• Mehr als 3 Millionen Wörter Inhalt
  • |
  • info@itmedialaw.com
  • |
  • Tel: 03322 5078053
ITMediaLaw - Rechtsanwalt Marian Härtel
Warenkorb
Plugin Install : Cart Icon need WooCommerce plugin to be installed.
  • en English
  • de Deutsch
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Kurzberatung
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
ITMediaLaw - Rechtsanwalt Marian Härtel
Home Data protection Law

Consent to privacy in e-commerce and SaaS: A breach of the GDPR?

1. June 2023
in Data protection Law, Law on the Internet
Reading Time: 5 mins read
0 0
A A
0
dsgvo 3589608 1280
Key Facts
  • Consent to the privacy policy could violate the GDPR and the principle of good faith.
  • The EDPB 's decision emphasizes the inadmissibility of obtaining consent in data protection declarations.
  • Obtaining consent without authorization can lead to significant legal consequences, including administrative sanctions.
  • Companies must regularly review and adapt their data protection declarations and terms of use.
  • Compliance with the GDPR protects customer trust and strengthens the company's reputation.
  • A breach of the GDPR can cause customer churn and reputational damage.
  • The GDPR requires continuous efforts and proactive measures for compliance.

Introduction

Content Hide
1. Introduction
2. The AGB-legal dimension
3. The decision of the European Data Protection Board and its legal details
4. The EDSA decision and its impact on online providers
5. The impact on e-commerce and SaaS providers
6. The role of the GDPR in the digital world

In my work in the world of e-commerce and SaaS providers, it is a common practice to ask users to consent to the privacy policy. However, this seemingly harmless action could have profound legal consequences. Have you ever considered that this practice could be a violation of the General Data Protection Regulation (GDPR) and breach the principle of good faith?

In this blog post, I shed light on this complex and often overlooked topic. I refer to a recent, but possibly quickly overlooked, decision by the European Data Protection and Privacy Authority (EDSA) and discuss how it might affect the landscape of digital commerce.

The question I am asking is not just theoretical. It could have significant practical implications for the way e-commerce and SaaS providers design and present their privacy statements. It could even lead to the need to adapt store systems and marketing funnels to meet legal requirements.

This blog post is a must-read for anyone working in the digital economy who understands the importance of privacy compliance. Get ready to challenge your previous assumptions and take a fresh look at your company’s privacy policy.

The AGB-legal dimension

Obtaining consent to the privacy policy may result in the privacy policy being subject to strict control under GTC law. This may result in certain information in the privacy policy being judged as invalid clauses. In addition, there is a risk that such clauses could be subject to warnings as violations of competition law.

Pursuant to the judgment of the Court of Appeal of December 27, 2018 (23 U 196/13), certain clauses in the data protection declaration that unreasonably disadvantage customers and cannot be reconciled with essential basic ideas of the statutory regulation from which a deviation is made (Art. 6 (1) DSGVO) may be judged invalid (Section 307 (1) Sentence 1, (2) No. 1 BGB).

In particular, it was held that the mere unilateral promulgation of certain data processing practices by a clause user does not constitute consent of the data subject. Informing customers about data processing practices that the defendant allows itself and that its customers have to accept without being asked does not replace their consent. The argument that the Data Protection Directive at issue is not made the subject of consent, but merely referred to for information purposes, and that at no point in the provisions complained of by the plaintiff is there any mention of the consumer consenting to data processing, ultimately turns on them. This is precisely because the inadmissible deviation of the clauses from the statutory regulation lies in the fact that they give the consumer the incorrect impression that the defendant is entitled to process personal data without the consumer’s consent being relevant.

In addition, it was held that the use of clauses which give the customer the impression that he must accept them as a binding provision in the event of a dispute constitutes general terms and conditions within the meaning of Section 305 (1) of the German Civil Code. 1 sentence 1 BGB can apply. According to their objective wording, these clauses can only be understood as binding regulations of the existing contractual relationship or the contractual relationship to be initiated.

