In the version of 26 February 2007 (Federal Law Gazette I, pp. 179 ff., entry into force 1 March 2007).
This translation was kindly provided by the Federal Ministry for Economic Affairs and Energy of the Federal Republic of Germany.
Disclaimer by the Federal Ministry: Translations of these materials into languages other than German are intended solely as a convenience to the non-German-reading public. Any discrepancies or differences that may arise in translations of the official German versions of these materials are not binding and have no legal effect for compliance or enforcement purposes. Please send comments with regard to this document to the following e-mail address: buero-iiib2@bmwi.bund.de.
Contents
[This act] serves to implement Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (OJ EC No. L 178 p. 1).
[…] Section 5 Nos. 1 and 7 also serves to implement Directive 2003/58/EC of the European Parliament and of the Council of 15 July 2003 amending Directive 68/151/EEC of the Council as regards disclosure requirements of certain types of companies (OJ EC No. L 221 p. 13).
The obligations deriving from Directive 98/34/EC of the European Parliament and the Council of 22 June 1998 laying down a procedure for the provision of information in the field of technical standards and regulations for services of the information society (OJ EC No. L 204 p. 37), amended by Directive 98/48/EC of the European Parliament and the Council of 22 July 1998 (OJ EC No. L 217 p. 18), have been observed.
Part 1 General Provisions
Section 1 Scope of application
(1) This Act shall apply to all electronic information and communication services, to the extent that they are not telecommunications services pursuant to Section 3 No. 24 of the Telecommunications Act which consist entirely of the transmission of signals via telecommunications networks, telecommunications-based services pursuant to Section 3 No. 25 of the Telecommunications Act, or broadcasting pursuant to Section 2 of the Interstate Agreement on Broadcasting (telemedia). This Act shall apply to all providers including public-sector agencies irrespective of whether a fee is charged for use.
(2) This Act shall not apply to the field of taxation.
(3) This Act shall be without prejudice to the Telecommunications Act and the Press Acts.
(4) The special requirements to be imposed on the content of telemedia derive from the Interstate Agreement on Broadcasting and Telemedia.
(5) This Act shall not stipulate rules in the field of international private law, nor shall it regulate the competence of the courts.
Section 2 Definitions
Within the meaning of this Act,
1. “service provider” is every natural or legal person who provides his own or others’ telemedia for use or provides access to use,
2. “established service provider” is every provider who uses a fixed facility for an indefinite period to offer or provide telemedia on a commercial basis; the location of the technical facility alone does not determine that the provider is established,
3. “recipient of the service” is every natural or legal person who uses telemedia, especially in order to obtain information or to make it available,
4. “distribution services” are telemedia which, by means of data transmission without individual demand are provided simultaneously to an unlimited number of recipients,
5. “commercial communication” is every form of communication which serves the direct or indirect promotion of the sale of goods, services or the image of a company, another organisation or a natural person who works in trade, commerce, crafts or a professional service; the transmission of the following details does not per se represent a form of commercial communication:
a) details which enable direct access to activities of the company or the organisation or person, such as in particular a domain name or an electronic mail address,
b) details referring to goods and services or the image of a company, an organisation or a person which are made independently and in particular with no financial return.
A non-incorporated company which has the capacity to acquire rights and to incur liabilities is equivalent to a legal person.
Section 3 Country-of-origin principle
(1) Service providers established in the Federal Republic of Germany and their telemedia shall also be subject to the provisions of German law if the telemedia are commercially offered or provided in another state within the scope of Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (OJ EC No. L 178, p. 1).
(2) The free movement of telemedia services which are commercially offered or provided in the Federal Republic of Germany by service providers which are established in another state within the scope of Directive 2000/31/EC is not restricted. This shall be without prejudice to Sub-section 5.
(3) Sub-sections 1 and 2 shall be without prejudice to
1. the freedom to choose the law applicable to contracts,
2. the provisions on contractual obligations concerning consumer contracts,
3. statutory provisions on the form of acquisition of real estate and rights equivalent to real estate, and the establishment, transfer, alteration or revocation of rights in rem to real estate and rights equivalent to real estate,
4. the law in force on the protection of personal data.
