WhatsApp ordered by a German court to not use English language terms and conditions towards users in Germany

Posted on June 3, 2016 by Julian Hoeppner

A German court has recently ordered WhatsApp to use German language terms and conditions towards users in Germany (see also here, for example). Or, to be more precise, called upon by a German consumer protection agency the Kammergericht, the appellate court for the district of Berlin, has, amongst other things, decided that using English language terms and conditions for user agreements to be concluded between WhatsApp and users in Germany is in violation of a certain provision of the German Civil Code that demands there to be transparency when using pre-worded terms and conditions towards consumers. So, if you allow the pun, what’s up with that? Continue reading →

Patrick Breyer v Federal Republic of Germany: Dynamic IP addresses = Personal Data? And Is German Data Protection Law too Restrictive?

Posted on May 12, 2016 by Julian Hoeppner

Today, Attorney General Campos Sánchez-Bordona has delivered his Opinion in the Patrick Breyer v Federal Republic of Germany case before the ECJ (C-582/14; you can find the Opinion here in just about any language except English)).

We recall: The Bundesgerichshof (the highest court in Germany for all civil and criminal matters) submitted to the ECJ the following two questions:

“Must Article 2(a) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data 1 — the Data Protection Directive — be interpreted as meaning that an Internet Protocol address (IP address) which a service provider stores when his website is accessed already constitutes personal data for the service provider if a third party (an access provider) has the additional knowledge required in order to identify the data subject?”

“Does Article 7(f) of the Data Protection Directive preclude a provision in national law under which a service provider may collect and use a user’s personal data without his consent only to the extent necessary in order to facilitate, and charge for, the specific use of the telemedium by the user concerned, and under which the purpose of ensuring the general operability of the telemedium cannot justify use of the data beyond the end of the particular use of the telemedium?”

Continue reading →

Adblocker detection scripts vs. Article 5 (3) of the ePrivacy Directive: A German law take

Posted on April 27, 2016 by Julian Hoeppner

It appears that we may be about to experience a new phase in the life of Article 5 (3) of the ePrivacy Directive as amended in 2009, as brief as it may possibly be as a result of the coming Regulation and the revisions that the ePrivacy Directive may be subject to in its wake.

Twitter privacy activist Alexander Hanff has been able to create considerable attention (such as here and here) for his position that client side scripts used by publishers in order to detect AdBlockers used by their (would-be) readers are in conflict with said Article, posting on Twitter a letter from the Günther Oettinger’s team in the EU Commission that, as per him, confirms his position.

https://twitter.com/alexanderhanff/status/722861362607747072

Aside from the slightly amusing twist that the Commission, in making reference in the same letter to add-ons or plug-ins expressing a user’s preference regarding, for example, whether or not he or she does or does not accept the storage of information on his/her “terminal equipment”, appears to overlook that adblockers have to be detected first before they can be “respected” as conveying a preference, we shall have a brief look at how things would play out under German law, as it is in place at this time. Continue reading →

On “warranty” and “Gewährleistung”

Posted on February 4, 2016 by Julian Hoeppner

When drafting and negotiating technology agreements of almost any sort between German companies and US or UK companies (or companies from other common law based countries), particularly on software, one of the various Groundhog moments that one experiences is the never-ending discussion on everything that is “warranty”. Continue reading →

On the Intricacies of German Unfair Competition Law

Posted on November 8, 2012 by Julian Hoeppner

It‘s easy to be a unfair competition law violator in Germany. Just operate an eBay shop or deal on Amazon’s market place and use their default settings when informing your customers on how long it will take to get the goods delivered to their homes. In all seriousness, that is what the Bremen Court of Appeals has effectively decided in a judgment in early October. Continue reading →

