Compliance
The regulations set out under German youth media protection law are complex, and the potential sanctions for infringements can in certain circumstances be severe. Irrespective of the concrete purpose for which a website is being operated, anyone responsible for Internet content needs to take a great deal into consideration. In addition to the general provisions of media and competition law (e.g. imprint obligation/provider identification in accordance with Article 5 German Telemedia Act (TMG)), the most pressing issues that arise on the Internet are those relating to youth media protection. Providers must do their best to deal with these at the earliest possible juncture in order to protect themselves from sanctions by the supervising authorities or legal action from competitors. All suppliers are under a legal obligation to evaluate their own Internet content in relation to youth protection law. Anyone offering problematic content needs a Youth Protection Officer.
The FSM offers support for companies and providers with respect to their adherence to the legal youth protection regulations. The FSM helps companies answer questions like: Does our own website include content that should not be accessible to users of all ages? Should this page be targeted towards younger users? Do the advertisements integrated into the site comply with the legal requirements? Do we need to appoint a Youth Protection Officer?
Youth Protection Officer
Commercial providers of generally accessible telemedia that includes content that impairs development or is harmful to young people must appoint a Youth Protection Officer, as must providers of search engines. The name and electronical contact information of the Youth Protection Officer must be easy recognizalble, directly accessible and permanently available. Providers with fewer than 50 employees, or a verifiable monthly average of fewer than ten million website visits over the course of a year, do not need to appoint a Youth Protection Officer if they join a voluntary self-regulation association and engage it to carry out the duties of one. The FSM offers its members this option. Membership entitles them to use us as their Youth Protection Officer.
Appoint FSM as Youth Protection Officer
According to Article 7 Para. 1 of the German Interstate Treaty on the Protection of Minors in the Media (JMStV), commercial providers of generally accessible telemedia (= online content) that include content that impairs development or is harmful to young people must appoint a Youth Protection Officer, as must providers of search engines. The above obligation applies not only to content providers, but also to hosting providers and access providers, in accordance with Article 7 Para. 1 JMStV in conjunction with Article 3 Para. 2 No. 2 JMStV. The definition of “provider” in the sense of the JMStV is a broad one and as such extends to cover hosting providers and access providers. The deciding factor in determining the obligation to appoint a Youth Protection Officer is the potential of commercial online content to harm young people. Search engine operators, however, must appoint a Youth Protection Officer irrespective of this – in other words, they will always have to do so.
The Youth Protection Officer in a company must act as a point of contact for users of the company’s online content. He or she will also advise the provider in issues of youth protection. The law stipulates that the Youth Protection Officer must have the specialist knowledge necessary to carry out his or her duties and must not be bound by instruction. The provider must involve him or her in issues relating to the preparation, acquisition, planning and designing of content and in all decisions relating to the upholding of youth protection in a timely and appropriate manner, and keep him or her fully informed about the content on offer at any given time. The Youth Protection Officer can suggest that the provider limit the available content. In the case of hosting providers and access providers, there is no duty to act in advance. The duties of a Youth Protection Officer engaged by a hosting provider are limited to concerning himself/herself with the composition and structure of external content, and in particular with the nature of such content and how it is acquired. In the case of access providers, the Youth Protection Officer’s obligations relate to the composition, structure and designing of the services made available by the service provider, without extending to any examination of specific external content.
Looking at the legally specified duties of the Youth Protection Officer and the requirement for specialist expertise, it is clear that the job can only be filled by someone who already has pertinent experience in the youth protection sector. Such experience would, for example, include an understanding of the relevant technology, an overview of the existing public and private institutions for youth protection, and knowledge of youth protection law. In short, the Youth Protection Officer must be someone with special qualifications relating to work in the field of youth protection. There are no provisions regarding specific vocational training; however, it is not permitted to appoint persons as Youth Protection Officers who are clearly not suited to the job. Any infringements of this principle constitute organisational negligence and may therefore result in charges being brought against the proprietor of the online company. In some individual instances, if content offered by the company includes actionable material, this can even lead to repercussions under criminal law (Article 14 German Criminal Code (StGB)), not only for the proprietor but also for others such as authorised representatives (e.g. directors).
