ICT contributes more to wealth creation in Germany than the traditional technologies of automotive and mechanical engineering. With an annual business volume of approximately €221 billion in 2014, the ICT sector is one of the largest economic sectors in Germany. Constantly growing, it already employs more than 1 million people in Germany.2
ICT has become a driving force in Germany’s economy, contributing to 4.6 per cent of the national gross value added in 2014.3
By focusing on key issues such as convergence, mobility, data protection and internet security, the government has tried to advance the information society through targeted policies to modernise legal and technical frameworks and to promote research and market-oriented development over the past decade. As part of this overall effort, the federal government has adopted specific programmes and strategies tailored to the needs of the ICT sector. On 20 August 2014, it concluded the Digital Agenda 2014–2017, focusing on a strategy for the digital future of Germany,4 which was extended by the ‘Digital Strategy 2025’5 this year. There are also plans to ensure nationwide broadband access with transmission rates of at least 50Mbit/s in rural areas until 2018 through the Netalliance Digital Germany initiative.6 The Digital Agenda further includes themes such as digital security and the Strengthening Industry 4.0 initiative. In addition, data protection and liability within networks are issues in both policy and court decisions.
To support the process of digitalisation, the federal government decided in the Digital Strategy 2025 to establish a ‘Digital Agency’ as a competence centre.7
The question as to whether media convergence as a technological phenomenon will inevitably lead to a convergence in media and telecommunications law is still the subject of lively debate in the political and academic fields.
i The regulators
Due to the federal policy of considering media as a ‘fourth division’ of power and a tendency to deregulate and decentralise, there is no single media authority in Germany. All television and radio broadcasters are subject to state control. Public service broadcasters are supervised by internal committees: content-related supervision is carried out by the respective broadcasting council. The respective administrative board, which is appointed by the broadcasting council, supervises all management decisions made by the director.
Private broadcasters, in contrast, are subject to external supervision. The competent authority is the respective state media authority of each German state,8 whose responsibilities – apart from supervision – include granting authorisations and assigning transmission capacities.9
They also have a wide range of powers to supervise broadcasters with, such as warnings, prohibitions, or withdrawals and revocations of licences.10
The state media authorities work together in a committee (ALM) concerning licensing and supervision as well as in the development of private broadcasting in fundamental questions, primarily with a view to the equal treatment of private TV and radio broadcasters. The goals and remits of this cooperation are laid down in the ‘Contract on the Cooperation of the Media Authorities in the Federal Republic of Germany’ of 20 November 2013. The focus is on promoting programming diversity and thus freedom of information and opinion in private television and radio. This involves, in addition to controlling media power by means of licensing limitations and licence monitoring, the promotion of media literacy among viewers and listeners.
The state media authorities are also responsible for the compliance of private TV and radio broadcasts with basic programming principles. They supervise the observance of regulations on advertising limitations, the protection of minors and the protection of pluralism. Their tasks are carried out by several committees.
The main regulator in the area of telecommunications is the federal legislator due to his competence regarding the postal system and telecommunications. Important federal laws in the field of telecommunications are the German Telecommunications Act (TKG) and, for telemedia services, the German Telemedia Act (TMG). The national legislator is strongly influenced by directives of the European Union. Furthermore, EU regulations, as well as decisions of the European Court of Justice (CJEU) and the Federal Court of Justice (FCJ), have a strong impact on the law in the ICT sector.
The compliance of telecommunications companies with the Telecommunications Act is monitored by the Federal Network Agency (BNetzA). The Agency ensures the liberalisation and deregulation of the telecommunications, postal and energy markets through non-discriminatory access and efficient use-of-system charges. It is responsible, inter alia, for securing the efficient and interference-free use of frequencies and protecting public safety interests. Apart from regulation, the BNetzA performs a number of other tasks related to the telecommunications market such as administering frequencies and telephone numbers, detecting radio interference, and offering advice to citizens on new regulations and their implications.
ii Regulated activities
Private and public television broadcasting in Germany is governed by the Interstate Broadcasting Treaty (RStV), which outlines the side-by-side existence of public and private broadcasting. The provisions of the RStV have been modified 18 times since it came into force in 1987. The 18th amendment to the RStV came into effect on 1 January 2016.11 Further legal sources, at federal level, are various other interstate treaties, such as the Interstate Treaty on the Protection of Minors in Broadcasting and in Telemedia (JMStV), and at state level, individual state media laws.
All private broadcasters require a licence for the purpose of providing broadcasting services (Section 20(1) RStV). According to Section 20(2) of the RStV, the provider of an electronic information and communications service – if it is categorised as a broadcast – requires a licence as well. If the competent state media authority determines that this is the case, the provider, after being notified of this classification, must at his or her choice either submit a licence application within three months or change the service in a way that it is no longer qualified as a broadcast. If in doubt about the classification of its service, a provider may request a certificate of non-objection stating that the service does not qualify as a broadcast.
