The start of any year is always a good opportunity for lawyers to review the year just ended and to look ahead. What were the most important judgements and rulings in 2016 and what changes can be expected this year?
Online print providers face legal pitfalls in the way they deal with existing and potential customers just as any other eCommerce provider does. And given that several controversies related to eCommerce law hit the headlines in 2016, I asked Dr. Martin Schirmbacher, an attorney at HÄRTING Rechtsanwälte in Berlin and the official legal adviser to the IOP, to examine and review the areas of relevance to our industry from a legal perspective and to provide an outlook for 2017.
Review: what happened in 2016?

There was no one specific trend impacting on online print providers in 2016. But of course there were many issues that affected eCommerce in general. Key factors here include ever increasing regulation of advertising and data protection. All sections of the eCommerce industry are actually affected. Specific issues have been singled out below and important rulings made in 2016 are briefly explained.
Content marketing: be careful with links
Be it in blogs, white papers or on Facebook, having good, topical content is a must. The word has gotten around that third-party content, photos in particular, can’t just be incorporated at face value. However up to now it was OK to include photos and videos in your own website via iFrame links. Mere links can’t breach copyright. This should actually apply even more so to a mere link to another website.
It’s a different story as far as a ruling by the European Court of Justice (ECJ dated 8.9.2016, C-160/15), which attracted a great deal of attention, is concerned. In this ruling a Dutch news platform was prevented from establishing links to photos owned by the publisher of Playboy, which were illegally accessible on the Internet. However this only applies if links are set up with a view to making profits. However in this case full copyright liability applies and knowledge of the illegality of publication of the contents can be assumed if actions taken are based on a profit motive.
What initially seems like a special case has the potential to turn the entire Internet upside down. That was demonstrated pretty spectacularly in one of the first German court judgements to be issued after the ECJ ruling. The Hamburg Regional Court banned a website operator from linking his website to a certain URL, because the latter included a photo that had been subsequently edited contrary to the terms of the relevant license. The judges regarded the link to the photo as a separate public reproduction of the photo, which occurred without the consent of the photographer. The Court in Hamburg provided a particularly narrow interpretation of the ECJ ruling. Any website operator that earns money via a website acts with a profit motive and therefore they can be expected to accept a particular burden of responsibility for checking links to third-party websites.
The Hamburg judges assumed a profit motive because the party setting up the link was a media company. The actual link itself is not what’s important. This interpretation demonstrates the actual risk of the ECJ judgement. Although this interpretation is not mandatory, because it is also possible to base one’s arguments on the actual link and any liability that the party establishing the link may have is only of relevance if the latter wants to earn money with the link.
Links continue to be the lifeblood of the Internet – basically no links, no Internet. And yet the following applies: if you want to minimize risk, you have to exercise a greater degree of caution when setting up links.

Online stores: more flexibility with ‘SOFORT-Überweisung’
Online print providers endeavor to provide their customers with as many different payment methods as possible. The different means of payment trigger different costs for the provider. It makes sense to pass these costs on to customers. However certain statutory provisions have to be borne in mind. § 312a Par. 4 No. of the German Civil Code (BGB) allows retailers to charge customers for using specific payment methods, only if customers have the option of making payment using a standard and cceptable payment method without incurring extra costs.
Last year there was a fair amount of case law relating to the issue of what is a standard and acceptable method of payment. What is clear, for example, is that specific customer and credit cards (like the Visa Gold Card) are not standard payment methods, as too few customers use such cards.
The Higher Regional Court (OLG) in Frankfurt has ruled that the ‘Sofortüberweisung’ payment service is both standard and acceptable (OLG Frankfurt dated 24.08.2016, File 11 U 123/15). A standard method of payment is generally an acceptable one too. This is not been negated by the fact that the customer has to enter a one-time PIN and TAN into the input screen of a payment initiation service. And a purely abstract risk of misuse does not call the acceptability of a payment method into question if no actual risk of misuse can be identified. Online print providers can therefore offer the ‘Sofortüberweisung’ service as their sole gratis payment method.
What is important is that the fees charged to customers do not exceed the actual costs incurred.
E-mail marketing: feedback requests are also advertising
Jurisprudence has it in for e-mail advertising. This efficient direct marketing approach (to potential customers) is under permanent pressure from the courts. In 2016 there were again rulings that declared certain advertising methods to be illegal.
In one case that was heard before the Higher Regional Court in Dresden an online merchant requested commercial customers by e-mail to participate in a customer satisfaction survey once they had placed an order. If the customer complied with this request, another e-mail in which the merchant thanked the customer for participating was sent to the latter. The judges regarded that as advertising, which requires the recipient’s consent. The company is requesting customers to personally rate its service offering, in order to get an idea of its strengths and weaknesses as seen from a customer perspective. This follow-up customer care is a form of advertising. Because the consent of the e-mail-recipient customer had not been obtained, the court ordered the store operator to cease and desist (OLG Dresden dated 24.04.2016, File 14 U 1773/13).