The Youth Protection Officer may be an employee of the company or an external service provider. The nomination of directors as Youth Protection Officers, however, is problematic, as a director is unlikely to be able to discharge the advisory function of a Youth Protection Officer – namely his or her right to provide information, to be involved and to put forward suggestions – vis-à-vis himself or herself. Therefore, this arrangement will not meet the legal requirements.
The Youth Protection Officer is not bound by instruction. If he or she is an employee of the provider, he or she must not be penalised as a result of performing his or her duties. He or she must be provided with the materials necessary for the performance of these duties and, if necessary, exempted from the requirement to perform his or her regular work without any loss of earnings.
Anyone who fails to appoint a Youth Protection Officer despite being under a legal obligation to do so is committing an administrative offence, punishable with a fine of up to 500,000 euros (Article 24 Para. 1 No. 8 JMStV).
Technical youth protection
Companies can use technical measures to meet the requirements of German youth protection law. Because of the high volume and changing nature of Internet content, often generated by the users themselves, as well as its international distribution, technical safeguards are the ideal means of ensuring online youth protection. In the German Interstate Treaty on the Protection of Minors in the Media (JMStV), the issue of which technical measures a provider is legally obliged to adopt is determined by the nature of the content – that is to say, its relevance for youth protection purposes. Illegal content, e.g. child pornography or violent pornography, may not be offered under any circumstances. Content illegal for minors may only be made accessible to closed user groups. The term “closed user groups” means that content that comprises ordinary pornography, is included on a list of harmful material or is in some other way clearly liable to harm young persons may only be accessed by adults and not by minors. Companies can comply with this regulation by using an age verification system (AVS). The German Commission for the Protection of Minors in the Media (KJM) has laid down specific requirements for these systems. In short, any AVS must ensure access protection via two steps: checking that a person is of legal age and authentication. The FSM has assessed a large number of age verification systems. Member companies can apply for such an assessment to be carried out by the FSM Expert Evaluator Commission. Content that is harmful for development may only be offered if the provider takes care to ensure that minors will not normally be able to access it. There are three technical measures companies can take to ensure that minors would not normally consume content that will impair their development. This can be done by programming for a recognised youth protection program, by installing technical means or by using watersheds. The JMStV does not include any concrete requirements for technical safeguards. The KJM has delivered a positive evaluation of several systems. Technical safeguards generally function by checking a person’s ID card number or by using a youth protection PIN. One alternative for companies is to use technical means to label their content with an age bracket. This involves recording the age-de.xml data file containing the age data in the root directory of the server. To make it easier for providers to determine the age bracket that best suits their content on the one hand, and on the other to create a technical age labelling system that matches the required standard, the FSM provides a free age classification system.
Legal privilege in cases requiring control
Self-regulation
The regulated self-regulation system for youth media protection that has been in operation in the field of telemedia since April 2003 provides for a cooperation between the state and the industry, with the state generating the legal framework and the corresponding structures. This makes it possible for recognised self-regulation organisations like the FSM to act independently and exercise a control function in respect of their members. Meanwhile, the state is in a position to use the regulatory framework and the corresponding control options to prevent undesirable developments.
The Internet is especially notable for its international nature and the speed with which content changes, making a system of self-regulation on the part of the providers essential. Self-monitoring makes it possible to react more flexibly and quickly to changes than state control that adopts legal solutions via time-consuming legislative processes. In addition to the changing moral concepts and values of our society, new technical developments call for constant adaptation. Since the technical standards of the business community are generally higher than those of official bodies, it is able to respond more quickly.
Privileged status
Article 20 Para. 5 JMStV reduces the possibilities for direct intervention by state authorities against a telemedia provider. If a provider is also a member of a recognised voluntary self-regulation association, then in the event of a possible infringement, a determination should initially be sought from that body. Provided the self-regulation association does not exceed its own legal discretionary power, the state authority in question is not permitted to take any further measures (Article 20 Para. 5 Sentence 2 JMStV). This privileged status does not apply to content that is illegal under Article 4 Para. 1 JMStV, however.