When providing telecommunication or network services, the operators have to adhere to the German Telecommunications Act (TKG). The law has developed in accordance with European regulations and was implemented in 2004. Since then, further changes have been made (e.g., on data retention). The last amendment was made with the Law of 26 July 2016 on improved exchange of information to fight against international terrorism.12
German telecommunications law does not generally oblige telecommunications services or network providers to apply for a licence; however, in accordance with the Access Directive (2002/19/EC), it requires certain providers such as public telecommunications network providers or providers of public telecommunications services to notify the BNetzA when they start to provide the services or the network.13 A notification is not necessary for non-public telecommunications networks or services. It is, however, not unequivocal in each case which services are exempt from a notification. Operators of certain WLAN hotspots are arguably not under a duty to notify.14
iii Ownership and market access restrictions
Generally, German law makes no distinction between Germans and foreign nationals regarding investments or the establishment of companies. However, it provides for certain restrictions on foreign capital and investments. The German Federal Ministry of Economics and Technology (BMWi) may prohibit certain acts that might interfere with German or foreign interests. Inter alia, these interests include the fundamental security of Germany or the prevention of the acquisition of a company or parts of a company that are vital to the security of Germany according to Section 4 of the Foreign Trade Law (AWG).15
Due to the security-related aspects of telecommunications services, the TKG imposes certain obligations on telecommunications service providers and network operators. Agreements relating to telecommunications services and network access can be negotiated freely (e.g., access, payment terms, currency and billing) with providers and operators, unless one party has significant market power (in which case, price terms and access obligations are regulated by the TKG; a provider with significant market power is not able to choose its customers freely).16
The RStV contains special ownership control provisions17 that are designed to achieve media-plurality objectives. These rules apply in addition to the general merger control regime under German and European competition law and are administered by the Commission on Concentration in the Media.
The RStV further states in Section 11d. (2) No. 3 RStV (the Broadcasting Treaty) that public broadcasting companies are not entitled to offer non-broadcasting related print media. Criteria to evaluate the contents are to what extent the offer meets a democratic, social and cultural need of society, whether the offer will contribute to journalistic competition and the financial expenses. Since 2012 proceedings concerning the ‘Tagesschau-App’ have been ongoing. Publishing houses claimed that the Tagesschau-App provides a high amount of non-broadcasting related textual contents and therefore has a competition-distorting effect in terms of Section 11d (2) No. 3 RStV in conjunction with Section 4 No. 11 UWG (previous version). On 30 April 2015 the FCJ held that not only the concept of the app has to comply with the Broadcasting Treaty, but also the specific content, which is subject to full judicial review.18 If broadcasting and non-broadcasting elements are implemented, it is necessary to determine the focus. The Higher Regional Court of Cologne now has to answer the question at what point content will be considered as similar to print media and is therefore anticompetitive.
iv Transfers of control and assignments
The German merger control provisions are enforced by the Federal Cartel Office (BKartA) in Bonn. The current legislation can be found in Chapter VII of the Act Against Restraints of Competition (GWB), which deals with the control of concentrations affecting the German market. In addition, Section 101 et seq. of the Treaty on the Functioning of the EU and the EC Merger Regulation19 apply.
The filing of merger notifications in Germany is mandatory if the turnover thresholds according to Section 35(1) of the GWB are met and none of the de minimis exemptions20 applies. The minimum content of information regarding the transaction to be given in the notification is listed in Section 39 of the GWB. If the statutory conditions for prohibition are fulfilled, the BKartA will prohibit the merger. It also has the power to order the divestment or the disposal of certain assets where a merger has already been completed.
Mergers that are subject to merger control may not be completed before either the BKartA has cleared the transaction or the relevant waiting periods of one month (first phase) or four months (first and second phases together) after submission of a complete notification have expired without the BKartA having prohibited the transaction.
There are no legal deadlines for a notification of a concentration, but notifiable concentrations must not be completed before clearance. Therefore, it is advisable to submit a notification well before the envisaged completion date. It is possible to file a pre-merger notification even prior to the signing of the transactional documents. Furthermore, parties should not forget to submit the mandatory post-completion notice to the BKartA, which needs to be filed without ‘undue delay’ following completion of the transaction.21 In principle, all parties involved in a merger are responsible for filing. In the case of an acquisition of shares or assets, the vendor must make a notification as well.
Submission of an incorrect or incomplete filing, failure to submit a post-merger completion notice, or cases of incomplete, incorrect or late notices constitute administrative offences and can lead to a fine of up to €100,000.
III TELECOMMUNICATIONS AND INTERNET ACCESS
i Internet and internet protocol regulation
All IP-based services are regulated under the TMG, adopted on 18 January 2007 and last amended on 21 July 2016. Commercial rules for telemedia are covered in the TMG, while aspects relating to journalistic content are regulated in a specific section of the RStV22 and the JMStV. Telemedia services are permission-free and generally do not need to be registered.
