• Areas of expertise
  • |
  • About me
  • |
  • Principles as a lawyer
  • Tel: 03322 5078053
  • |
  • info@itmedialaw.com
ITMediaLaw - Rechtsanwalt Marian Härtel
  • en English
  • de Deutsch
  • About lawyer Marian Härtel
    • About lawyer Marian Härtel
      • Ideal partner
      • About lawyer Marian Härtel
      • Video series – about me
      • Why a lawyer and business consultant?
      • Principles as a lawyer
      • Focus on start-ups
      • Nerd und Rechtsanwalt
      • Ideal partner
      • How can I help clients?
    • Über die Kanzlei
      • How clients benefit from my network of colleagues, partners and service providers
      • Quick and flexible access
      • Agile and lean law firm
      • Team: Saskia Härtel – WHO AM I?
      • Price overview
    • How can I help clients?
    • Sonstige Informationen
      • Einwilligungen widerrufen
      • Privatsphäre-Einstellungen ändern
      • Historie der Privatsphäre-Einstellungen
      • Privacy policy
    • Testimonials
    • Imprint
  • Leistungen
    • Focus areas of attorney Marian Härtel
      • Support with the foundation
      • Games law consulting
      • Advice in e-commerce
      • Support and advice of agencies
      • Legal advice in corporate law: from incorporation to structuring
      • Legal compliance and expert opinions
      • Streamers and influencers
      • Cryptocurrencies, Blockchain and Games
      • Outsourcing – for companies or law firms
    • Arbeitsschwerpunkte
      • Games and esports law
        • Esports. What is it?
      • Corporate law
      • IT/IP Law
      • Consulting for influencers and streamers
        • Influencer & Streamer
      • Contract review and preparation
      • DLT and Blockchain consulting
        • Blockchain Overview
      • Investment advice
      • AI and SaaS
  • Artikel/News
    • Langartikel / Guides
    • Law and computer games
    • Law and Esport
    • Law on the Internet
    • Blockchain and web law
    • Online retail
    • Data protection Law
    • Copyright
    • Competition law
    • Copyright
    • EU law
    • Law on the protection of minors
    • Labour law
    • Tax
    • Kanzlei News
    • Other
  • Videos/Podcasts
    • Videos
    • Podcast
      • ITMediaLaw Podcast
      • ITMediaLaw Kurz-Podcast
  • Knowledge base
  • Contact
Kurzberatung
  • About lawyer Marian Härtel
    • About lawyer Marian Härtel
      • Ideal partner
      • About lawyer Marian Härtel
      • Video series – about me
      • Why a lawyer and business consultant?
      • Principles as a lawyer
      • Focus on start-ups
      • Nerd und Rechtsanwalt
      • Ideal partner
      • How can I help clients?
    • Über die Kanzlei
      • How clients benefit from my network of colleagues, partners and service providers
      • Quick and flexible access
      • Agile and lean law firm
      • Team: Saskia Härtel – WHO AM I?
      • Price overview
    • How can I help clients?
    • Sonstige Informationen
      • Einwilligungen widerrufen
      • Privatsphäre-Einstellungen ändern
      • Historie der Privatsphäre-Einstellungen
      • Privacy policy
    • Testimonials
    • Imprint
  • Leistungen
    • Focus areas of attorney Marian Härtel
      • Support with the foundation
      • Games law consulting
      • Advice in e-commerce
      • Support and advice of agencies
      • Legal advice in corporate law: from incorporation to structuring
      • Legal compliance and expert opinions
      • Streamers and influencers
      • Cryptocurrencies, Blockchain and Games
      • Outsourcing – for companies or law firms
    • Arbeitsschwerpunkte
      • Games and esports law
        • Esports. What is it?
      • Corporate law
      • IT/IP Law
      • Consulting for influencers and streamers
        • Influencer & Streamer
      • Contract review and preparation
      • DLT and Blockchain consulting
        • Blockchain Overview
      • Investment advice
      • AI and SaaS
  • Artikel/News
    • Langartikel / Guides
    • Law and computer games
    • Law and Esport
    • Law on the Internet
    • Blockchain and web law
    • Online retail
    • Data protection Law
    • Copyright
    • Competition law
    • Copyright
    • EU law
    • Law on the protection of minors
    • Labour law
    • Tax
    • Kanzlei News
    • Other
  • Videos/Podcasts
    • Videos
    • Podcast
      • ITMediaLaw Podcast
      • ITMediaLaw Kurz-Podcast
  • Knowledge base
  • Contact
ITMediaLaw - Rechtsanwalt Marian Härtel
Home Blockchain and web law