(4) Sub-sections 1 and 2 shall not apply to
1. the work of notaries and of members of other professions where the latter are also acting on behalf of the state,
2. the representation of clients and the upholding of their interests before court,
3. the admissibility of unsolicited commercial communications by electronic mail,
4. gambling activities with a stake of monetary value in games of chance, including lotteries and bets,
5. the requirements pertaining to distribution services,
6. copyright, related rights, rights within the meaning of Directive 87/54/EEC of the Council of 16 December 1986 on the legal protection of topographies of semiconductor products (OJ EC No. L 24 p. 36) and Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases (OJ EC No. L 77 p. 20), and to commercial property rights,
7. the issue of electronic money by institutes which are exempted, in accordance with Article 8 (1) of the Directive 2000/46/EC of the European Parliament and of the Council of 18 September 2000 on the taking up, pursuit of and prudential supervision of the business of electronic money institutions (OJ EC No. L 275 p. 39), from the application of some or all provisions of this Directive and from the application of Directive 2000/12/EC of the European Parliament and of the Council of 20 March 2000 relating to the taking up and the pursuit of the business of credit institutions (OJ EC No. L 126 p. 1),
8. agreements or practices governed by cartel law,
9. the areas covered by Sections 12, 13a to 13c, 55a, 83, 110a to 110d, 111b and 111c of the Act on the Supervision of Insurance Companies and the Ordinance on Insurance Reporting, the arrangements regarding the law applicable to insurance contracts, and to compulsory insurance.
(5) The offer and the provision of telemedia by a service provider who is established in another state within the scope of Directive 2000/31/EC shall, in derogation of Sub-section 2, be subject to the restrictions of domestic law, to the extent that this serves to protect
1. public security and order, especially with regard to the prevention, investigation, detection, prosecution and punishment of crimes and administrative offences, including protection of young people and the fight against incitement to hatred on grounds of race, sex, religion or nationality, and of violations of human dignity concerning individual persons, and the safeguarding of national security and defence,
2. public health,
3. the interests of the consumers, including investors,
from impairment or serious and grave hazards and where the possible measures on the basis of national law are in an appropriate relationship to these objectives. Article 3 (4) and (5) of Directive 2000/31/EC provides for consultation and information obligations for the procedure to introduce measures pursuant to Sentence 1 – with the exception of court procedures including any preliminary procedures and the prosecution of criminal offences, including enforcement, and of administrative offences.
Within the framework of the laws, telemedia shall not be subject to authorisation and notification.
Section 5 General information to be provided
(1) Service providers must render the following information easily, directly and permanently accessible for telemedia which are offered commercially, generally in return for a fee:
1. the name and address at which they are established, in the case of legal persons also the legal form, the authorised representative and, to the extent that details are provided of the equity of the company, the share and nominal capital and, if all the deposits to be made in money have not yet been paid in, the total amount of outstanding deposits,
2. details which permit rapid electronic contact and direct communication with them, including the electronic mail address,
3. to the extent that the service is offered or provided in the context of an activity subject of approval from a state agency, details of the relevant supervisory body,
4. the commercial register, association register, partnership register or co-operative register in which they are entered and the corresponding register number,
5. to the extent that the service is offered or provided in exercising an occupation within the meaning of Article 1 Letter d of Directive 89/48/EC of the Council of 21 December 1988 on a general system for the recognition of higher-education diplomas awarded on completion of professional education and training of at least three years’ duration (OJ EC No. L 19 p. 16), or within the meaning of Article 1 Letter f of the Directive 92/51/EEC of the Council of 18 June 1992 on a second general system for the recognition of professional education and training to supplement Directive 89/48/EEC (OJ EC No. L 209 p. 25, 1995 No. L 17 p. 20), most recently amended by Directive 97/38/EC of the Commission of 20 June 1997 (OJ EC No. L 184 p. 31), details of
a) the chamber to which the service providers belong,
b) the statutory designation of the occupation and the state in which the designation of the occupation was awarded,
c) the designation of the professional rules and of how these can be accessed,
6. in cases in which they possess a VAT ID number pursuant to Section 27a of the Turnover Tax Act or a business identification number pursuant to Section 139c of the Fiscal Code, the details of this number,
7. in the case of joint-stock companies, companies limited by shares and limited-liability companies which are in liquidation, details of this.