Monetary Penalties for Data Protection Breaches: ICO vs. German DP Authorities

Posted on November 6, 2012 by Julian Hoeppner

I have just stumbled upon the Information Commissioner’s Office’s page that informs the British public on the monetary penalties that the ICO has handed down over the last 1 ½ odd years: 26 penalties of about £ 120,000 on average. Not that that kills any of the public authorities and private companies involved (and nor should it). But it shows that where the ICO believes that a breach is serious enough to warrant a monetary penalty the penalties are not only symbolic but designed to at least sting a bit. Continue reading →

YouTube v. GEMA Decision by Hamburg District Court

Posted on July 3, 2012 by Julian Hoeppner

After having uploaded quite some posts about how liability for third party Internet content works in German law, and having done so in rather abstract terms (in part, admittedly, for shying away from translating dozens of pages of court decisions) here is a good example of how it works in practice. A colleague from Italy has thankfully posted an English translation of the YouTube v. GEMA decision of the Hamburg District Court of April 20, 2012 on his blog. Continue reading →

On Liability and Liability Clauses in German Law

Posted on June 12, 2012 by Julian Hoeppner

When you negotiate agreements between German companies and companies with a – broadly speaking – common law background, especially the U.S., one issue that keeps appearing is the parties’ liability for damages. Groundhog day, if you will.

“Liability” is certainly a difficult legal term to being with, especially as you have to first decide what you are actually talking about when using the word. Continue reading →

„Implied Consent“ to Cookies Being Set Suffices in the UK

Posted on May 29, 2012 by Julian Hoeppner

Contrary to what had been the understanding before, the ICO in its capacity as data privacy watchdog in the UK has now declared in his guidance (download it here) that implied consent – if actually given – is just as valid a form of consent as explicit consent. That is not to say that website owners can simply continue to as before. When you read through the ICO’s advice on how implied consent may be brought about, it becomes quite clear that there really is not much difference from what the website owner must do to obtain explicit consent. Continue reading →

CNIL’s Sends Second Questionnaire to Google on Google’s New Privacy Policy

Posted on May 25, 2012 by Julian Hoeppner

Google’s new privacy policy is not that new, as it “went into force” on March 1. It is still big news in data protection terms, though, at least as far as European data protection authorities are concerned. CNIL, commissioned by the Art. 29 Working Party, has now sent a second rather comprehensive questionnaire to Google. Obviously they were not completely sold on Google’s answers to the first set of questions CNIL had sent in March. Continue reading →

Tracking and Controlling Your Child’s Mobile Phone Activities

Posted on May 23, 2012 by Julian Hoeppner

I just came across a post on golem.de (a rather good IT news site – in German only, sadly) about bemilo, a service in the UK that (I quote)

“puts [parents] in full control of [their] child’s mobile service”;

“puts [parents] in the driving seat, 24 hours a day”;

“[gives parents] FULL control [w]ho [their] children can contact and who can contact them, time of das [their] children can use their phone, WHEN they can browse the web”;

“[enables parents to] [r]eview all calls & SMS messages at any time, block bullies at the flick of a switch, control mobile spend with no fuss [emphasis added].”

Do watch the intro on the website. It’s rather, well, unique, besides the fact that it the little toy man in the intro looks suspiciously similar to a typical LEGO design. Continue reading →

Art. 82 of the (Draft) General Data Protection Regulation

Posted on May 11, 2012 by Julian Hoeppner

The (Draft) General Data Protection Regulation being a Regulation it not only aims at fully harmonizing the field of law it covers (as some Directives do) but would achieve that goal by simply being the (only) directly applicable law as far as its reach goes. Plus the Commission’s “empowerment to adopt delegated acts”, of course, which is a rather intriguing idea from a democracy point of view. But that’s another story.

One of the very few areas where the member states are given a certain amount of legislative leeway is set forth in Art. 82 of the Draft Regulation. Continue reading →

Direct Effect of the “Cookie Directive” in Germany?