Risks when using and offering no-code platforms as SaaS

10. July 2023
in Blockchain and web law, Law on the Internet
Reading Time: 6 mins read
0 0
A A
0
security ga1c47328d 1280
Key Facts
  • No-code platforms are indispensable for companies to optimize business processes and expand their digital presence.
  • The use of no-code platforms harbors security risks, as users often do not have the technical knowledge.
  • A lack of understanding of API integration can lead to GDPR and information security issues.
  • Poorly formulated general terms and conditions can get providers of no-code platforms into legal trouble.
  • The legal aspects include data protection law, IT security law, contract law and liability law.
  • Artificial intelligence (AI) for code generation raises new questions about liability and responsibility.
  • A better understanding of the risks enables the use of no-code platforms without jeopardizing security.

At first glance, the title of this blog post might seem like a winner in the contest for most anglicisms in a sentence. But behind the apparent “denglish” lies an extremely relevant topic: no-code platforms.

Content Hide
1. Security risks when using no-code platforms
2. Risks for no-code platform providers
3. Short excursion: code generation by AI?
4. Conclusion

In the increasingly digitalized world, no-code platforms have become an indispensable tool for companies looking to optimize their business processes and expand their digital presence. They are the invisible heroes of digital transformation, making it possible to create and manage applications without writing a single line of code. This reduces the need for specialized developers and opens the door to a world where anyone can become a builder of their own digital solutions.

But as with any superhero, there is a flip side. Despite their advantages, no-code platforms also carry risks, both for users and for the providers of these services. It’s like suddenly having superpowers but not knowing exactly how to control them. This blog post highlights the security risks associated with using widgets and features from no-code platforms. It also discusses the potential problems that providers may face as a result of poorly worded general terms and conditions (GTCs). Because as with any great power, great responsibility comes into play. And in the world of no-code platforms, it’s no different.

Security risks when using no-code platforms

One of the main problems with using no-code platforms is the security risk. Although these platforms allow users to create applications without programming knowledge, it also means that they may not have the technical knowledge to understand the security risks associated with using certain widgets and features.

For example, some widgets could have security vulnerabilities that could be exploited by hackers to access sensitive data. In addition, some features, if not properly configured, could result in confidential information being inadvertently made publicly available. Therefore, it is essential for users of no-code platforms to be aware of the potential security risks and take appropriate measures to protect their data.

Another problem that is often overlooked is the connection of third-party APIs. Many no-code platforms allow the integration of third-party APIs to extend the functionality of the applications created. While this may appear to be an advantage at first glance, it also carries risks. When programming your own APIs, you can always look into your own code and understand exactly when, where, and what data is being tapped via a third-party API. However, this is often not possible with no-code platforms.

This lack of transparency can quickly lead to problems with the General Data Protection Regulation (GDPR) and information security. It is often unknown how exactly (and in case of doubt whether correctly) the API is integrated on the platform and whether the data is “encrypted in transit”, for example. Most no-code platforms are also silent about this, which in turn could be a problem for their own privacy policies.

In addition, a bug in the programming of the no-code platform, which became known to hackers, could provide them with access to thousands of users of the platform. Failure to take your own precautions could result in a massive data leak. Therefore, it is essential to take appropriate measures to protect the data and ensure compliance with the GDPR and security standards.