Telecommunications services and telemedia services are mutually exclusive; therefore, telecommunications are excluded from the scope of the TMG. In practice, the distinction is often difficult to make. Moreover, the regulatory structure of telemedia services oscillates somewhere between the unregulated press and the framed supervision the television and radio broadcasters are under. The state media authorities are also regulators of telemedia services.
ii Universal service
Germany has good broadband penetration that compares well against international levels. Based on the currently accepted broadband definition of at least 1Mbit/s, penetration amounts to approximately 99.9 per cent of German households. More than 70 per cent of German households currently have broadband access with transmission rates of at least 50Mbit/s. While the development of LTE (3.9G, often referred to as 4G) only began in 2010, 96 per cent of German households already had LTE access in 2015.23 In November 2014, the first mobile provider supplied LTE Advanced (4G, up to 300 Mbit/s) in a few areas, followed by another provider in the second quarter of 2015. By the end of 2016 about 30 to 50 larger cities will be supplied with LTE Advanced.24
The federal government intends to give a further boost to the development of the broadband network by, for example, capitalising on synergies in the construction of infrastructure, using the ‘digital dividend’25 and formulating regulations that foster investments. Various initiatives exist at the federal, state and local level: especially worth mentioning are the Digital Agenda 2014–2017, the National IT Summit,26 the German Broadband Initiative27 and the Netalliance Digital Germany initiative, whose objective is to ensure nationwide broadband access with transmission rates of at least 50Mbit/s until 2018.28
Moreover, the federal government encourages projects to pursue industry solutions. For example, small and medium-sized telecommunications companies can borrow funds on privileged terms and with adequate risk pricing through the corporate financing programme of Germany’s state-owned development bank.29
In any event, the existing federal and state loan guarantee scheme is generally available to companies in the telecommunications sector to prevent economically desirable broadband projects from failing due to a lack of suitable finance. With these programmes, the federal government and federal states assume up to 90 per cent of the risk of default for project financing.30
‘White areas’ (i.e., those rural areas in Germany that still lack high-speed internet connections) are shrinking rapidly, partly due to ongoing investment by the network operators. The reduction has also largely been achieved thanks to the hosting of action programmes offered by the federal states, local authority broadband initiatives in those areas, and the nationwide activities of associations such as the German Association of Internet Enterprises (www.eco.de), the Association of the Providers of Telecommunications and Value-Added Services (www.vatm.de) and the Association of Towns and Municipalities (www.dstgb.de).
Furthermore, the TKG amendment of 3 May 2012 contained special provisions to foster the extension of broadband networks.31 The use of mobile networks is boosted by digitisation in other areas such as TV and radio. As regards TV, digital satellite reception and cable continue to expand, while analogue transmission is no longer possible. In 2015, 10 per cent of German households received digital radio (DAB+), and the digitisation of fixed telephone services is currently being realised and will be finished by 2018.32
The government’s policy is to actively encourage people to use the internet and to help them acquire skills in the areas of new media by, inter alia, providing governmental services such as e-government and e-justice electronically, and implementing the De-Mail Act in 2011.33 Developments are also made with respect to transport and health-care telematics and the digitisation of cultural assets.
iii Restrictions on the provision of service
The BNetzA is responsible for ensuring broadband network owners comply with the TKG.34 Whereas, until recently, the subject of net neutrality appeared to be of no major concern to the German and the European legislators – the German legislator in particular trusted that existing competition would ensure neutral data transmission on the internet and other new media – the subject has now gained considerable attention. The amendment of 3 May 2012 of the TKG introduced the concept of net neutrality.35 The federal government is authorised to draft a regulation that sets out the requirements for non-discriminatory data transmissions and non-discriminatory access to contents and applications in order to preclude an arbitrary deterioration of services and an unjustified deceleration of data traffic.36 Two draft regulations proposed by the BMWi have not yet been passed. On a European level, the European Commission published its legislative plans for net neutrality on 12 September 2013 (Connected Continent legislative package).37 Under the Connected Continent legislative package, companies would, however, be allowed to differentiate their offers (e.g., by speed) and compete on enhanced quality of service. The proposal states that ‘there is nothing unusual about this – since postal services (express mail) and airlines (economy/business class) have done this likewise for decades’. While the European Parliament has made efforts to establish strict rules guaranteeing net neutrality, the European Council’s position tends to be more open to exempt ‘special services’ (i.e., services that require big data volumes, for example, in the fields of automatic driving and internet TV) from net neutrality. In a trilogue between the European Commission, Council and Parliament, the parties found a compromise on 30 June 2015 that, however, still must be approved by Parliament and Council before it can be transposed into a directive.38 The BMWi and the European Commission both see the need for rules regarding net neutrality.39 The Commission further states that special services claiming big data volume may be provided as long as they do not harm open internet access. Zero rating (i.e., services that do not count towards an agreed data volume) is not mentioned explicitly, but will be allowed and monitored by national regulatory authorities.
