Data protection ruling: Important information for craftsmen and service providers on contact forms

Core of the judgment

In a remarkable ruling, with the file number 17 O 125/23, the Regional Court of Cologne made important clarifications regarding unfair advertising and the use of contact forms. The case centered on a consulting firm for Amazon merchants, the defendant, which was convicted of unauthorized email contact and making misleading claims about allegedly booking initial calls.

Specifically, the allegation is that the defendant had sent confirmation and reminder e-mails for a consultation to the plaintiff, although he expressly affirmed that he had not booked such an appointment. The crux of the dispute concerned the point that the defendant could not prove the plaintiff’s express consent to be contacted by e-mail. This was decisive, as such consent is mandatory under the Unfair Competition Act (UWG). Due to this lack of consent, the court considered the defendant’s actions to be a violation of the UWG. The ruling sends an important signal, particularly with regard to the correct handling of user data and the need for consent when contacting users electronically.

What the ruling means for craftsmen and service providers

This ruling is the second in a short time that has a particularly relevant meaning for craftsmen, service providers and freelancers. Many smaller craft businesses and self-employed professionals run their own websites with simple contact forms. The ruling underscores the need for consent to contact to be explicitly given and documented in order to comply with the provisions of the Unfair Competition Act (UWG).

This could affect almost all contact forms, especially if you plan to send reminder emails for appointments like initial meetings. Although the ruling is in line with previous case law regarding unsolicited commercial emails and the double opt-in process, it makes operating contact forms and tracking customer requests more complex and risky.

It is now even more important that operators of websites that use contact forms ensure that they obtain clear and comprehensible declarations of consent and document them correctly. Breach of these regulations can not only lead to legal consequences, but also undermine customer confidence and negatively affect the company’s image.

It is therefore crucial to be aware of the current legal requirements and to adapt your own business processes accordingly. This may seem cumbersome at first, but it is ultimately in the best interest of both the company and its customers.

Consent to contact and its meaning

It is absolutely essential that tradespeople, service providers and freelancers ensure that their websites comply with data protection legislation. This includes in particular the express consent of users to contact us and process their personal data. This can be realized, for example, by an additional box in the contact form that must be actively clicked by the user. However, it is important to note that this box must not be pre-selected – users must actively and consciously give consent.

In addition, when designing contact forms, attention should be paid to a clear and understandable privacy policy. This should provide users with detailed information about what data is processed, for what purpose and on what legal basis, as well as how long the data is stored and what rights they have with regard to their data. Also important is that users can revoke their consent at any time.

Such measures can ensure lawful handling of personal data. Non-compliance can lead not only to significant legal consequences, but also to a loss of trust on the part of customers. Comprehensive data protection is therefore not only a legal obligation, but also an essential aspect of customer service and an important factor for the success of a company.

Conclusion: Craftsmen and service providers beware

These rulings clearly bring to light the challenges and risks of dealing with contact requests. They show that any contact, whether as a reminder or confirmation, can be considered a potential risk. This applies in particular if there is no clear, verifiable consent from the customer.

The situation is quite complex, as even legal experts interpret the legal requirements differently. Some courts have even challenged double opt-in emails, which are considered a proven method of confirming consent. This shows that one hundred percent security with regard to legally compliant handling of customer data seems almost unattainable.

Nevertheless, a well-worded consent text and careful handling of the data, especially if it has not yet been verified, can help to minimize the risk. Companies are well advised to regularly review their procedures and adjust them as necessary.

Finally, the current ruling underscores the need to take this complex legal area seriously and give it due attention in business practice. This is the only way to minimize the risk of infringements and the associated penalties and loss of trust. It’s clear that a careful and thoughtful approach is needed to manage the balancing act between customer service, potential lead generation, and legal compliance.