Risks for no-code platform providers

For providers of no-code platforms, poorly worded general terms and conditions (GTC) can lead to significant legal problems. The GTC are an integral part of the contract between the Provider and the User and define the conditions under which the Service may be used. If these conditions are not clearly and precisely formulated, the provider could be held liable for damages resulting from the use of its platform.

Of course, the issues mentioned in the previous section can present extensive challenges for the platform. Questions like: Where is data stored? What happens if hackers can penetrate the platform? Are individual instances compartmentalized for individual customers? Does a bug in a widget or feature affect all customers? These and many other issues must be considered in the GTC.

In addition, providers could have information obligations when errors occur that require the customer to make adjustments. You could also be responsible for IT security at the client and may need to educate clients about IT security.

For example, if a user suffers a breach of the General Data Protection Regulation (GDPR) due to a security vulnerability in a widget or feature provided by the platform, the provider could be held legally responsible for such incidents if its TOS do not explicitly exclude liability.

The creation of T&Cs for no-code platforms can therefore be very complicated and should only be carried out by experienced lawyers with IT expertise. They must be able to understand the technical aspects of the platform and translate the potential risks and responsibilities involved into clear and concise legal terms.

The legal aspects of using no-code platforms are diverse and complex. They cover not only data protection law, but also IT security law, contract law and liability law. Each of these areas of law has its own rules and regulations that must be followed.

In the area of data protection law, the GDPR is the central set of rules governing the processing of personal data in the EU. It sets strict requirements for data processing security and requires no-code platform providers to take appropriate technical and organizational measures to protect their users’ data.

In the area of IT security law, there are a number of laws and standards that impose requirements on the security of IT systems. These include, for example, the Federal Data Protection Act (BDSG), the IT Security Act (IT-SiG) and ISO 27001. These laws and standards may impose different requirements depending on the type of platform and the specific circumstances of the data processing.

In contract law, the GTC must be designed in such a way that they clearly and precisely regulate the rights and obligations of the parties. They must also comply with the requirements of the German Civil Code (BGB) and the Unfair Competition Act (UWG).

In liability law, the GTC must adequately regulate the provider’s liability for damages resulting from the use of its platform. They must also take into account the requirements of the Product Liability Act (ProdHaftG) and the German Civil Code (BGB).

The creation of T&Cs for no-code platforms therefore requires a deep understanding of these different areas of law and the ability to translate this knowledge into clear and concise legal terms. It is therefore essential that providers of no-code platforms hire experienced lawyers with IT expertise to draft and review their T&Cs.

Short excursion: code generation by AI?

An interesting side issue in the discussion of no-code platforms is the increasing ability of artificial intelligence (AI) to generate code. A prominent example of this is ChatGPT, an AI from OpenAI that is capable of generating human-like text while also generating code. Although ChatGPT is not a classic no-code platform, its use raises similar issues of liability and responsibility.

If ChatGPT is used for code generation and this code contains errors or leads to undesired results, who is responsible? Is it the employee who uses ChatGPT for code generation? Is it the employer who enables or even encourages the use of ChatGPT? Or could it even be ChatGPT itself or its developer, OpenAI?

The answer to these questions is not simple and depends on many factors, including the exact circumstances of code generation and the applicable legal framework. In general, however, one could argue that the employee using ChatGPT has some responsibility to review and validate the generated code. After all, it is his decision to use the AI to generate code, and he should be able to understand and check the generated code for errors.

Employers may also bear some responsibility, especially if they encourage or mandate the use of AI tools such as ChatGPT. It could be required to provide appropriate training and support to ensure that its employees can use AI tools safely and effectively.

The issue of ChatGPT or OpenAI liability is more complex and depends on the specific legal framework. In some jurisdictions, it might be possible for an AI developer to be liable for errors or damages caused by its AI. However, in other jurisdictions, this might not be the case, especially if AI is considered a “tool” that is controlled and directed by the user.

These issues show that the increasing prevalence of AI and no-code platforms presents new and complex legal challenges. It is therefore important that both providers and users of these technologies are aware of the potential risks and take appropriate measures to manage these risks.