Following the EU Directive concerning Unfair Business-to-Consumer Commercial Practices,40 the legislator enacted extensive provisions regarding unsolicited calls, emails and text messages in the Act against Unfair Competition (UWG). Making first contact with consumers by such measures requires the explicit approval of the consumer. Fines can be as high as €300,000.41
After roaming charges have been reduced significantly in recent years, the European Parliament passed a regulation on 27 October 2016 abolishing all roaming charges for calls, SMS and data use in the EU area starting from 15 June 2017.42 Furthermore, the regulation could affect net neutrality in terms of equality of data transmission speed depending on the provider. The regulation states certain exceptions of the principle of data equality. Therefore, critics assume that financially strong providers may buy a ‘fast track internet’, but all others could be treated second-class. Although the regulation implies that traffic management measures must not be discriminative, certain categories of service (e.g., video streaming) can be privileged, if an overload of traffic is anticipated.43 The vague wording implies discretion to favour certain services, which could negatively affect net neutrality. Thus, the German federal government passed a bill on 3 August 2016 imposing fines up to €500,000 against providers infringing net neutrality by applying different priorities while transmitting data of different services.44
On 14 August 2009, the Parliament passed a new law on the federal authority for IT security (BSIG),45 which came into force on 20 August 2009. A major amendment has been made by the law on IT Security from 25 July 2015, aiming at an improvement of IT security of critical infrastructure. The latest amendment has been made by the law on modernising the scale of fees and charges, becoming effective on 23 July 2016. Parts of the BSIG strengthen the position of the Federal Office for Information Security (BSI) as described below, while other sections impose obligations on private entities maintaining critical infrastructure that are relevant for common welfare.
The BSI is a superior federal authority overseen by the Federal Ministry of the Interior with wide-ranging tasks of threat prevention in IT systems. According to Section 3 of the Act, its tasks include developing criteria, procedures and tools to test and evaluate the security of information technology systems and components. The BSI investigates security risks associated with the use of IT and develops preventive security measures. Therefore, the BSI is the central reporting office for disruptions and attacks on IT systems in private enterprises, using the information submitted by private entities to evaluate them and summarising them in reports that are then provided to the enterprises. The work further includes IT security testing and assessment of IT systems, including their development, in cooperation with the industry. The BSI now also functions as the central authority on IT issues in relation to foreign institutions.
The BSIG especially imposes obligations on private enterprises to safeguard IT security, such as the duty to report disturbances in IT systems to the BSI. Private enterprises that are subject to these obligations are, in particular, operators of critical infrastructures in the energy, IT, telecommunication, transport, health, water, nutrition, finance and securities sectors. Within two years of the BSIG coming into force, they must upgrade their IT systems to make them state-of-the-art, and from then on must prove their compliance with the above-mentioned obligations once every two years through security audits or certificates.46 In the future, they will also have to establish a contact centre to exchange information with the BSI.47 Operators of telecommunication services now have the duty to inform their customers of any IT security risk, and to provide information on the solution for these problems.48 Telemedia services operators must now ensure that their users are protected from attacks on IT security through state-of-the-art technical and organisational means.49
On the EU level over the past few years, the European Commission has adopted several measures to prepare Europe against cyber incidents. The Directive on Security of Network and Information Systems (the NIS Directive) has been adopted by the European Parliament on 6 July 2016 and is the first EU-wide legislation on cybersecurity.50 It includes measures to ensure a high common level of network and information security across the EU. Moreover, the EU adopted the eIDAS Regulation in 2014.51 It aims to consolidate and expand the already existing directive on online signatures, and supplements the uniform legal framework for electronic security services. The provisions became valid on 1 July 2016.
Privacy and consumer protection
In order to better protect the privacy of individuals against intrusions of modern data processing, in a 1983 decision, the Federal Constitutional Court (BVerfG) developed the notion of an individual’s right to decide how his or her data are to be used.52 This right means that it is up to each individual to determine what and how much personal information he or she would like to reveal. This right to privacy is an element of the general right to free development of one’s personality, which is protected under Article 2(1) in conjunction with Article 1(1) of the German Constitution. The collection, processing and use of personal data are governed by the German Federal Data Protection Act (BDSG) and state laws, supplemented by the TMG. The BDSG applies to federal public authorities and to non-public entities, such as corporations.
Every private organisation is generally required to ask a person’s consent if it would like to collect, store or process personal data, unless such collection, storage or processing is permitted under a specific section of the BDSG or any other law. Such exception applies, for example, if the data subject is already aware of such collection or storage from other sources, if the data originate from publicly accessible sources, or if the data are necessary for the performance of a contract with the relevant person. If a body responsible for processing data harms a data subject by unlawfully or incorrectly collecting, processing or using such person’s data, and in doing so failed to act with due care, that body is liable for damages.
Individuals may request information from public and private organisations about stored personal data and the reason for storing these data. They may also claim the deletion or blocking of data if unlawfully stored or no longer needed.