(2) This shall be without prejudice to more extensive obligations to provide information pursuant to other statutory provisions.
Section 6 Special information to be provided in the case of commercial communications
(1) In the case of commercial communications which are telemedia or parts of telemedia, service providers must observe at least the following preconditions:
1. Commercial communications must be clearly identifiable as such.
2. The natural or legal person in whose name the commercial communications are made must be clearly identifiable.
3. Promotional offers, such as discounts, premiums and gifts, must be clearly identifiable as such, and the conditions which are to be met to qualify for them must be easily accessible and presented clearly and unambiguously.
4. Prizes and games of an advertising nature must be clearly identifiable as such and the conditions of participation must be easily accessible and presented clearly and unambiguously.
(2) If commercial communications are dispatched by electronic mail, neither the name of the sender nor the commercial character of the message may be disguised or concealed in the heading and subject lines. Disguising or concealment takes place if the heading and subject lines are deliberately designed in such a way that, before the recipient views the content of the communication, he receives no or misleading information about the actual identity of the sender or the commercial character of the message.
(3) This shall be without prejudice to the provisions of the Unfair Competition Act.
Part 3 Responsibility
Section 7 General principles
(1) Service providers shall be responsible for their own information which they keep ready for use, in accordance with general legislation.
(2) Service providers within the meaning of Sections 8 to 10 are not required to monitor the information transmitted or stored by them or to search for circumstances indicating an illegal activity. This shall be without prejudice to obligations to remove or disable access to information under general legislation, even where the service provider does not bear responsibility pursuant to Sections 8 to 10. Privacy of telecommunications pursuant to Section 88 of the Telecommunications Act must be maintained.
Section 8 Acting as a conduit of information
(1) Service providers shall not be responsible for the information of third parties which they transmit in a communication network or to which they give access, as long as they
1. have not initiated the transmission,
2. have not selected the addressee of the transmitted information, and
3. have not selected or modified the transmitted information.
Sentence 1 shall not apply when the service provider deliberately works together with a recipient of his service to commit illegal acts.
(2) The transmission of information pursuant to Sub-section 1 and the provision of access to it includes the automatic, intermediate and transient storage of this information, in so far as this takes place for the sole purpose of carrying out the transmission in the communication network and the information is not stored for any period longer than is reasonably necessary for the transmission.
Section 9 Temporary storage for the accelerated transmission of information
Service providers shall not be responsible for automatic, intermediate and temporary storage which serves the sole purpose of making more efficient the information’s onward transmission to other recipients on their request, as long as they
1. do not modify the information,
2. comply with conditions on access to the information,
3. comply with rules regarding the updating of the information, specified in a manner widely recognised and used by industry,
4. do not interfere with the lawful use of technology, stipulated in widely recognised and used industrial standards, to obtain data on the use of the information, and
5. act expeditiously to remove or to disable access to the information they have stored within the meaning of this provision upon obtaining knowledge of the fact that the information at the initial source of the transmission has been removed from the network or that access to it has been disabled, or that a court or administrative authority has ordered such removal or disablement.
Section 8 (1) sentence 2 applies mutatis mutandis.
Section 10 Storing of information
Service providers shall not be responsible for the information of third parties which they store for a recipient of a service, as long as
1. they have no knowledge of the illegal activity or the information and, as regards claims for damages, are not aware of any facts or circumstances from which the illegal activity or the information is apparent, or
2. upon obtaining such knowledge, have acted expeditiously to remove the information or to disable access to it.
Sentence 1 shall not apply when the recipient of the service is acting under the authority or control of the service provider.
