• Mehr als 3 Millionen Wörter Inhalt
  • |
  • info@itmedialaw.com
  • |
  • Tel: 03322 5078053
Rechtsanwalt Marian Härtel - ITMediaLaw

No products in the cart.

  • en English
  • de Deutsch
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Kurzberatung
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Rechtsanwalt Marian Härtel - ITMediaLaw

Consent to privacy in e-commerce and SaaS: A breach of the GDPR?

1. June 2023
in Data protection Law, Law on the Internet
Reading Time: 5 mins read
0 0
A A
0
dsgvo 3589608 1280
Key Facts
  • Consent to the privacy policy could violate the GDPR and the principle of good faith.
  • The EDPB 's decision emphasizes the inadmissibility of obtaining consent in data protection declarations.
  • Obtaining consent without authorization can lead to significant legal consequences, including administrative sanctions.
  • Companies must regularly review and adapt their data protection declarations and terms of use.
  • Compliance with the GDPR protects customer trust and strengthens the company's reputation.
  • A breach of the GDPR can cause customer churn and reputational damage.
  • The GDPR requires continuous efforts and proactive measures for compliance.

Introduction

Content Hide
1. Introduction
2. The AGB-legal dimension
3. The decision of the European Data Protection Board and its legal details
4. The EDSA decision and its impact on online providers
5. The impact on e-commerce and SaaS providers
6. The role of the GDPR in the digital world
6.1. Author: Marian Härtel

In my work in the world of e-commerce and SaaS providers, it is a common practice to ask users to consent to the privacy policy. However, this seemingly harmless action could have profound legal consequences. Have you ever considered that this practice could be a violation of the General Data Protection Regulation (GDPR) and breach the principle of good faith?

In this blog post, I shed light on this complex and often overlooked topic. I refer to a recent, but possibly quickly overlooked, decision by the European Data Protection and Privacy Authority (EDSA) and discuss how it might affect the landscape of digital commerce.

The question I am asking is not just theoretical. It could have significant practical implications for the way e-commerce and SaaS providers design and present their privacy statements. It could even lead to the need to adapt store systems and marketing funnels to meet legal requirements.

This blog post is a must-read for anyone working in the digital economy who understands the importance of privacy compliance. Get ready to challenge your previous assumptions and take a fresh look at your company’s privacy policy.

The AGB-legal dimension

Obtaining consent to the privacy policy may result in the privacy policy being subject to strict control under GTC law. This may result in certain information in the privacy policy being judged as invalid clauses. In addition, there is a risk that such clauses could be subject to warnings as violations of competition law.

Pursuant to the judgment of the Court of Appeal of December 27, 2018 (23 U 196/13), certain clauses in the data protection declaration that unreasonably disadvantage customers and cannot be reconciled with essential basic ideas of the statutory regulation from which a deviation is made (Art. 6 (1) DSGVO) may be judged invalid (Section 307 (1) Sentence 1, (2) No. 1 BGB).

In particular, it was held that the mere unilateral promulgation of certain data processing practices by a clause user does not constitute consent of the data subject. Informing customers about data processing practices that the defendant allows itself and that its customers have to accept without being asked does not replace their consent. The argument that the Data Protection Directive at issue is not made the subject of consent, but merely referred to for information purposes, and that at no point in the provisions complained of by the plaintiff is there any mention of the consumer consenting to data processing, ultimately turns on them. This is precisely because the inadmissible deviation of the clauses from the statutory regulation lies in the fact that they give the consumer the incorrect impression that the defendant is entitled to process personal data without the consumer’s consent being relevant.

In addition, it was held that the use of clauses which give the customer the impression that he must accept them as a binding provision in the event of a dispute constitutes general terms and conditions within the meaning of Section 305 (1) of the German Civil Code. 1 sentence 1 BGB can apply. According to their objective wording, these clauses can only be understood as binding regulations of the existing contractual relationship or the contractual relationship to be initiated.

In light of the Kammergericht’s decision and the requirements of the European General Data Protection Regulation (GDPR), the question arises as to whether companies should require consents at all when using legal texts such as general terms and conditions (GTC) and privacy statements on online services. The stringent requirements for the effectiveness of such consents and the potential legal consequences of failing to comply with these requirements make it a complex and risky undertaking.