Data protection is supervised by BFDI, the Federal Data Protection Officer, whose position was strengthened by a Law of 25 February 2015 amending the BDSG.53
Lately, the Commission has been planning to modernise and harmonise the data protection framework, inter alia, with the recent agreement by the European Parliament and Council on the new General Data Protection Regulation, strengthening individual rights and meeting challenges of globalisation and new technologies. The Commission started a public consultation in April 2016 to develop a new legislative proposal on ePrivacy by the end of 2016 addressing consistency between the ePrivacy rules and the future General Data Protection Regulation as well as enhancing security and confidentiality of communications and addressing inconsistent enforcement and fragmentation.54 Furthermore, on 14 April 2016 the European Parliament passed the EU Data Protection Regulation.55 The project has been supported by the European Network and Information Security Agency and supports an independent decision about the use of personal data by consumers to introduce a consistent and high standard of data protection.
Data retention for the purpose of inner security
Since the BVerfG rendered data retention as intended under the TKG of 2007 to be unlawful,56 the question of whether and to what extent data retention is in line with national and European law has been discussed widely. The CJEU decided similarly that European Directive 2006/24/EC setting the framework for data retention is invalid.57 After two drafts of a data retention act in 2011 and 2013 were not adopted, the Committee on Legal Affairs of the German Parliament presented a recommended resolution58 based on drafts by parliamentary groups and the federal government containing less extensive possibilities to save data for criminal investigations. The German parliament adopted the law on 16 October 2015 and it came into force on 18 December 2016.59 The introduced obligation for data retention has to be met by 1 July 2017. Contrary to media reports, the European Commission announced that it will not take any actions against Germany enacting such law.60
In this context, the BGH nevertheless held that service providers in Germany may store information on IP addresses used by their customers for a period of seven days in order to enable security measures against cybercrime.61
Protection of children
Youth protection provisions applicable to the media can primarily be found in the Law for the Protection of the Youth (JuSchG) and the JMStV, a reform of which is planned.
The Federal Department for Media Harmful to Young Persons (BPjM) is the responsible authority for protecting children and adolescents in Germany from media that might contain harmful or dangerous contents under the JuSchG. The types of media monitored include, inter alia, videos, books, computer games and websites. The BPjM can act only at the request of other administrative institutions, and not on its own initiative. Once an official request has been filed, the BPjM is obliged to process the complaint. Possible measures in the event of a violation are a prohibition on publication, blocking the provider and fines up to €500,000.
The JMStV forms the legal basis for assessing content distributed in broadcast or media services. The compliance of broadcast and media services with the JMStV is controlled by the Commission for the Protection of Minors in the Media (KJM). The JMStV distinguishes between illegal content and content that impairs the development of minors: illegal content must not be distributed via broadcasting or media services. Content that is rated as impairing the development of minors (e.g., a severe depiction of violence) is subject to access restrictions. In the event of a breach of the provisions of the JMStV, the KJM decides on the sanctions to be imposed against the respective media content provider. The measures depend on the severity of the breach, and can range from a complaint against the content provider to fines; the issue may even be handed over to the State Prosecutor.
As of 27 January 2015, new offences to prevent child pornography were implemented under the German Criminal Code (StGB). ‘Cyber-grooming’ (i.e., exerting influence over children via information or telecommunication technologies to prepare them for acts of sexual abuse) is now a criminal offence (Section 176 (4) StGB).
IV SPECTRUM POLICY
Originally, frequencies in Germany were used – with a few exceptions – by Germany’s federal mail service (Deutsche Bundespost). Since 1996, however, the markets for network and telephony have been fully liberalised.
Today’s development goes hand in hand with the population’s increasing demand for mobile communication services. Not least because of the new technical possibilities opened up by, inter alia, UMTS and LTE, demand for more bandwidth will continue to rise in line with increasing mobility. Growing demand and technological innovation both call for the availability of an adequate frequency spectrum. The development does not end here; the next generation of mobile network – 5G – is already being developed. In addition to the University of Technology Dresden working on a 5G project,62 the government is also focusing on 5G as being part of the Digital Agenda, and is endeavouring to bring Industry 4.0 and the ‘Internet of Things’ (i.e., networks of physical objects with embedded computer technologies) to the next level.
Because of its type of use and the current state of technology, the frequency spectrum available is still considered a scarce resource. The BNetzA is the regulatory authority for the use of frequencies, the allocation of which requires forward-looking, non-discriminatory and proactive frequency regulation. ‘Digital dividend’ is the term frequently used whenever digitisation results in the freeing up of spectrum.