Conclusion

While no-code platforms offer significant benefits, such as accelerating digital transformation and democratizing application development, it is imperative that both users and vendors are aware of the associated risks.

Users need to be aware of the security risks associated with the use of widgets and features. These include potential security vulnerabilities that could be exploited by hackers, as well as the risks associated with connecting third-party APIs. It is important that users educate themselves and take appropriate measures to protect their data and ensure compliance with the General Data Protection Regulation (GDPR).

For their part, providers of no-code platforms must ensure that their general terms and conditions (GTC) are clearly and precisely worded in order to avoid legal problems. They must also implement the technical and organizational measures necessary to ensure the security of their platforms and compliance with the relevant laws and standards, such as the German Federal Data Protection Act (BDSG), the IT Security Act (IT-SiG) and ISO 27001.

In addition, the increasing ability of artificial intelligence (AI) to generate code shows that the lines between code and no-code are becoming increasingly blurred. This raises new issues of liability and responsibility that must be considered by both users and providers of these technologies.

By better understanding these risks and implementing appropriate safeguards, the benefits of no-code platforms can be realized without compromising security or risking legal issues. It is an exciting time for digital transformation, but as with any technological innovation, it is important that we take the risks as seriously as the opportunities.

Tags: Artificial intelligenceChatGPTHaftungPrivacySicherheit

Beliebte Beträge

Legally compliant contract drafting for software development on no-code platforms

Legally compliant contract drafting for software development on no-code platforms
26. April 2025

No-code and low-code platforms enable start-ups and agencies to develop software and digital products quickly and without in-depth programming knowledge....

Read moreDetails

Alternative financing models in Germany and other countries – admissibility and design

Alternative financing models in Germany and other countries – admissibility and design
30. March 2025

Companies, founders and start-ups are increasingly looking for innovative financing methods beyond traditional bank loans or venture capital. Alternative financing...

Read moreDetails

Automated pricing and dynamic pricing in e-commerce

automatisierte preisgestaltung und dynamic pricing im ee28091commerce 1
2. April 2025

In the digital economy, automated pricing and dynamic pricing strategies are now part of everyday life. Whether for online shopping,...

Read moreDetails

Growth hacking and viral marketing – legal requirements

growth hacking und virales marketing juristische anforderungen 1
1. April 2025

Growth hacking and viral marketing promise start-ups rapid growth and a wide reach with a low budget. In the digital...

Read moreDetails

Liability of website operators for user comments – When and how operators are responsible for their users’ content

Creating contracts with face models and voice models: A guide for the gaming industry
15. March 2025

Introduction The responsibility of website operators for user-generated content has become much more important in recent years, both in case...

Read moreDetails

AI editing of OnlyFans content & Instagram campaigns: Important legal tips!

ai generated g63ed67bf8 1280
23. February 2025

Copyright and original material Copyright regulations protect the intellectual property of those who create photo and video material. The OnlyFans...

Read moreDetails

Digitalization and contract law: Electronic signature in accordance with the eIDAS Regulation

Digitalization and contract law: Electronic signature in accordance with the eIDAS Regulation
3. March 2025

Introduction: Digitalization and modern contract law Advancing digitalization is changing all business processes, especially in the area of contract design....

Read moreDetails

Liability under Art. 82 GDPR for sending forged invoices!

Liability under Art. 82 GDPR for sending forged invoices!
17. February 2025

Recently, I have been able to successfully represent my clients in several similar cases that were affected by security breaches...

Read moreDetails

Right of reply on social media: Differences and comparison to press law

Right of reply on social media: Differences and comparison to press law
11. February 2025

The right of reply is a key instrument in the German legal system that enables those affected to respond to...

