads to the fact that a GDPR-compliant use of Cloudflare is not possible, at least if, as explained above, personal data of the users are affected. This is because a contract processing agreement is out of the question. And as pointed out in my article on offering SaaS services, the strict view is that corporate binding rules or standard contractual clauses are probably not possible either.

It might be possible to fully encrypt all data, as Amazon is apparently currently doing with AWS in the European data centers, but I couldn’t find anything about this at Cloudflare at the moment. The link to the privacy policy there does not work. A closer look reveals an English-language privacy statement that explains that the Privacy Shield is no longer used, but is very vague about the alternatives.

Thus, the only point to the encryption

10. DATA SECURITY, DATA INTEGRITY AND ACCESS

We take all reasonable steps to protect information we receive from you from loss, misuse or unauthorized access, disclosure, alteration and/or destruction. We have put in place appropriate physical, technical and administrative measures to safeguard and secure your information, and we make use of privacy-enhancing technologies such as encryption. If you have any questions about the security of your personal information, you can contact us at privacyquestions@cloudflare.com.

It may be doubted whether this is sufficient for an official data protection officer to scrutinize particularly strictly. Providers such as Zendesk are already much further ahead in this respect from their own testing for clients and regulate, for example:

Data-in-Transit encryption

All communications with Zendesk’s user interfaces and APIs are encrypted using industry-standard HTTPS/TLS (TLS 1.2 or higher) over public networks. This ensures that all traffic between you and Zendesk is secure. For email, we use opportunistic TLS by default. Transport Layer Security (TLS) is a protocol for secure encryption and delivery of email that prevents eavesdropping between mail servers as long as peer services support this protocol. Exceptions to encryption include, but are not limited to, use of product-integrated SMS features and third-party applications, integrations, or services that Subscribers use at their discretion.

 

Data-at-Rest Encryption

Service data is encrypted on AWS using data-at-rest encryption (AES-256).

 

There is also the problem that, as far as I know at the moment, Cloudflare, unlike AWS etc., does not allow you to choose where the data is stored. While a website operator would have to provide this information, he will probably not receive an answer from Cloudflare.

Conclusion: The use of Cloudflare should be well thought through by your own data protection officer.

Marian Härtel
Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.

Tags: AmazonBlogCopyright infringementCorporateData protection LawE‑mailInformationMailPortalPrivacySaasServerserviceSicherheitStandard contractual clausesUrheberrecht

Weitere spannende Blogposts

Esport teams and streamers: half-hearted = legally dangerous

Esport teams and streamers: half-hearted = legally dangerous
23. July 2019

An overview for esport teams and streamers My blog is now full of legal questions and warnings that affect esports...

Read moreDetails

Archive.org: Entry does not have to be removed after cease-and-desist declaration

abmahnung
2. March 2023

In Germany, there is the option of issuing a cease-and-desist declaration to avoid legal proceedings. A cease and desist letter...

Read moreDetails

The ‘Blue Pencil Test’ in German Law – Application and Significance from the Perspective of an IT Lawyer

The ‘Blue Pencil Test’ in German Law – Application and Significance from the Perspective of an IT Lawyer
13. May 2023

What is the "Blue Pencil Test"? In my daily work as an IT lawyer, it is not uncommon for me...

Read moreDetails

BGH submits definition of “immaterial damage” under GDPR to ECJ

BGH submits definition of “immaterial damage” under GDPR to ECJ
10. November 2023

The VI. Civil Senate of the Federal Court of Justice referred questions to the Court of Justice of the European...

Read moreDetails

Soundboard for famous YouTuber? Mostly illegal!

Soundboard for famous YouTuber? Mostly illegal!
7. November 2022

Great YouTubers often have a large following. Accordingly, third markets often form around them. These include apps called "Soundboard." However,...

Read moreDetails

Attention: Risk of discrimination with gender information on websites

151b5dca2f9aac11ac0b0c97ff33a2a6
24. September 2024

As a provider of online services, SaaS solutions or other websites, it is important to observe the legal requirements with...

Read moreDetails

April Fool’s joke, isn’t it?

copyright
7. November 2022

Update: My messages are overtaking themselves at an alarming rate. Is Twitch really planning to block EU users? Yesterday, when...

Read moreDetails

Twitch, YouTube, Twitter and Instagram start enforcing copyrights

Twitch, YouTube, Twitter and Instagram start enforcing copyrights
7. November 2022

Update: Please note this info. The copyright reform was passed last week. Due to these regulations, major streaming services and...

Read moreDetails

B2B contracts: Link reference to GTC is sufficient

Lego brick still protected as a design patent
27. March 2023

Since I create many software contracts, the question arises again and again whether and how GTC can be included in...

Read moreDetails
Federal Council

Federal Council

30. June 2023

The Bundesrat is one of the five permanent constitutional bodies of the Federal Republic of Germany and plays a crucial...

Read moreDetails
Sale of investment

Investment contract (startup investment contract)

11. April 2025
Design / Design

Design / Design

26. June 2023
co produktionsvertrag

GbR – civil law partnership

24. June 2023
law 1898974 1280

Media Law / Social Media Law

25. June 2023

Podcast Folgen

KI im Rechtssystem: Auf dem Weg in eine digitale Zukunft der Justiz

KI im Rechtssystem: Auf dem Weg in eine digitale Zukunft der Justiz

13. October 2024

In dieser faszinierenden Podcastfolge tauchen wir tief in die Welt der künstlichen Intelligenz (KI) und ihre Auswirkungen auf unser Rechtssystem...

Rechtliche Herausforderungen und Chancen durch KI-Influencer und virtuelle Mitarbeitende

Rechtliche Herausforderungen und Chancen durch KI-Influencer und virtuelle Mitarbeitende

19. April 2025

In dieser Episode wird die rechtliche Einordnung von virtuellen Mitarbeitenden und KI-Influencern im Marketing untersucht. Der Fokus liegt auf den...

Influencer und Gaming: Rechtliche Herausforderungen in der digitalen Unterhaltungswelt

Influencer und Gaming: Rechtliche Herausforderungen in der digitalen Unterhaltungswelt

25. September 2024

In dieser fesselnden Folge nimmt Rechtsanwalt Marian Härtel die Zuhörer mit auf eine spannende Reise durch die dynamische Welt der...

Globale Herausforderungen für Startups – Ein rechtlicher Leitfaden

Globale Herausforderungen für Startups – Ein rechtlicher Leitfaden

2. October 2024

Dieser informative Podcast bietet einen umfassenden Einblick in die rechtlichen Herausforderungen, denen sich Startups bei ihrer internationalen Expansion gegenübersehen. Der...

  • Privacy policy
  • Imprint
  • Contact
  • About lawyer Marian Härtel
Marian Härtel, Rathenaustr. 58a, 14612 Falkensee, info@itmedialaw.com

Marian Härtel - Rechtsanwalt für IT-Recht, Medienrecht und Startups, mit einem Fokus auf innovative Geschäftsmodelle, Games, KI und Finanzierungsberatung.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
  • en English
  • de Deutsch
Kostenlose Kurzberatung