ii Flexible spectrum use
The TKG provides the framework for a flexible use of allocated spectra. Owners of an allocated frequency have the possibility to trade their frequency, and to let third parties use their frequency, for example, by way of a lease, co-use or in the form of a joint use via ‘spectrum pooling’. It is necessary, however, that the BNetzA releases such forms of use for flexible use and specifies the corresponding conditions.67
iii Broadband expansion through spectrum auctions
A few rural areas in Germany still lack high-speed internet connections. The federal government plans to invest €2.7 billion into expanding broadband networks, of which €1.33 billion was earned through the last auction of mobile spectra.68 However, it also concentrates on the development of the broadband network towards a fibre-optic network with estimated costs of approximately €100 billion by 2025.69
If the BNetzA finds that the number of available spectra is not sufficient for their allocation, it can order that the allocation of frequencies be preceded by a procurement procedure.70 Often, the procurement is held in the form of a spectrum auction, which is organised by the BNetzA.71
On 19 June 2015, the latest auction of mobile broadband spectrum ended following 181 bidding rounds within 16 days. After the merger of Telefónica and E-Plus in the summer of 2014, only three operators (Telefónica, Telekom and Vodafone) were allowed to bid: no new entrants were admitted. The auction of frequencies in the fields of 700MHz, 900MHz, 1,500MHz and 1,800MHz aggregated a total amount of about €5 billion. The BNetzA imposed rather strict requirements on the auction. For example, the right to use frequency includes, inter alia, an obligation to provide internet access to 98 per cent of the population.72
The merger of Telefónica and E-Plus may have an impact on the further development of market shares in this field, as the Commission imposed certain restrictions on the new company, such as releasing frequencies at 900MHz and 1,800MHz until the end of 2015.73
The BNetzA published a ‘Frequency Compass’ regarding the provision of the 2GHz (UMTS) and 3.5GHz frequencies as of 2021 in an open, transparent and non-discriminatory procedure.74
V THE YEAR IN REVIEW75
Regarding the ‘right to be forgotten’ (i.e., the right of individuals to have their data deleted from internet websites and search machines where they are no longer needed for legitimate purposes or where they violate personality rights), the supervision of internet companies such as Google or Facebook and the protection of personal data in online communication are subjects of lively debate among the German public and politicians. Since the CJEU judgment of 2014 in Google v. Spain,76 individuals are entitled to apply for a deletion of personal search entries against Google if their individual interest in hiding information exceeds the public information interest. However, Google still refuses to delete search entries globally, and confines the deletion to its European websites such as google.de. Therefore, links that were requested to be deleted will remain accessible on google.com. This approach is subject to a proceeding by CNIL, the French Data Protection Authority.77 Moreover, the BGH decided that – after being notified of a violation – Google is under an obligation to prevent violations of personality rights caused by the search machine’s auto-complete function.78
In the field of host provider liability, the BGH has confirmed its position that a host provider is under no general duty to proactively prevent violations of the intellectual property rights or personality rights of its users, and can only be forced to desist from publishing third-party content after it has been notified of the violation.79 In addition, the German courts do not grant damages unless the violation has been provoked or appropriated by the host. The Grand Chamber of the European Court of Human Rights, however, upheld its 2014 decision in Delfi v. Estonia that a violation of basic personality rights leads to a liability of the forum operator for damages if it did not arrange for sufficient spot checks of the available content.80
In a decision involving the file-hosting service Rapidshare,81 the BGH found that a file-hosting service is obliged to conduct a comprehensive periodic monitoring of collections of links that point to its service if the service encourages copyright infringements to a considerable extent through its business model. The liability of such file and share-hosting services could be further enhanced through a new draft bill of the federal government, which – since 15 June 2015 – has been involved in the EU notification procedure and intends to change some relevant sections of the TMG.82 The draft contains a special provision concerning internet services that are prone to infringements of intellectual property rights, according to which those services are exempted from the existing liability privileges, and providers will therefore be liable even without actual knowledge that rights are infringed on their platform.
As far as streaming of content by private users is concerned, the CJEU held in its decision in the case of Newspaper Licensing Agency v. Public Relations Consultants Association that the caching of copyright content does not violate intellectual property rights (at least if its source is legal).83 Thus, streaming of copyright-protected content – which had been a grey area from a legal point of view in Germany – can be assessed as lawful following the CJEU judgment.
