Almost every website needs both a data protection notice and an imprint. Both the data protection declaration and the imprint must be easily accessible from each page of a web presence. This applies equally to smartphones as it does to tablets, notebooks, and desktop computers.
Provider identification obligation
A legal notice must be provided by almost every website. The obligation to provide a legal notice is regulated § 5 TMG as well as §18 Abs. 2 MStV. It suffices if at least one of the following reasons applies:
- Operational business website
- Website with editorial content
Commercially is a website in particular, if there is a profit-making intention or possibility of profit-making given. It does not matter whether actual profits or revenues are achieved. For example, an affiliate link or the display of advertising already indicates that a website is commercially operated.
Editorial Content is already present when an Opinion Statement is made. This should be the case almost always. Exceptions could be websites with password protection that are only accessible to a limited group, such as family members. Also empty websites, for example with the text "a website will be set up here soon" are probably not opinion statements. Whoever mentions their company and writes something about it is expressing his opinion almost always. Whoever writes about horoscopes and says that many of them are often correct is, in my opinion, expressing an opinion.
Data Protection Obligation
In what follows, a data protection statement is being discussed. Legally less problematic is the term Data Protection Notice, which should be used on websites instead of it. The reason is the character of the concept. An explanation can easily be interpreted in the direction of Contractual Relationship. A data protection statement, however, I claim, is not a contract, but at most a contractual component.
The data protection statement must be guaranteed on every website in contrast to the imprint. The website only needs to be publicly accessible and represent an offer. An offer is present when someone offers something, whether it's information or services. In one case, a website only listed contact details. However, the contact details also contained a hint at the activity of the operator. Thus, an offer is present, I claim. Often this question does not arise because every commercial website is an offer. But even private websites that offer information are obviously an offer.
When a website is accessed, the visitor's IP address is transmitted to the website, thus always a relevant process under GDPR takes place. IP addresses are known personally identifiable data.
For the data protection declaration a responsible body must be named. This is regulated in Article 13 Number 1.1. There it is required that the name and contact details are to be given. As contact data, I think an email address suffices. If there is an imprint present and the responsible person is identical with the operator of the website, however, the full address can be given without any disadvantages and for security reasons.
Accessibility of vendor identification and privacy notices
For imprint and data protection statement, it is equally valid that they must be linked from every side (§ 5 TMG). These links should each be callable with a maximum of two clicks. Furthermore, these links may not be obscured to the point of invisibility by other visual elements such as pop-ups. Of course, one could dispense with linking if on every page the content of provider identification and data protection notices is mentioned. In practice, however, this approach has not been successful for understandable reasons.
Different screen resolutions
The numerous devices with their different display sizes necessitate a so-called responsive design. Responsive means a website if it adapts its presentation to different screen resolutions. For example, on a smartphone, the font size for headings is often reduced to avoid unsightly line breaks. Another example of responsive design are texts that are hidden in smaller resolutions (such as on the iPhone). Of course, the imprint link and the link to the data protection declaration must be visible in every resolution, i.e., for each device.
Here is an example from this website for three resolutions:
Due to space reasons, the desktop PC view is missing. From left to right recognizable in the image: View for Galaxy S9, iPad and Kindle Fire. The Hamburger Menu on the top right with three horizontal lines appears only at smaller views. In this menu you can find the links to Imprint and Data Protection Declaration. At larger views the links are displayed directly. Furthermore these two links can be found at the end of each page, almost as an additional security measure.
That a responsive accessibility of important links apparently is not self-evident, shows my examination of numerous websites. A very popular internet presence for real estate presents in the desktop version the links for imprint and data protection correctly. In the mobile version these legally prescribed links are incorrectly simply hidden. The entire web presence is therefore considered as without imprint
The presentation of link texts must be done in a way that excludes excessive searching. Sufficient contrast between text and background should therefore exist. The position should be chosen so that the user can easily find the references. I recommend linking both at the top of each page as well as at the bottom of each page. Because the OLG Munich has decided with judgment from 12.02.2004 (Az.: 29 U 4564/03
My name is Klaus Meffert. I have a doctorate in computer science and have been working professionally and practically with information technology for over 30 years. I also work as an expert in IT & data protection. I achieve my results by looking at technology and law. This seems absolutely essential to me when it comes to digital data protection. My company, IT Logic GmbH, also offers consulting and development of optimized and secure AI solutions.