Safety-by-Design
For online games, video-on-demand services, social networks or websites of all kinds, it is frequently the case that access may not be provided to content unless certain youth protection requirements have been complied with. In this context, “safety by design“ means that rather than dealing with any issues relating to youth media protection at a point when the product and its functions have already been more or less finalised, all such issues have been kept in mind and addressed sufficiently at the product development stage. This is the only way to avoid wasting considerable sums of money and to ensure that schedules are adhered to reliably.
The data required for youth protection can often be collected during the customer registration process, necessary communication steps can often be combined with emails or dialogues dealing with other topics (e.g. billing, product presentations), and the identification of the adult user can often be integrated into the ordering process. If everyone involved in the development process is familiar with the requirements in respect of youth protection, it will usually be possible to find solutions that are simpler, more elegant, more user-friendly and above all more economical than if it becomes necessary to incorporate a specific component into a completed system after the fact.
Ideally, therefore, the Youth Protection Officer will be closely involved in the development of a new product right from its initial conception. Likewise, the experts at the FSM will be ready to provide workshops to help the development teams look for suitable solutions. It frequently turns out that tailor-made solutions already exist for a specific task, thereby eliminating any need for costly new development work.
Imprint obligation
Both the German Telemedia Act (TMG) and the German Interstate Broadcasting Treaty (RStV) include regulations relating to the identification of Internet content providers. The obligation to supply certain information about providers is modelled on the “imprint obligation” under German press law. It derives from a desire to create an adequate level of transparency for Internet users, thereby even enabling them to bring legal action if need be. Since 2007, when the legislature ceased to distinguish between media services and teleservices, the provisions explaining what information telemedia providers must supply have been set out in Article 5 TMG and Article 55 RStV.
Conversely, Article 55 Para. 1 RStV implies that an imprint will not generally be required if the content of the website is exclusively personal or familial. For example, content is considered “personal” if the website operator takes precautions to ensure that it is either wholly inaccessible to unrelated third parties or not readily accessible to them. Naturally, this condition is met if access is protected with a password. A similar case would be one in which the website is programmed in such a way as not be listed by search engines and includes only “familial” content – that is, content tailored clearly and exclusively to suit the creator’s relatives and acquaintances. In the end, providers of content that would appear to be simply incapable of infringing upon the rights of third parties might reasonably be excluded from the obligations to provide information set out in Article 55 Para. 1 RStV.
a) Article 5 TMG
Service providers offering commercial telemedia – in general, for a fee – must publish an imprint. According to Article 2 Sentence 1 No. 1 TMG, a “service provider” is any natural or legal person who makes telemedia content, whether generated in-house or by third parties, available for use, or who provides access for usage purposes. The same applies to business partnerships who have the capability to acquire rights and enter into obligations (Article 2 Sentence 2 TMG). The term “commercial” is construed quite widely in this context. As such, it will for example be sufficient if a website operator’s content is (partly) financed by advertisements; even the widely used Google AdSense program is sufficient for these purposes. If the operator is acting in return for remuneration – that is, if he or she is receiving an economic consideration for the Internet content provided – then it is clear that he or she is acting in a commercial manner. This applies also in the case of a service that is typically only provided for money yet the provider in question is making the service in question available free of charge. However, a provider will not be deemed to be acting in a commercial manner if he or she is doing no more than making available a link to third-party content that is – whether typically or actually – subject to a fee, unless he or she is in turn receiving economic consideration for supplying this link.
Article 5 TMG sets out the information that must be included in the imprint of such a service provider. In particular, the following elements are required:
Name and address (Article 5 Para. 1 No. 1 TMG)
Natural persons must declare their first name and surname. Legal persons or business partnerships must declare their name and legal form, and also give the name of an authorised representative. Private individuals must give their home address, while commercial providers must give their business address. Under no circumstances will a post office box be sufficient, as it is not possible to serve writs to a P.O. box address in the event of legal disputes. A company with branch offices should, if in doubt, provide the address of the head office.