Another widely discussed topic is the liability of access providers, particularly providers of WLAN hotspots. Up to now, private and commercial access providers could have been liable for infringements through their WLAN if they did not take measures to control their users in cases where there were clear indications of infringements.84
On 2 June 2016 the German parliament passed a law based on a draft of the federal government of the TMG strengthening the position of access providers. They are not liable if they provide ‘reasonable security measures’ and request that their users agree that they will not use the WLAN access to commit violations of law. This new provision of the TMG aims to enhance the dissemination of public WLAN hotspots, which are still not very common in Germany.85 Therefore, the law institutes a privilege of liability for anybody offering WLAN in terms of criminal, administrative and civil liability.86 The provision affects large commercial providers as well as smaller or private ones. Moreover, the liability of access providers has been subject of a highly anticipated proceeding submitted to the CJEU by the District Court of Munich in September 2014.87 Advocate General at the European Court of Justice, M Szpunar, opined that businesses offering a public WLAN in the course of their business can be regarded as providers and therefore benefit from the liability privilege under the relevant directive.88 Thus, the provision in German law is criticised for not explicitly prohibiting to reimburse legal costs of a warning.89 Accordingly legal uncertainty remains at this point. Furthermore, in November 2015, the FCJ decided that Deutsche Telekom as an internet service provider is obliged to block websites with illegal content, only if the right holder has previously taken all reasonable measures against the infringing party. Only if those measures are unsuccessful or have no chance of success, a claim against the provider can be admitted.90
In recent years, IT contract law has been influenced in particular by the contractual framework conditions for cloud computing, especially regarding questions of data protection and copyright law. Although trust in cloud computing services has been shaken by data theft and hacking attacks, experts still predict high annual growth rates for this market. The federal government has recognised this potential and, after launching the ‘trusted clouds’ technology programme in cooperation with the private sector in 2011, has presented a study on standardisation in the fields of cloud computing.91 The trusted clouds programme concluded in 2015. For the first time, the majority of German companies made use of cloud computing.92 Recently, the federal government has also outlined a pilot project on data privacy certification concerning contract data processing in clouds.93 As in previous years, the contractual framework for IT outsourcing has also been an important subject.94
The acquisition of HERE, the Nokia map service, by the automobile manufacturers BMW, Audi and Mercedes in the summer of 2015 with the aim of using the HERE data for car assistance systems, show that the Internet of Things and machine-to-machine communications (i.e., technologies that allow systems to communicate with other devices) play an ever-increasing role in the German industry.95
A further boost for the economy is the availability of data on subjects such as geography, climate, environment, registries or law. Therefore, on 17 July 2015 a law changing the Federal Act on the Re-Use of Public Sector Information entered into force. This Act, which implements an EU directive, will oblige public authorities to grant use of their data as ‘open data’ to the public.96
Parts of the German Civil Code (BGB) were revised in 2014 by the law implementing the EU Consumer Rights Directive97 that especially impacts operators of online shops. The comprehensive changes include, inter alia, an interdiction to preset checkmarks for additional fee-based services, and a prohibition on claiming lump-sum fees that do not actually arise from the use of credit cards. Further, the charging of additional costs for service hotlines is prohibited. The former possibility of revoking a contract several years after its conclusion on the ground that the buyer had not been correctly instructed on the right of withdrawal – which, broadly speaking, is the right to revoke an online contract within 14 days after conclusion or delivery of the purchased good without cause – is not provided for in German law anymore. In contrast to the previous legal situation, the seller no longer has to bear the costs for the return of the purchased goods in cases of withdrawal; rather, these costs can be imposed on the consumer. In addition to several other modifications regarding the duty to instruct the consumer, these obligations have been facilitated regarding mobile commerce. In 2012, the ‘button law’ was implemented in the BGB to protect consumers from cost traps in electronic commerce. The consumer must be clearly informed by a separate button stating ‘fee-based order’ and confirm that he or she would like to place the order (Section 312j(3) BGB).
In a lawsuit against the state, the BGH issued an order that the highly disputed question of whether dynamic IP addresses can be qualified as ‘personal data’ within the meaning of the applicable data protection laws be referred to the CJEU.98 The Advocate-General at the CJEU considered an IP address to be personalised data under Directive 95/46/EC in the event the provider holds additional data allowing identification of the user. His opinion is that the functioning of telemedia services is a valid reason to collect this data without consent of the concerned person, provided that no individual rights are conflicting. Thus, Section 15(1) TMG does not comply with the directive, because the provision does not contain ways to take legitimate individual interests into account.99
On 8 July 2016 the German Federal Council confirmed Parliament’s resolution about digitalisation of the turnaround in energy policy. The law aims to support the reconstruction of electricity supply by introducing intelligent measuring and communication technologies as well as modern data processing. This intelligent measuring system is intended to be a platform for communication to prepare electricity supply for the turnaround in energy policy based on renewable energies. From 2020 so-called ‘smart meters’ will be installed to give information about consumption and details of use to consumers including potential to save energy. Moreover, aspects of data protection are covered in the resolution as well as price caps for devices.100
On 12 June 2014 Directive 2014/61/EU concerning measures to reduce costs for the development of high-speed electronic communications networks for electronic communication came into effect. This directive has been implemented in German law by the ‘DigiNetzG’ effective from 1 July 2016. Costs for expanding digital high-speed networks can be reduced significantly, if inefficiencies at infrastructure expansion are eliminated. For instance, at public construction works the installation of glass fibre cables will be mandatory.101
In March 2015 the Ministry of Economics released the ‘Digital Strategy 2025’, raising 10 issues about digitisation, including faster internet based on glass fibre, a new agency for digital matters and granting financial support for young enterprises.102 The demand for faster internet is neither surprising, nor new. Thus, the new strategy paper estimates a faster gigabit glass fibre network established by 2025.
