Time to talk about the elephant in the room: German rules and regulations regarding the internet. And boy, do we have to talk about a lot now. So let’s get started.
With us all she must have been referring to her Bridge Club. Or maybe she meant her fellow politicians. Some of those might still think a Browser is some kind of horse breed, and this can really be felt when it comes to legislation.
But not so fast. We should go from top to bottom when it comes to internet law practiced in real German life. We have international law, European law, federal law and state law sometimes contradicting each other. This creates an atmosphere of uncertainty which law to apply in a given circumstance.
You can not be perfect
I know it hurts our need for security, but consider this: if you have perfectly set up your website or service to avoid legal precautions, it certainly will not be perfect anymore tomorrow.
Let’s pick one small example here: IPs. Is a page visitors IP address personal data? Yes, sometimes (§3 Abs. 1 BDSG). What about sending personal data to third parties? No, don’t do that. In March 2015 the BFDI marked the US as a Non-Safe-Harbor state (in response to the Snowden incident) for data. This was confirmed by the EUGH later that year.
Now think about embedding a YouTube video into your site or loading bootstrap.min.css from a CDN. Both will send a HTTP-referrer and a client-IP to wherever that resource is. Is that legal? Certainly not in certain cases. And this is only about the low-profile IP-address. What about cookies? Mail addresses? U.S. based services like MailChimp?
This biotope of legislative overload and uncertainty has bread a special species: the Abmahnanwalt. Those are the cause for top 5 reasons for costly warnings. If you do not have a division of lawyers at hand to prevent those guys from picking on you, you might want to implement different strategies to avoid the no-gos.
Obey the swarm
When your flock runs, you run too. Even if you can’t see the lion yet.
Swarm intelligence is your friend if you cant’t afford a legal staff. I recognized cookie-disclaimers popping up on more and more sites lately. My research revealed that Google is now enforcing the EU directive also known as cookie-law from 2009. Well, time to do that too then if you use any Google products that “enhance user experience” like Analytics, AdWords or AdSense.
Join communities and socialize
When it comes to adhortatory letters it usually is the state releasing the hounds. Some states are faster to do so than others. The Higher Regional Court of Hamburg is quite the hardliner when it comes to interpretation of the TMG. Berlin is known to be much more laissez-faire. Keep listening to the drums of the Higher Regional Court of the state you reside in. Their precedent will be most relevant to you and clients in your area.