On the safe side: Imprint and privacy policy

Stefano Viani


27 Feb 2018 Law Digital Agency

By now, most companies know that they have to make an imprint and a privacy policy available on their website - otherwise, there is a risk of high warnings and serious legal consequences. In order to be able to conclude the topic quickly, the texts are taken over in a hurry from googled online generators. In the process, the text for the data protection statement is often copied directly under the imprint section, which is illegal according to a decision by the Higher Regional Court of Hamburg and can have serious consequences. One thing is certain: every website needs a privacy policy that is complete in terms of content and can be called up separately from the imprint! We have summarized what companies must pay attention to when setting up an imprint and data protection statements on their website and what will change in 2018 with the General Data Protection Regulation:

Website: Data privacy statement is mandatory

As soon as personal data is collected on a website, it must have a data protection statement, the Federal Data Protection Supervisory Authority (BfDI

) has ruled. According to this ruling, however, almost every site needs a data protection statement - even if the homepage only has minimal content. Without many website operators being aware of it, integrated measurement tools of the provider and tools such as Google Analytics store data of website visitors such as time, browser, IP address, entry and exit page, operating system used and data volume in the background. Personal data is also collected when cookies or contact forms are used. But ignorance is no excuse, because: All of this data is considered personal, as it can be used to establish a connection to a person. Therefore, every website - whether private or commercial - must have an adequate privacy policy.

Proper imprint and data protection statement

Here's what companies need to keep in mind when implementing data protection regulations on their website: The privacy statement must not simply be inserted into the imprint page, but must be clearly separated from it and unambiguously recognizable. It must be clearly accessible from every page of the website - the imprint, on the other hand, must only be accessible by means of two clicks and must therefore not be linked directly on every page. The privacy policy can also be placed in the imprint if the imprint can be reached by means of one click on the entire website and it is clear from the link that the privacy policy is also available there.

The new General Data Protection Regulation

As of May 2018, the new General Data Protection Regulation will apply to all European companies, and the requirements for a correct privacy policy will be further increased in the course of this. In the future, visitors to websites must be informed even more precisely about the collection and use of their data - they are entitled to extensive rights of information, correction and deletion. The lawyer Michael von Rothkirch of the law firm Heinz v. Rothkirch, specialist lawyers for copyright and media law, therefore warns of the expensive consequences of a missing or incorrectly linked data protection declaration: "This is an administrative offense that can be punished with a fine of up to € 50,000. These fines increase drastically with the new General Data Protection Regulation. In addition, there is the threat of warnings and legal proceedings for infringement of competition law provisions."

IT law is continuously evolving and poses many challenges for digitizing companies, as there is a risk of being warned or sued if regulations and laws are ignored. As a digital agency, we are careful to communicate relevant developments and intricacies of IT law, but we are not authorized to provide legal advice. Companies should seek advice from a law firm or lawyer specializing in IT law in order to continue to grow in online commerce without legal obstacles.

About the Author

As Executive Director of Blackbit digital Commerce GmbH, Stefano Viani manages all areas of the agency in the offices in Göttingen, Hamburg, Berlin and Kiev. His passion is the development of marketing strategies and their implementation in concrete measures.

In his free time, Stefano is passionate about riding his motorbike or working out in the gym.