Part 4 Data protection
Section 11 Relationship between the provider and the recipient of the service
(1) The provisions of this Part shall not apply to the collecting and use of personal data of the recipients of telemedia services, as long as the provision of such services
1. occurs in an official or employment situation solely for work-related or official purposes, or
2. occurs by or between non-public bodies or public bodies solely in order to control work or business processes.
(2) The recipient of the service within the meaning of this Part is every natural person who uses telemedia, especially in order to obtain information or to make it available.
(3) In the case of telemedia which consist largely of the transmission of signals via telecommunications networks, only Section 12 (3), Section 15 (8) and Section 16 (2) Nos. 2 and 5 shall apply to the collection and use of personal data of the recipients.
Section 12 General principles
(1) The service provider may collect and use personal data for the provision of telemedia only to the extent that this Act or another statutory provision referring expressly to telemedia permits it or that the recipient of the service has given his approval.
(2) The service provider may collect and use personal data for other purposes only to the extent that this Act or another statutory provision referring expressly to telemedia permits it or if the recipient of the service has given his approval.
(3) The service provider may not make the provision of telemedia dependent on the approval of the recipient of the service to a usage of his data for other purposes if the recipient cannot or cannot reasonably obtain other access to these telemedia.
(4) Except as otherwise provided, the provisions in force on the protection of personal data shall be applied, even if the data are not processed automatically.
Section 13 Obligations of the service provider
(1) The service provider must inform the recipient of the service at the beginning of the session about the nature, scope and purpose of the collection and use of personal data and about the processing of his data in countries outside the scope of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (OJ EC No. L 281 S. 31) in generally understandable form, unless such information has already been provided. In the case of an automated procedure which permits subsequent identification of the recipient of the service and prepares the collection or use of personal data, the recipient of the service must be informed at the beginning of this procedure. The content of this information must be accessible by the recipient of the service at any time.
(2) Approval can be stated electronically if the service provider ensures that
1. the recipient of the service has consciously and unambiguously given his approval,
2. a record of the approval is kept,
3. the recipient of the service can access the content of the approval at any time, and
4. the recipient of the service can revoke the approval at any time with effect for the future.
(3) Before the recipient of the service states his approval, the service provider must refer him to the right pursuant to Sub-section 2 No. 4. Subsection 1 sentence 3 applies mutatis mutandis.
(4) The service provider must ensure by means of technical and organisational precautions that
1. the recipient of the service can terminate the use of the service at any time,
2. the personal data accruing during the course of the access or other use are deleted immediately following termination of use or are disabled in the cases of Sentence 2,
3. the recipient of the service can make use of telemedia without this being disclosed to third parties,
4. the personal data on the use of different telemedia by the same recipient can be used separately,
5. data pursuant to Section 15 (2) can be collated solely for invoicing purposes, and
6. user profiles pursuant to Section 15 (3) cannot be brought together with details to identify the holder of the pseudonym.
Disablement shall replace deletion pursuant to Sentence 1 No. 2 where statutory, by-law-based or contractual retention periods prevent deletion.
(5) The recipient of the service shall be informed when he is passed on to a different service provider.
(6) The service provider must enable the use of telemedia and payment for them to occur anonymously or via a pseudonym where this is technically possible and reasonable. The recipient of the service is to be informed about this possibility.
(7) On request, the service provider must provide the recipient of the service with information about the data stored regarding his person or his pseudonym in line with Section 34 of the Federal Data Protection Act. This information can be provided electronically on the request of the recipient of the service in line with Section 34 of the Federal Data Protection Act.
Section 14 Inventory data
(1) The service provider may collect and use the personal data of a recipient of a service only if it is needed for the establishment, content or amendment of a contractual relationship between the service provider and the recipient on the use of telemedia (inventory data).