Contact details (Article 5 Para. 1 No. 2 TMG)
The imprint must also provide information permitting rapid electronic contact and direct communication with the service provider. Previously, it had been assumed that along with the email address, it was also compulsory to provide a German telephone number that did not simply lead to a mailbox or call-back system. However, following a submission by the German Federal Supreme Court, the European Court of Justice has determined (Judgment of 16 October 2008, Case C-298/07) that although service providers are under an obligation to provide those using their services with further information, in addition to their email address, before a contract is concluded making it possible to communicate with them directly and efficiently, it is not compulsory for this information to include a telephone number. It can also mean an electronic enquiry interface allowing the user to contact the provider, upon which the provider will reply via electronic post within a reasonable time – around 30 to 60 minutes in the case decided. The only exception is if the user asks the service provider to provide another, non-electronic means of communication because the user does not have (no longer has) access to the Internet. It may be conducive to smooth and efficient communication to provide a fax number, though this is not compulsory.
Supervisory body (Article 5 Para. 1 No. 3 TMG)
If the content is offered in relation to an activity that is subject to approval by the authorities (e.g. property developers and brokers in accordance with Article 34c German Trade Regulation Act (GewO)), details of the relevant supervisory body must be provided.
Register information (Article 5 Para. 1 No. 4 TMG)
If the provider appears in the commercial register, register of associations, partnership register or register of co-operatives, both the corresponding register number and the county court where the register is administered must be provided. Instead of this or in addition, if appropriate, the relevant foreign register must be provided. However, it is not mandatory to provide information about entries in the register of trades or the register of craftsmen.
Job-specific information (Article 5 Para. 1 No. 5 TMG)
The practice of some professions is subject to special provisions. Among those affected are lawyers, tax advisors, auditors, doctors, dentists and architects. These individuals, whose job designations are protected by law, are under special obligations to provide information and must, when identifying themselves as content providers, name the chamber to which they belong, declare the legal job designation and the German regional state in which it was awarded, indicate the relevant rules of professional conduct and provide information as to how these rules may be accessed.
VAT ID number (Article 5 Para. 1 No. 6 TMG)
If the provider has a value-added tax number in accordance with Article 27a of the German Value-Added Tax Act (UStG), this must also be declared. However, the tax number does not belong in the imprint.
Liquidation note (Article 5 Para. 1 No. 7 TMG)
If the provider is a public limited company, joint-stock company or limited liability company and is in the process of being wound down or in liquidation, this must be declared.
b) Article 55 Para. 2 RStV
Providers of telemedia containing journalistic and editorial content must have an imprint. This applies to content reproducing, either wholly or in part, texts or visual material from periodic print media. This provision concerns content of a type geared towards mass communication, which may be described as the “electronic press”. In the case of such content, in addition to the information set out under a) above, the provider must name a person responsible for the content, giving that person’s name and address.
c) Article 55 Para. 1 RStV
Providers of telemedia not exclusively serving personal or familial purposes must have an imprint. This covers telemedia that do not contain commercial offers. The distinguishing feature of personal or familial purposes is construed very narrowly. In principle, such a website will always be directed towards an undetermined audience, since typically, anyone will be able to find the site using a search engine. Even when dealing with pictures, videos or stories that are supposedly purely private, it cannot be ruled out that third parties may have a legitimate interest in the identity of the operator of the website and/or of the author of the material. Even a family video or a report on a holiday hotel may affect the rights of third parties, and therefore the option of contacting the provider must be available to these third parties. In cases covered by Article 55 Para. 1 RStV, the provider’s name and postal address must be provided. If the provider is a legal person or a business partnership, an authorised representative must also be named.
According to the law, the information supplied about the provider must be easy to recognise, directly accessible and available at all times. This means, among other things, that on every part of the website, the imprint must be no more than two clicks away. One way of fulfilling this requirement, for example, is for each individual page to include a link to the homepage, from which in turn the imprint is readily accessible. If the content includes subdomains and if the respective homepages of the various subdomains can in some circumstances be accessed directly by the user, then the link to the imprint should also be located on the homepage of each subdomain. The link to the imprint and the imprint itself may not be graphics. On the one hand, such graphics may – perhaps unwittingly – be prevented from displaying by the user or by installed software. On the other hand, because of a lack of accessibility for the disabled in some circumstances, this form of display may cause problems: while texts can be made accessible to blind or visually impaired users with the help of the appropriate hardware or software, this is almost impossible to achieve in the case of graphics. It will also be insufficient if users are unable to view the imprint without initially installing a plug-in. For easy accessibility, the link to the provider identification must also be identified in such a way as to ensure that the average user would expect to find the desired information by clicking it. The designations “Provider identification”, “Imprint” or “Contact” meet these requirements. There is some debate as to whether this also applies to “The company” or “About us”. Since the terms “imprint” and “provider identification” have by now gained general acceptance, the safe course would be to use one of these.