Read moreDetails

5.0 60 reviews

  • Avatar Mikael Hällgren ★★★★★ vor einem Monat
    I got fantastic support from Marian Härtel. He managed to get my wrongfully suspended Instagram account restored. He was … Mehr incredibly helpful the whole way until the positive outcome. Highly recommended!
  • Avatar Lennart Korte ★★★★★ vor 2 Monaten
    Ich kann Herrn Härtel als Anwalt absolut weiterempfehlen! Sein Service ist erstklassig – schnelle Antwortzeiten, effiziente … Mehr Arbeit und dabei sehr kostengünstig, was für Startups besonders wichtig ist. Er hat für mein Startup einen Vertrag erstellt, und ich bin von seiner professionellen und zuverlässigen Arbeit überzeugt. Klare Empfehlung!
  • Avatar R.H. ★★★★★ vor 3 Monaten
    Ich kann Hr. Härtel nur empfehlen! Er hat mich bei einem Betrugsversuch einer Krypto Börse rechtlich vertreten. Ich bin sehr … Mehr zufrieden mit seiner engagierten Arbeit gewesen. Ich wurde von Anfang an kompetent, fair und absolut transparent beraten. Trotz eines zähen Verfahrens und einer großen Börse als Gegner, habe ich mich immer sicher und zuversichtlich gefühlt. Auch die Schnelligkeit und die sehr gute Erreichbarkeit möchte ich an der Stelle hoch loben und nochmal meinen herzlichsten Dank aussprechen! Daumen hoch mit 10 Sternen!
  • Avatar P! Galerie ★★★★★ vor 4 Monaten
    Herr Härtel hat uns äusserst kompetent in einen lästigen Fall mit META betreut. Er war effizient, beharrlich, aber auch mit … Mehr uns geduldig. Menschlich top, bis wir am Ende Dank ihm erfolgreich zum Ziel gekommen sind. Können wir wärmstens empfehlen. Und nochmals danke. P.H.
  • Avatar Mosaic Mask Studio ★★★★★ vor 5 Monaten
    Die Kanzlei ist immer ein verlässlicher Partner bei der Sichtung und Bearbeitung von Verträgen in der IT Branche. Es ist … Mehr stets ein professioneller Austausch auf Augenhöhe.
    Die Ergebnisse sind auf hohem Niveau und haben die interessen unsers Unternehmens immer bestmöglich wiedergespiegelt.
    Vielen Dank für die sehr gute Zusammenarbeit.
  • Avatar Philip Lucas ★★★★★ vor 9 Monaten
    Wir haben Herrn Härtel für unser Unternehmen konsultiert und sind äußerst zufrieden mit seiner Arbeit. Von Anfang an hat … Mehr er einen überaus kompetenten Eindruck gemacht und sich als ein sehr angenehmer Gesprächspartner erwiesen. Seine fachliche Expertise und seine verständliche und zugängliche Art im Umgang mit komplexen Themen haben uns überzeugt. Wir freuen uns auf eine langfristige und erfolgreiche Zusammenarbeit!
  • Avatar Doris H. ★★★★★ vor 10 Monaten
    Herr Härtel hat uns bezüglich eines Telefonvertrags beraten und vertreten. Wir waren mit seinem Service sehr zufrieden. Er … Mehr hat stets schnell auf unsere E-mails und Anrufe reagiert und den Sachverhalt einfach und verständlich erklärt. Wir würden Herrn Härtel jederzeit wieder beauftragen.Vielen Dank für die hervorragende Unterstützung
  • Avatar Philipp Skaar ★★★★★ vor 9 Monaten
    Als kleines inhabergeführtes Hotel sehen wir uns ab und dann (bei sonst weit über dem Durchschnitt liegenden Bewertungen) … Mehr der Herausforderung von aus der Anonymität heraus agierenden "Netz-Querulanten" gegenüber gestellt. Herr Härtel versteht es außerordentlich spür- und feinsinnig, derartige - oftmals auf Rufschädigung ausgerichtete - Bewertungen bereits im Keim, also außergerichtlich, zu ersticken und somit unseren Betrieb vor weiteren Folgeschäden zu bewahren. Seine Umsetzungsgeschwindigkeit ist beeindruckend, seine bisherige Erfolgsquote = 100%.Ergo: Unsere erste Adresse zur Abwehr von geschäftsschädigenden Angriffen aus dem Web.
  • ●
  • ●
  • ●
  • ●

Video-Galerie

Marian Härtel: The ideal partner for blockchain projects
Marian Härtel: The ideal partner for blockchain projects
How much does a consultation with Marian Härtel cost?
How much does a consultation with Marian Härtel cost?
Contract for work and services vs. service contract: key differences for IT, software and esports
Contract for work and services vs. service contract: key differences for IT, software and esports
Sole proprietor / sole proprietorship

Sole proprietor / sole proprietorship

25. June 2023

The sole proprietor is one of the simplest and most frequently chosen legal forms for business activities in Germany. In...