(2) By order of the competent agencies, the service provider may in individual cases provide information about inventory data to the extent that this is needed for purposes of prosecution of crime, for the prevention of danger by the police authorities of the Länder, for the fulfilment of the statutory duties of the agencies of the Federation and the Länder responsible for protection of the constitution, the Federal Intelligence Service or the Military Counterintelligence, or for the enforcement of intellectual property rights.
Section 15 Data on usage
(1) The service provider may collect and use the personal data of a recipient of a service only to the extent necessary to enable and invoice the use of telemedia (data on usage). Data on usage are in particular
1. characteristics to identify the recipient of the service,
2. details of the beginning and end of the scope of the respective usage, and
3. details of the telemedia used by the recipient of the service.
(2) The service provide may collate a recipient’s usage data regarding the use of different telemedia to the extent necessary for invoicing the recipient of the service.
(3) For the purposes of advertising, market research or in order to design the telemedia in a needs-based manner, the service provider may produce profiles of usage based on pseudonyms to the extent that the recipient of the service does not object to this. The service provider must refer the recipient of the service to his right of refusal pursuant to Sub-section 13 No. 1. These profiles of usage must not be collated with data on the bearer of the pseudonym.
(4) The service provider may use data on usage beyond the end of the session to the extent necessary for invoicing the recipient of the service (invoicing data). The service provider may disable the data in order to fulfil existing statutory, by-law-based or contractual retention periods.
(5) The service provider may transmit invoicing data to other service providers or third parties to the extent necessary to ascertain the fee and to invoice the recipient of the service. If the service provider has concluded a contract with a third party on the collection of the fee, he may transmit invoicing data to a third party to the extent necessary for this purpose. Data on usage may be transferred in anonymous form for the purpose of market research by other service providers. Section 14 (2) applies mutatis mutandis.
(6) The invoicing of the use of telemedia must not render identifiable the provider, time, duration, nature, content and frequency of certain telemedia used by a recipient of a service unless the recipient requests itemised billing.
(7) The service provider may store invoicing data processed for the production of itemised billing on the use of certain services at the request of the recipient of the service at most until the end of the sixth month following the sending of the invoice. If objections are raised against this invoice within this period, or if despite reminders this invoice has not been paid, the invoicing data may be stored further until the objections have finally been clarified or the invoice has been paid.
(8) If the service provider has actual documented grounds for suspicion that his services are deliberately being used by certain recipients who intend not to pay or not fully to pay, he may use the personal data of these recipients beyond the end of the session and the storage period cited in Sub-section 7 only to the extent that this is needed for purposes of legal action. The service provider must delete the data expeditiously when the preconditions pursuant to Sentence 1 no longer pertain or the data are no longer required for legal action. The recipient of the service affected must be informed as soon as is possible without endangering the purpose pursued by the measure.
Section 15a Information to be provided in the case of illegal knowledge of data
Notes of the service provider, that his stored inventory or usage data have been unlawfully transmitted or otherwise illegally have come to the knowledge of third parties, and a risk of serious adverse effects on the rights and legitimate interests of the affected user, Section 42 a of the Federal Data Protection Act applies correspondingly.
Part 5 Fines
Section 16 Fines
(1) Anyone who deliberately disguises or conceals the sender or the commercial character of a message, in violation of Section 6 (2) Sentence 1, commits an administrative offence.
(2) Anyone who deliberately or negligently
1. violates Section 5 (1) by not keeping information or by not keeping information accurately or completely,
2. violates Section 12 (3) by making the provision of telemedia dependent on an approval cited there,
3. violates Section 13 (1) Sentence 1 or 2 by not informing the recipient of the service or by not informing him accurately, completely or in due time,
4. violates a provision of Section 13 (4) Sentence 1 No. 1 to 4 or 5 on an obligation cited there,
5. violates Section 14 (1) or Section 15 (1) Sentence 1 or (8) Sentence 1 or 2 by collecting or using personal data or by not deleting it or not deleting it in due time, or
6. violates Section 15 (3) Sentence 3 by collating a profile of usage with data on the bearer of the pseudonym,
commits an administrative offence.
(3) The administrative offence can be punished by a fine of up to fifty thousand euro.