The State Court of Essen has held (Judgment of 19 September 2007, File no. 44 O79/07) that it is not sufficient to provide a form enabling the user to get in touch with the provider. The law requires more than just the possibility of establishing a connection – it also prescribes that information must be present as to how such contact may be made.
As a rule, the provider identification must be in the same language as the content itself. If the content is provided in more than one language, it may suit the users’ needs for the imprint also to be provided in all the languages used. It is important that the information about the provider be printable.
If a service provider is supplying commercial communication on the Internet, the requirements of Article 6 TMG must be observed. According to Article 2 Sentence 1 No. 5 TMG, the term “commercial communication” designates “every form of communication which serves the direct or indirect promotion of the sale of goods, services or the image of a company, another organisation or a natural person who works in trade, commerce, crafts or a professional service”. As such, the term covers all forms of advertising, sponsoring, sales promotion and public relations. However, according to the above-named provisions, information offering the user direct access to the activities of the companies, organisation or person in question – in particular, a domain name or an email address – does not count as commercial communication. Likewise, information relating to goods and services or the image of a company, organisation or person and provided independently, and in particular without any financial consideration, does not constitute commercial communication.
Article 6 TMG stipulates the following special obligations to provide information in relation to commercial communication:
First of all, it is expressly specified that commercial communications must be clearly recognisable as such. The natural or legal person in whose name the commercial communications are made must be clearly identifiable. Promotional offers such as discounts, premiums and gifts must be clearly identifiable as such, and the conditions to be met to qualify for them must be easily accessible and presented clearly and unambiguously. The same applies to prize contests and games of an advertising nature and the relevant conditions of participation. Also applicable are the provisions of the German Act Against Unfair Competition (UWG).
a) Breach of Article 5 TMG and/or Article 55 RStV
Such a breach constitutes an administrative offence punishable with a fine of up to 50,000 euros in accordance with Article 16 Para. 2 No. 1 and Para. 3 TMG and Article 49 Para. 1 Sentence 2 No. 7 and No. 8 Sentence 3 RStV. Depending on the applicable state law, a variety of official bodies are responsible for this: Baden-Württemberg: Regierungspräsidium Tübingen (Regional Council of Tübingen); Bavaria: Regierung von Mittelfranken (Government of Middle Franconia); Berlin and Brandenburg: Medienanstalt Berlin-Brandenburg (Media Authority of Berlin-Brandenburg); Bremen: Bremische Landesmedienanstalt (State Media Authority of Bremen); Hessen: Hessische Landesanstalt für privaten Rundfunk und neue Medien (Hessian State Institute for Private Radio and New Media); Mecklenburg-Western Pomerania: Innenministerium des Landes Mecklenburg-Vorpommern (Ministry of the Interior of the State of Mecklenburg-Western Pomerania); Lower Saxony: Niedersächsisches Landesamt für Verbraucherschutz und Lebensmittelsicherheit (Lower Saxony State Office for Consumer Protection and Food Safety); North Rhine-Westphalia: Bezirksregierung Düsseldorf (District Government of Dusseldorf); Rhineland-Palatinate: Aufsichts- und Dienstleistungsdirektion (Supervision and Service Administratory Body); Saarland: Landesmedienanstalt Saarland (State Media Authority of Saarland); Saxony: Regierungspräsidium Dresden (Regional Council of Dresden); Saxony-Anhalt: Medienanstalt Sachsen-Anhalt (Media Authority of Saxony-Anhalt); Thuringia: Thüringer Landesmedienanstalt (State Media Authority of Thuringia) (source: Lorenz K&R 2008, pp. 340, 344 et seq. with reference to the respective state regulations).