In light of the Kammergericht’s decision and the requirements of the European General Data Protection Regulation (GDPR), the question arises as to whether companies should require consents at all when using legal texts such as general terms and conditions (GTC) and privacy statements on online services. The stringent requirements for the effectiveness of such consents and the potential legal consequences of failing to comply with these requirements make it a complex and risky undertaking.

The decision of the European Data Protection Board and its legal details

The EDSA decision underlines the inadmissibility of obtaining consent in privacy notices and the possible violation of the GDPR, especially if the notice is merely an information notice under Art. 13 GDPR. This decision emphasizes the principle of good faith, which is intended to ensure a fair balance between the business interests of data controllers and the rights and requirements of data subjects. The decision highlights that the basic principles of processing listed in Article 5 of the GDPR may be violated, which may result in significant administrative penalties. In addition, the deadline for compliance with the decision was reduced from six months to three months.

The EDSA decision goes into the full legal details and emphasizes that the possibility to specifically consent to a certain processing falls under Article 6(1)(f) GDPR. It notes that WhatsApp users were forced to agree to the terms of service and privacy policy, which confused users’ expectations. WhatsApp’s processing cannot therefore be considered ethical and truthful, as it is confusing in terms of the type of data processed, the legal basis used and the purposes of the processing.

The EDSA decision and its impact on online providers

The decision of the European Data Protection Supervision Authority (EDSA) has far-reaching implications for the practices of online providers. In particular, WhatsApp’s practice of forcing users to agree to its terms of use and privacy policies has been criticized. The EDSA decision clarifies that this practice cannot be considered ethical and truthful, as it is confusing in terms of the type of data processed, the legal basis used and the purposes of the processing.

The decision also has implications for other online providers. It raises serious questions about the practices and user funnels of online providers and calls for a thorough review and adjustment of their privacy statements and terms of use. It is therefore important to emphasize that the implications of this decision may be far-reaching and that each case should be evaluated individually.

The impact on e-commerce and SaaS providers

Many e-commerce and SaaS providers have not yet fully recognized the potential legal issues associated with obtaining consent for their privacy policies. This practice may not only be problematic under GTC law, but may also constitute a violation of the GDPR itself. Therefore, it is important that providers reconsider this practice and adjust it if necessary. The legal explanations in the EDSA decision underline the need for clear and understandable consent to data processing. The mere unilateral announcement of certain data processing practices by a provider does not constitute consent of the data subject. Information about data processing practices that the provider allows itself and that its customers have to accept without being asked does not replace their consent. This may result in significant legal consequences, including administrative penalties.

It is therefore crucial that providers review their privacy statements and terms of use and ensure that they comply with the requirements of the GDPR. This includes providing clear and understandable information about data processing practices and obtaining explicit consent from users for data processing, when such consent is necessary in the given situation. In addition, providers should keep in mind that simply providing information about data processing practices is not sufficient to obtain user consent. You must ensure that users have the option to refuse consent and that this decision is respected.

Conversely, however, it is also true that consent should probably NOT be obtained for pure “information” on data processing or the manner of data processing without the GDPR stipulating consent.

The role of the GDPR in the digital world

In today’s digital world, the General Data Protection Regulation (GDPR) plays a crucial role. It serves to protect the privacy of citizens and to oblige companies to handle personal data responsibly. The GDPR has raised awareness of data protection issues and increased standards for handling personal data. The EDSA’s decision underscores the importance of the GDPR and shows that violations of this regulation can have serious consequences. It also shows that compliance with the GDPR is not only a legal obligation, but also an important aspect of building trust and credibility with customers.

A breach of the GDPR can not only lead to legal consequences, but also undermine customer trust in your company and damage your reputation. Therefore, it is in your best interest to ensure that you comply with the Privacy Policy.

It is important to emphasize that compliance with the GDPR is not just a matter of complying with the law. It is also about acting ethically and responsibly. Companies that respect and protect the privacy of their customers are likely to have a competitive advantage by gaining the trust and loyalty of their customers.

In conclusion, it is important to emphasize that compliance with the GDPR requires a continuous effort. Data protection is not a one-time event, but an ongoing process that requires regular reviews and adjustments. Organizations need to be proactive and ensure they are up to date with the latest data protection regulations and practices.