Read moreDetails
Howey test

Howey test

30. June 2023
e20e8d8d71526365634ec959bdaddf91

Growth Opportunities Act (WachChG)

9. November 2024
pre seed seed finanzierung

Pre-seed / seed funding

27. June 2023
9b0a3acd9583998ac69ed5d218a64650

Service Level Agreement (SLA)

10. November 2024

Podcast Folgen

Rechtliche Herausforderungen und Chancen durch KI-Influencer und virtuelle Mitarbeitende

Rechtliche Herausforderungen und Chancen durch KI-Influencer und virtuelle Mitarbeitende

19. April 2025

In dieser Episode wird die rechtliche Einordnung von virtuellen Mitarbeitenden und KI-Influencern im Marketing untersucht. Der Fokus liegt auf den...

Globale Herausforderungen für Startups – Ein rechtlicher Leitfaden

Globale Herausforderungen für Startups – Ein rechtlicher Leitfaden

2. October 2024

Dieser informative Podcast bietet einen umfassenden Einblick in die rechtlichen Herausforderungen, denen sich Startups bei ihrer internationalen Expansion gegenübersehen. Der...

Die Rolle des IT-Rechtsanwalts

Die Rolle des IT-Rechtsanwalts

5. September 2024

In dieser spannenden Podcast-Episode tauchen wir ein in die faszinierende Welt der IT-Startups und erfahren, warum ein erfahrener Rechtsanwalt für...

Rechtskette beim Spieleentwickler

Rechtskette beim Spieleentwickler

19. April 2025

In dieser kurzen Episode diskutieren Anna und Max die Bedeutung der Rechtekette im Game Development – ein zentraler Aspekt für...

  • Home
  • Imprint
  • Privacy policy
  • Terms
  • Agile and lean law firm
  • Ideal partner
  • Contact
  • Videos
Marian Härtel, Rathenaustr. 58a, 14612 Falkensee, info@itmedialaw.com

Marian Härtel - Rechtsanwalt für IT-Recht, Medienrecht und Startups, mit einem Fokus auf innovative Geschäftsmodelle, Games, KI und Finanzierungsberatung.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • Contact
  • Leistungen
    • Support with the foundation
    • Focus areas of attorney Marian Härtel
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Games law consulting
    • Support and advice of agencies
    • Legal advice in corporate law: from incorporation to structuring
    • Cryptocurrencies, Blockchain and Games
    • Investment advice
    • Booking as speaker
    • Legal compliance and expert opinions
    • Legal advice in corporate law: from incorporation to structuring
    • Contract review and preparation
  • About lawyer Marian Härtel
    • About lawyer Marian Härtel
    • Agile and lean law firm
    • Focus on start-ups
    • Principles as a lawyer
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Why a lawyer and business consultant?
    • Focus on start-ups
    • How can I help clients?
    • Team: Saskia Härtel – WHO AM I?
    • Testimonials
    • Imprint
  • Videos
    • Video series – about me
    • Information videos – about Marian Härtel
    • Videos on services
    • Blogpost – individual videos
    • Shorts
    • Third-party videos
    • Podcast format
    • Other videos
  • Knowledge base
  • Podcast
  • Blogposts
    • Lange Artikel / Ausführungen
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Labour law
    • EU law
    • Corporate
    • Competition law
    • Copyright
    • Tax
    • Internally
    • Other
  • en English
  • de Deutsch
Kostenlose Kurzberatung