b) Breach of the provisions of the UWG
Failure to comply with the obligation to provide information constitutes a breach of a consumer protection norm and is prohibited under Articles 3, 4 No. 11 UWG, which can lead to injunctive relief and claims for damages. Breaches resulting in only “insignificant” harm to competitors are exempted from unfair competition law. The Higher Regional Court of Hamburg (Decision of 3 April 2007, File no. 3 W 64/07) held that the absence of information about the supervisory body and commercial register number was not significant, at least in the case under consideration, in which the provider was not deliberately trying to deny users access by omitting this information. However, in view of the Unfair Commercial Practices Directive (2005/29/EC: UCP Directive) – which has not, to date, been implemented in German national law – this may be judged differently. Since the deadline for implementation of this Directive expired on 12 July 2007, the German provisions must be construed in accordance with it. Article 7 Para. 5 of the UCP Directive sets out that the requirements for information under European Community law in respect of commercial communication are always material. In a case decided by the Higher Regional Court of Hamm (Decision of 13 March 2008, File no. I-4 U 192/07), no information had been provided relating to the commercial register and the register number. But this information is required under Article 5 TMG, which in turn implemented European law, and thus a breach of this rule is not insignificant. This provision in the UCP Directive is therefore also included in Article 5a Para. 4 UWG-E (draft law amending the UWG).
c) Breach of Article 823 Para. 2 of the German Civil Code (BGB) in conjunction with Article 5 TMG and Article 55 RStV
Both Article 5 TMG and Article 55 RStV are protective legislation for the purposes of Article 823 Para. 2 BGB. If a breach of the obligation to provide information causes harm to another party, the service provider may also in some circumstances be liable for damages under Article 823 Para. 2 BGB.
Every warning should be taken seriously and subjected to expert review. Above all, attention should be paid both to the formulation of the cease-and-desist declaration and to the cost calculation. If the warning is unwarranted, it should be resisted. People who find themselves in this situation can leave it to the party issuing the warning to move things forward and can expressly refuse the demand to sign the cease-and-desist declaration with penalty clause, provided they are sure that they have not breached the relevant provisions. They should react in any event, as ignoring a warning can render them liable to bear the costs, irrespective of whether or not the party issuing the warning is entitled to issue a cease-and-desist declaration with penalty clause.
Children as a target group
The use of digital media within the family is oriented around an interest in the use of professional, informative and entertaining content, but also has special requirements as regards the composition of content and specific child- and safety-related settings. The general principle is that in addition to the evaluating and rating of one’s own content and designing technical measures geared specifically towards youth protection, parents and children themselves expect providers to offer intelligent, target group-specific content that meets their individual requirements. Examples of this include the creation of profiles for children and adults, options for parents to establish special settings for children – time-related access to content, for example – and the prevention of access to content defined by the parents.
This relates not only to entertaining and informative content but also to services that enable communication. Even if the right to “informational self-determination” prevents parents from any concrete intervention in direct personal communication, the service provider is still under an obligation to provide maximum transparency as regards their General Terms and Conditions of Use. Sensible technical means should also be employed, such as bad word lists, recognition and deletion of telephone numbers and addresses, and essential reporting and blocking functions. The issue of data protection should also be dealt with in a clear, readily comprehensible manner. Here, special informational pages for parents have proven especially valuable when dealing with content for children and families. So for that matter has informative content for children, which might take the form of videos, learning games or simply written texts. Offers of further advice and information will heighten the level of trust placed in a given provider and the content it provides.
A major issue here is that children also have special requirements in respect of the structure and user guidance of content – for example, with regard to navigation, graphic design and display options. Likewise, specific factors need to be considered in relation to advertising content or the embedding of online behavioural advertising – a clear separation between content and advertising, for example, or the display format used or how the advertising offer is identified. For these purposes, providers have access to a wide range of lists of criteria and information from sources like Erfurter Netcode or fragFINN.de, a German search engine for children. The FSM also offers a broad spectrum of consulting services, designed to help either during the preliminary stages of content preparation or when revising the content or technology of an Internet offering.
Service providers have a particular social responsibility in relation to children and adolescents. As well as designing and making available digital spaces for sharing and participating in, the target group should also be made more aware of potential challenges and dangers and given the ability to make use of suitable countermeasures and preventative measures. This makes it all the more important that in addition to supplying information tailored to suit the target group, media education activities involving children and adolescents should be supported – by promoting special institutes, for example, creating special content for schools or holding competitions. The FSM has extensive experience in the conception, organisation and implementation of such activities.