Posted on May 8, 2012 by Julian Hoeppner

It has been reported that today Mr. Peter Schaar, head of the Federal Commissioner for Data Protection and Freedom of Information, announced at the Data Protection Congress 2012 that is currently held in Berlin that the EU “Cookie Directive” – which has not yet been implemented into German law – has EU law’s “direct effect” (also known as “immediate applicability”), making Art 5 (3) of the Directive directly applicable and effective under German law. He (as reported) added that therefore Art. 5 (3) of the Directive can be applied and enforced by the German data protection authorities in their day to day business. Ooops! Continue reading →

Analytics Cookies to Be Exempt from Consent Requirement in France

Posted on May 7, 2012 by Julian Hoeppner

As reported by DataGuidance, the UK Information Commissioner the enforcement of the “cookie law” will be “pragmatic and realistic” in the UK. “Pragmatic” and realistic”: Sounds good doesn’t it? Doesn’t sound very German, though, does it? As explained here, the cookie situation in Germany is still unresolved, largely due to the (my take on the matter) inability to come up with a draft for transforming the Directive’s into German law that provides for a workable solution the problem. It seems that at least the current government feels uncomfortable to pass a law the wording of which would effectively rule out a good portion of how websites work today.

Even more interestingly, in the same DataGuidance post they report that the French Data Protection Authority (CNIL) will exempt analytics cookies from the new requirement of prior consent. Continue reading →

On Facebook Fan Pages

Posted on May 3, 2012 by Julian Hoeppner

As you may have heard, as per the self-appointedly competent data protection authorities in Germany you may not set up and maintain a Facebook fan page, nor may you embed Facebook plugins into to your web pages (it’s true, read here, here, here, and here). If you do, you’re acting in violation of German data protection law. Continue reading →

Termination of a Perpetual Software License under German Law

Posted on April 26, 2012 by Julian Hoeppner

I have just (goes to show how much time I really have to scan the law journals for relevant stuff) stumbled upon a very interesting decision by the District Court of Cologne published in the February edition of Germany’s famed “C&R” (i.e. “Computer & Recht” = “Computer & Law”) regarding the terminability of perpetual software licenses under German law for material breaches of contract. As per the District Court of Cologne the answer is: Sure you can! Which is a bit surprising, really. Continue reading →

General Terms and Conditions and What That Means for Localizing Contracts to German Law

Posted on April 20, 2012 by Julian Hoeppner

When you’re asked to localize contracts coming from a U.S. legal background so that they function under German law two very different legal worlds collide. Things just work differently over here. And things word differently over there. We draft our contracts differently, we use different language (which is why simply having a translator go over your documents just won’t cut it, much less asking uncle Google), our concept of selling and licensing software is nowhere near the “this software is licensed not sold” was of thinking, and so on and so forth. Nothing wrong with that, but it provides for some hard going sometimes.

One of the more peculiar concepts of German contract law is that of or our “Law on General Terms and Conditions” (Google Translator tells me that in English that should be “Legal terms and conditions of” which isn’t even close, so there…). In a nutshell, the idea is this: If, as a company, you work with standard contracts, i.e. a set of contractual documents that you have in your drawer all drafted to best fit your particular interests and ready to pull out for every new customer you want to do business with, the terms and conditions of those contractual documents are subject to the so-called “content control” (we Germans like control, as is well known). Continue reading →

EU Cookie Law in Germany

Posted on April 19, 2012 by Julian Hoeppner

As we are quickly moving towards Germany’s 1st anniversary of non-compliance with the infamous “EU Cookie Directive“, one would expect the legislator to really make a push to get something on paper, right? Well, not so. In fact, there isn’t even a legislative silver lining anywhere to be seen. We have witnessed one draft of a change to the “Telemedia Act” (the place where any transforming the EU’s wisdom into German law would take place) submitted by the federal state of Hessen last year that no one has really talked much about, and one draft submitted by the current opposition in the Bundestag that has now been rebuffed on committee level without before even getting a proper hearing in parliament – without spoiling us by publishing any reasons for the government’s stance, sadly. That said, that’s all good news, really. Continue reading →

German IT Law

JBB's Blog on German and European Technology and Data Privacy Law

Author Archives: Julian Hoeppner