Web pages without SSL. Danger of warning letters?

Today I would like to point out a danger of a warning, which is – still – both legally and technically disputed, but which is already imminent. Imminently, because courts have already affirmed a violation of competition (or data protection) if you operate a website without SSL encryption and either process user data on it (for example, for a forum, comments and the like) or, above all, and probably few people are aware of this, you have a contact form on the site where someone can enter their data to contact the website owner.

Some already derived such an obligation for contact forms from Section 13 of the German Telemedia Act. Its 7th paragraph states:

(7) Service providers shall, insofar as this is technically possible and economically reasonable, ensure within the scope of their respective responsibility for telemedia offered on a businesslike basis by means of technical and organizational precautions that

1.

no unauthorized access is possible to the technical equipment used for their telemedia offerings, and

2.

this

a)

against violations of the protection of personal data and

b)

against disturbances, also as far as they are caused by external attacks,

are secured. Precautions according to sentence 1 must take into account the state of the art. A measure pursuant to sentence 1 is, in particular, the use of an encryption method recognized as secure.

These changes to the TMG stem from the Act to Increase the Security of Information Technology Systems, which came into force in August 2015.

Since the GDPR has been in force, an obligation is also derived from data protection aspects. There are even 5-figure claims for damages circulating. Here, with warnings, the now notorious lawyer colleague Sandhage from Berlin has distinguished himself. It even hit a fellow attorney and the opinion of the colleague was shared by the LG Würzburg in a decision from September 2018.

Since an SSL certificate, and be it only the use of Let’s Encrypt, is part of today’s state of the art, it is hard to argue that the use of one was not possible. Online stores, sites with user-generated content or user data should therefore take no chances, use SSL throughout and also gain increased user confidence and better SEO scores.

Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.