Regardless of the low level of inconvenience and the circumstance of there being no risk of proliferation, e-mail feedback requests sent out after the conclusion of any contract are therefore very problematical. At any rate if the customer has expressly objected to receiving any advertising, feedback requests may no longer be sent out.
Postbox advertising: the right way to deal with the ad stopper
The online service, werbestopper.de, caused a stir in the fall of 2016. This service enables consumers to enter their personal details and the operator then passes on these details to as many companies as possible instructing them not to deliver any further advertising to the relevant consumers. The ban also applies to postbox advertising and the advertising inserts in free newspapers.
In the final quarter of 2016 scores of companies consequently received long lists of names and addresses of consumers, who no longer wished to receive any advertising, via the conventional postal service. Apart from the fact that the operator of werbestopper.de does not verify whether the people have actually entered their details themselves, many cases have come to light, where active customers of companies have stated their objection to receiving advertising without even knowing it. This can be attributed above all to the fact that this advertising opt-out is sent out to a long list of up to 250 companies.
Companies are recommended to repudiate the advertising opt-out, because the operator cannot prove they have a power of attorney or have been commissioned by producing a relevant certificate (§ 174 BGB). Companies should also refuse to accept any warnings they may receive as a result of non-compliance with the alleged opt-out. Meanwhile several lawsuits are pending and one wonders what the courts will decide. Details can be obtained here: http://www.haerting.de/neuigkeit/werbewidersprueche-ueber-werbestopperde-faq-fuer-betroffene-unternehmen
Outlook: what’s to be expected in 2017?
2017 is going to add to online print providers’ workloads in particular. On the one hand there is an increasing trend towards more and more new information provision requirements. Above all the General Data Protection Regulation is on its way, and companies are well advised to deal with this issue sooner rather than later.
More and more new information provision requirements
Since February 1, 2017 companies with headcounts of more than 10 have had an obligation to proactively inform consumers in a clear and comprehensible manner to what extent they are prepared (or obliged) to participate in a dispute resolution process and if yes, which dispute resolution organization is responsible. Participation is not mandatory for most companies, merely the provision of information about (non-) participation has been compulsory since February 1, 2017.
Furthermore online merchants are required to provide a link to the European online dispute resolution platform for consumers in accordance with the ODR Regulation. This link should be clickable. Anybody who disregards these obligations violates consumer protection law and risks receiving written warnings from consumer protection and competition organizations as well as from competitors. Ultimately the intention of this obligation is to have the following statement included in a website’s Legal Notice (or any other easily accessible place): “We do not participate in any consumer arbitration service’s dispute resolution process. The EU Commission’s online dispute resolution platform: www.ec.europa.eu/consumers/odr”.
The fact that this makes limited sense is obvious, but companies should nevertheless comply with this obligation.
Data protection, data protection and yet more data protection
What’s happening on the data protection law front is considerably more relevant in practice. On May 25, 2018 the EU’s new General Data Protection Regulation will take effect in all member states of the European Union. Many companies are going to have to make several changes to the way they handle personal data by that deadline.
An EU data protection directive has been in force for many years. But from next year onwards a data protection regulation will apply throughout the EU – The EU General Data Protection Regulation (GDPR). The regulation will apply immediately in all member states, i.e. in Germany as well. German law that has applied to date will be amended or abolished. That applies in particular to the Federal Data Protection Act and the data protection-related legal provisions in the German Teleservices Act. As they stand, both will cease to apply after May 25, 2018. May 2018 still appears to be a long way off, but nearly all companies will now have to address the issue of data protection closely.
The main reason for that is the threat of horrendous fines for non-compliance. In future companies found guilty of serious breaches of data protection regulations face fines of 20 million Euros and of up to 10 million Euros for less serious breaches. To date the ceiling has been 300,000 Euros (resp. 50,000 Euros). Large corporations can even be fined significantly more – the maximum penalty for serious breaches is 4 % of global annual sales. Added to that is the fact that staffing levels are being raised substantially at the data protection authorities. At any rate companies should not be under any illusion that the authorities don’t have the necessary time resources to police them effectively.
What’s new, for example, are duties of accountability and data privacy impact assessments, which have to be undertaken in advance. Nearly all declarations of consent and privacy statements will have to be amended. Partnerships with service providers (e.g. for tracking, hosting, scoring or HR software) need to be reviewed and commissioned data processing agreements need to be altered.
Data protection needs to be taken seriously at senior management level in 2017.
My take: Looking back, we have already discussed the issues of “acceptable payment methods in online print stores” and “illegal advertising” in detail. And looking forward, the same applies to the other issues discussed here: ignorance of the law is no excuse. What Mr. Schirmbacher has provided here in the way of information to online print companies and other online-print-industry providers means a seriously increased workload in the next few months for some store operators. Obviously marketing is a must – but the limitations on legitimate advertising activities have been and are being increasingly tightened up. And as far as the handling of personal data is concerned, there’s no let-up in statutory requirements on that front either…