The decision of the European Data Protection Board and its legal details

The EDSA decision underlines the inadmissibility of obtaining consent in privacy notices and the possible violation of the GDPR, especially if the notice is merely an information notice under Art. 13 GDPR. This decision emphasizes the principle of good faith, which is intended to ensure a fair balance between the business interests of data controllers and the rights and requirements of data subjects. The decision highlights that the basic principles of processing listed in Article 5 of the GDPR may be violated, which may result in significant administrative penalties. In addition, the deadline for compliance with the decision was reduced from six months to three months.

The EDSA decision goes into the full legal details and emphasizes that the possibility to specifically consent to a certain processing falls under Article 6(1)(f) GDPR. It notes that WhatsApp users were forced to agree to the terms of service and privacy policy, which confused users’ expectations. WhatsApp’s processing cannot therefore be considered ethical and truthful, as it is confusing in terms of the type of data processed, the legal basis used and the purposes of the processing.

The EDSA decision and its impact on online providers

The decision of the European Data Protection Supervision Authority (EDSA) has far-reaching implications for the practices of online providers. In particular, WhatsApp’s practice of forcing users to agree to its terms of use and privacy policies has been criticized. The EDSA decision clarifies that this practice cannot be considered ethical and truthful, as it is confusing in terms of the type of data processed, the legal basis used and the purposes of the processing.

The decision also has implications for other online providers. It raises serious questions about the practices and user funnels of online providers and calls for a thorough review and adjustment of their privacy statements and terms of use. It is therefore important to emphasize that the implications of this decision may be far-reaching and that each case should be evaluated individually.

The impact on e-commerce and SaaS providers

Many e-commerce and SaaS providers have not yet fully recognized the potential legal issues associated with obtaining consent for their privacy policies. This practice may not only be problematic under GTC law, but may also constitute a violation of the GDPR itself. Therefore, it is important that providers reconsider this practice and adjust it if necessary. The legal explanations in the EDSA decision underline the need for clear and understandable consent to data processing. The mere unilateral announcement of certain data processing practices by a provider does not constitute consent of the data subject. Information about data processing practices that the provider allows itself and that its customers have to accept without being asked does not replace their consent. This may result in significant legal consequences, including administrative penalties.

It is therefore crucial that providers review their privacy statements and terms of use and ensure that they comply with the requirements of the GDPR. This includes providing clear and understandable information about data processing practices and obtaining explicit consent from users for data processing, when such consent is necessary in the given situation. In addition, providers should keep in mind that simply providing information about data processing practices is not sufficient to obtain user consent. You must ensure that users have the option to refuse consent and that this decision is respected.

Conversely, however, it is also true that consent should probably NOT be obtained for pure “information” on data processing or the manner of data processing without the GDPR stipulating consent.

The role of the GDPR in the digital world

In today’s digital world, the General Data Protection Regulation (GDPR) plays a crucial role. It serves to protect the privacy of citizens and to oblige companies to handle personal data responsibly. The GDPR has raised awareness of data protection issues and increased standards for handling personal data. The EDSA’s decision underscores the importance of the GDPR and shows that violations of this regulation can have serious consequences. It also shows that compliance with the GDPR is not only a legal obligation, but also an important aspect of building trust and credibility with customers.

A breach of the GDPR can not only lead to legal consequences, but also undermine customer trust in your company and damage your reputation. Therefore, it is in your best interest to ensure that you comply with the Privacy Policy.

It is important to emphasize that compliance with the GDPR is not just a matter of complying with the law. It is also about acting ethically and responsibly. Companies that respect and protect the privacy of their customers are likely to have a competitive advantage by gaining the trust and loyalty of their customers.

In conclusion, it is important to emphasize that compliance with the GDPR requires a continuous effort. Data protection is not a one-time event, but an ongoing process that requires regular reviews and adjustments. Organizations need to be proactive and ensure they are up to date with the latest data protection regulations and practices.

Marian Härtel
Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.

