Use the Lexology Navigator tool to compare the answers in this article with those from other jurisdictions.

Electronic marketing and internet use

Electronic marketing

Are there rules specifically governing unsolicited electronic marketing (spam)?

Yes. In principle, promotional emails are permitted only if the intended recipient agrees beforehand to receive such emails (Section 7 of the Act against Unfair Competition). This applies to both entrepreneurs and consumers. Exceptions are limited to narrow circumstances (see Section 7(3), 1-4 of the Act against Unfair Competition).

If the recipient has not given his or her express consent to receive promotional emails, he or she can request the sender to desist pursuant to Sections 823(1) and 1004(1) of the Civil Code. Moreover, competitors of the sender may request that the sender desist pursuant to Section 8(1) of the Act against Unfair Competition.

Further, the General Data Protection Regulation applies to the unsolicited use of email addresses as well. Email addresses that relate to an individual person are personal data, if that individual can be identified from the email address. The use of an email address to send marketing emails is a processing of personal data, which will have to be justified under Article 6 of the General Data Protection Regulation, likely, through consent.

Cookies

Are there rules governing the use of cookies?

Yes. The German Telemedia Act (particularly Sections 13(1) and 15(3)) contains rules governing the use of cookies (‘usage data’). The EU Cookie Directive (2009/136) has not yet been formally implemented into German law. However, the government maintains that the existing legislation is sufficient to comply with the directive.

Further, the use of cookies also falls within the scope of the General Data Protection Regulation. Depending on which information is gathered through cookies (eg, IP address and the date and time of accessing a website), a cookie might contain information, which, either by itself or when combined, allows the identification of an individual person. If an individual person can be identified by way of data generated through cookies, the use of cookies will have to be justified under Article 6 of the General Data Protection Regulation. However, different justifications might apply to different kinds of cookies (eg, cookies which are essential for ensuring key functions of a website).

Click here to view the full article.