Filter nach benutzerdefiniertem Beitragstyp
Filter by Kategorien
Archive - Old blogposts
Blockchain and law
Blockchain Law
Competition law
Data protection Law
Esport and politics
Esport Business
EU law
Labour law
Law and Blockchain
Law and computer games
Law and Esport
Law on the Internet
Law on the protection of minors
News in brief
Online retail
Web3 Law
Youtube video
Just call!

03322 5078053

Web pages without SSL. Danger of warning letters?

This post is also available in: Deutsch

Today I would like to point out a danger of a warning, which is – still – both legally and technically disputed, but which is already imminent. Imminently, because courts have already affirmed a violation of competition (or data protection) if you operate a website without SSL encryption and either process user data on it (for example, for a forum, comments and the like) or, above all, and probably few people are aware of this, you have a contact form on the site where someone can enter their data to contact the website owner.

Some already derived such an obligation for contact forms from Section 13 of the German Telemedia Act. Its 7th paragraph states:

(7) Service providers shall, insofar as this is technically possible and economically reasonable, ensure within the scope of their respective responsibility for telemedia offered on a businesslike basis by means of technical and organizational precautions that

no unauthorized access is possible to the technical equipment used for their telemedia offerings, and
against violations of the protection of personal data and
against disturbances, also as far as they are caused by external attacks,

are secured. Precautions according to sentence 1 must take into account the state of the art. A measure pursuant to sentence 1 is, in particular, the use of an encryption method recognized as secure.

These changes to the TMG stem from the Act to Increase the Security of Information Technology Systems, which came into force in August 2015.

Since the GDPR has been in force, an obligation is also derived from data protection aspects. There are even 5-figure claims for damages circulating. Here, with warnings, the now notorious lawyer colleague Sandhage from Berlin has distinguished himself. It even hit a fellow attorney and the opinion of the colleague was shared by the LG Würzburg in a decision from September 2018.

Since an SSL certificate, and be it only the use of Let’s Encrypt, is part of today’s state of the art, it is hard to argue that the use of one was not possible. Online stores, sites with user-generated content or user data should therefore take no chances, use SSL throughout and also gain increased user confidence and better SEO scores.


Marian Härtel

Marian Härtel

Marian Härtel is a lawyer and entrepreneur specializing in copyright law, competition law and IT/IP law, with a focus on games, esports, media and blockchain.


03322 5078053


Share via
GDPR Cookie Consent with Real Cookie Banner
Send this to a friend