Tags: AGBConsumerCourt of AppealCustomizationGeneral Data Protection RegulationGeneral Terms and ConditionsLawsmarketingPrivacyRegulationSaasWhatsapp

Weitere spannende Blogposts

ECJ overturns Privacy Shield: review contracts!

District Court Frankfurt a.M. on the right to be forgotten
7. November 2022

The General Data Protection Regulation(GDPR) stipulates that personal data may in principle only be transferred to a third country if...

Read moreDetails

Agent commissions in esport – Attention!

Transfer sums in esport?
13. February 2019

As a supplement to my article from yesterday , I would also like to add a brief outline of commissions...

Read moreDetails

Fortnite, Dances and German Law?

ECJ: Advocate General assesses sampling as copyright infringement
19. December 2018

Yesterday it was announced that Alfonso Ribeiro, best known to most as the character Carlton Banks from the series "The...

Read moreDetails

Christmas: Claim against parents?

Christmas: Claim against parents?
7. November 2022

After the European Court of Justice ruled that, in principle, there could be a claim against the church for unfulfilled...

Read moreDetails

Online retailer: information about warranty terms

Attention: Vouchers to existing customers can be advertising!
13. March 2019

A popular warning topic for online retailers, be it in their own online store or on trading platforms such as...

Read moreDetails

When will the BGH finally get involved in the matter of FernUSG and coaching contracts?

b41de75f28e43e4a77e9129cf8abd64c
24. September 2024

In a recent ruling (OLG Stuttgart, judgment of 01.08.2024 - 4 U 101/24), the Higher Regional Court of Stuttgart declared...

Read moreDetails

BGH decides on the scope of the claim for removal under competition law)

BGH considers Uber Black to be anti-competitive
17. May 2024

The First Civil Senate of the Federal Court of Justice, which is responsible for competition law among other things, has...

Read moreDetails

GDPR responsibility lies with the company, not the data protection officer

District Court Frankfurt a.M. on the right to be forgotten
16. August 2023

Introduction The GDPR (General Data Protection Regulation) has caused plenty of discussion in companies in recent years. Many were unsure...

Read moreDetails

Incorrect registration of batteries can be warned

Incorrect registration of batteries can be warned
3. April 2019

Of course, products containing batteries are also sold via online shops. These products must be reported to the Joint Take-Back...

Read moreDetails
e057729ffab890823751877fa97817f8

Price Indication Ordinance (PAngV)

9. November 2024

Basics and objectives Since its amendment in May 2022, the Price Indication Ordinance has formed the central legal framework for...

Read moreDetails
dora

DORA

28. June 2023
Provider liability

Provider liability

16. October 2024
European Cooperative Society (SCE)

European Cooperative Society (SCE)

16. October 2024

VC – Venture Capital

24. June 2023

Podcast Folgen

Looking to the future: How technology is changing the law

Looking to the future: How technology is changing the law

18. February 2025

In the final episode of the first season of the ITmedialaw.com podcast, we take a look at the future of...

43a60cb39d7ea477ac8f3845c1b7739c

Legal advice for start-ups – investments that pay off

8. December 2024

This episode of the ITmedialaw.com podcast is all about the importance of legal advice for startups. Host Marian Härtel talks...

d5ab3414c7c4a7a5040c3c3c60451c44

The metaverse – legal challenges in virtual worlds

26. September 2024

In this fascinating episode, we dive deep into the legal aspects of the metaverse. As a lawyer and tech enthusiast,...

238a909c26a0302cbd4792cbd18e4922

Global challenges for start-ups – A legal guide

10. October 2024

This informative podcast offers a comprehensive insight into the legal challenges faced by start-ups when expanding internationally. The experienced lawyer...

  • Privacy policy
  • Imprint
  • Contact
  • About lawyer Marian Härtel
Marian Härtel, Rathenaustr. 58a, 14612 Falkensee, info@itmedialaw.com

Marian Härtel - Rechtsanwalt für IT-Recht, Medienrecht und Startups, mit einem Fokus auf innovative Geschäftsmodelle, Games, KI und Finanzierungsberatung.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
  • en English
  • de Deutsch
Kostenlose Kurzberatung