Tags: AGBConsumerCourt of AppealCustomizationGeneral Data Protection RegulationGeneral Terms and ConditionsLawsmarketingPrivacyRegulationSaasWhatsapp

Weitere spannende Blogposts

Facebook may block accounts without clear names

Facebook/Instagram: Court deliveries also permitted in German!
7. November 2022

The Munich Higher Regional Court ruled that Facebook was entitled to prohibit the use of pseudonyms and justified this primarily...

Read moreDetails

Simulated gambling does not lead to the indexing of a game

Simulated gambling does not lead to the indexing of a game
7. November 2022

The games "Coin Master," "Coin Trip" and "Coin Kingdom" are not harmful to minors within the meaning of the German...

Read moreDetails

Legal analysis and finding solutions to the DOSB expert opinion on esport

DOSB and Esport: A commentary
28. August 2019

What is it all about? Currently, the report commissioned by the DOSB to assess whether esport can be regarded as...

Read moreDetails

Rental of virtual land is subject to sales tax

Rental of virtual land is subject to sales tax
7. November 2022

The Cologne Fiscal Court has ruled that the purchase and sale of virtual land in a computer game is subject...

Read moreDetails

Home office: going to the toilet not an occupational accident

Twitter account needs approval of works council
7. November 2022

Especially in IT law or marketing agencies and similar companies, home office is quite popular. But until something like a...

Read moreDetails

Blockchain and AI in law – new territory or proven terrain?

blockchain und ki im recht neuland oder bewaehrtes terrain
9. November 2023

Introduction: Discourses at the interface of technology and law Last week, there was an exciting discussion with a doctoral student...

Read moreDetails

Federal Constitutional Court: Right to Be Forgotten I

Federal Constitutional Court: Right to Be Forgotten I
27. November 2019

Confernation The "Right to be Forgotten I" decision published today, which is complemented by the "Right to be Forgotten II"...

Read moreDetails

LG Berlin on separation of advertising and content in newsletters

7. November 2022

It is always surprising to come across judgments that are provoked by the parties based on actual clearly formulated laws...

Read moreDetails

Mobile games as a service commission – recover sales tax?

judge plays videogames in his spare time
7. November 2022

The sale of mobile games or even in-app sales of computer games via app stores constitutes a service commission under...

Read moreDetails
BGH considers Uber Black to be anti-competitive

Federal Court of Justice (BGH)

25. June 2023

Introduction The Federal Court of Justice (BGH) is the highest court of the Federal Republic of Germany in the area...

Read moreDetails
Doxing

Doxing

16. October 2024
Network Enforcement Act

Network Enforcement Act

16. October 2024
dda1d943fd60cc8e472e37badf14fefe

Working Hours Act (ArbZG)

9. November 2024
Action for performance

Action for performance

28. June 2023

Podcast Folgen

8ffe8f2a4228de20d20238899b3d922e

Web3, blockchain and law – a critical review

26. September 2024

  In this insightful episode of the ITmedialaw podcast, we take an in-depth look at the intersection of Web3, blockchain...

da884f9e2769f2f96d6b74255be62c27

The role of the IT lawyer

5. September 2024

In this exciting podcast episode, we delve into the fascinating world of IT start-ups and find out why an experienced...

4f3597d5481e0f38e37bf80eaad208c7

The IT Media Law Podcast. Episode No. 1: What is this actually about?

26. August 2024

Yeah, the first real episode with myself! In this podcast, we dive into the exciting world of IT law and...

c9c5d7fd380061a8018074c2ca5a81bf

Startups and innovation in Germany – challenges and opportunities

26. September 2024

This insightful podcast episode takes an in-depth look at the startup and innovation landscape in Germany and Europe. The discussion...

  • Privacy policy
  • Imprint
  • Contact
  • About lawyer Marian Härtel
Marian Härtel, Rathenaustr. 58a, 14612 Falkensee, info@itmedialaw.com

Marian Härtel - Rechtsanwalt für IT-Recht, Medienrecht und Startups, mit einem Fokus auf innovative Geschäftsmodelle, Games, KI und Finanzierungsberatung.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
  • en English
  • de Deutsch
Kostenlose Kurzberatung