These questions also touch upon the responsibility of other ministries, namely the Ministry of Transport. According to the paper, the network expansion will cost about €100 billion. Furthermore, an integrative approach to overcome the divided competences shall be adopted, mainly by establishing a new agency for digital matters. Moreover, young entrepreneurs are to be encouraged in the form of support to raise capital and granting tax benefits.103
The European Commission decided in 2000 that the United States’ standards of data protection comply with the principles of the EU Directive (Safe Harbour Decision). If a company indents to receive personalised data from the European Union, it can commit itself to the US Ministry of Commerce to comply with the principles. A data transfer within this commitment has been considered compliant with terms of European law.104 Now, after an Austrian Facebook user brought action against the Irish Data Protection Authority, which refused to review a data transferal to the United States by Facebook Ireland Ltd based on contents referring to the Safe Harbour Decision, the European Court of Justice declared on 6 October 2015 that the Safe Harbour Decision is invalid.105 The Court considered the limitation of competences of national data protection authorities by the Commission’s decision of 2000 as unlawful and found that personal data of European internet users is not sufficiently protected against access by US authorities. After this decision, the European Commission and the United States negotiated a new agreement called ‘Privacy Shield’. The agreement came into force on 12 July 2016 and by 13 August 2016 nearly 40 companies started to work under the Privacy Shield.106 Although the agreement offers improvements compared to Safe Harbour and includes legal protection for citizens, major concerns regarding data deletion, massive collection of data and the ombudsperson mechanism still exist.107 Whether this new agreement will endure before the European Court of Justice remains to be seen.
After extensive negotiations the European Parliament passed the General Data Protection Regulation on 14 April 2016, which came into force on 25 May 2016, but individual provisions will become effective two years later. From this date on, the predominant part of national data protection law will be repealed and companies are expected to adjust their data processing and organisation to comply with the new law. The regulation will change data protection law in Germany and the EU substantially. In contrast to a directive, this regulation does not have to be implemented in national law, but has direct effect. The regulation contains nearly 50 opening clauses allowing national legislative action.108 In particular, the rights of concerned persons are strengthened including the introduction of a right to be forgotten. Furthermore, Member States have to introduce an independent supervisory authority and a European Data Protection Committee will be established. Infringements of the provisions can be sanctioned with up to €20 million or 4 per cent of a company’s annual turnover. To transmit personalised data in third countries, the Commission has to classify the data protection level as comparable to the EU level.109
On 1 August 2016 a law concerning the selection and connection of terminal devices (routers) came into force. In the past, a significant number of providers forced their customers to use only specific routers, sold or leased by the provider. To enhance competition, the new law defines the router as not being part of the telecommunication network, which is designed by the provider. Now, a router is no longer subject to telecommunication law and the provider is obliged to supply all relevant access data to enable the customer to use a different device.
The public broadcasting companies established a new system to charge broadcasting fees. Regardless of the fact whether one is able to receive the broadcast in the first place, the fee is charged per household. This approach has been challenged imposing a tax and therefore being unconstitutional. Thus, with its judgment of 13 March 2016 the Federal Administrative Court has confirmed the new statutory provisions as constitutional. The court characterised the fee as a consideration for an attributable benefit in terms of an opportunity to receive public broadcast, which differentiates the fee from a tax.110 Public broadcasting companies are entitled to charge a fee to be able to meet the requirements for a political and cultural contribution to a diverse media landscape.
VI CONCLUSIONS AND OUTLOOK
The ICT sector in Germany is highly important and fast-growing, entailing a fast-paced legal and policy environment.
Convergence presents an abundance of challenges for policymakers, industry and society. Cooperation on a European and global level is vital for most German ICT policy issues, including telecommunication and frequency policies, ICT research, anti-spam measures as well as consumer, copyright and youth protection in the context of new media.
1 Christian Engelhardt is a counsel at Latham & Watkins LLP. Previous versions of this chapter were authored by Gabriele Wunsch and by Zahra Rahvar and co-authored with Latham & Watkins associate Laura Johanna Reinlein. The author would like to acknowledge the contributions of Miriam Borggrefe, Philipp Hillingmeier and Stefan Papastefanou, legal trainees at Latham & Watkins LLP, for their assistance in updating this chapter.
2 www.bmwi.de/DE/Themen/Wirtschaft/branchenfokus,did=197728.html; the German ICT industry has a market share in Europe of 18.9 per cent, and thus is Europe’s largest ICT market and the fourth-largest worldwide.
3 www.bmwi.de/DE/Themen/Wirtschaft/branchenfokus,did=197728.html; www.bmwi.de/DE/Themen/Wirtschaft/branchenfokus,did=197740.html.
4 www.bundesregierung.de/Content/DE/_Anlagen/2014/08/2014-08-20-digitale-agenda. pdf?__blob=publicationFile&v=6.
6 The Netalliance platform for innovation and investment is formed by the government and ICT companies. It commenced work in 2014 under the guidance of Alexander Dobrindt, the German Minister for Transport and Digital Infrastructure (www.bmvi.de/SharedDocs/DE/Artikel/DG/startschuss-fuer-die-netzallianz-digitales-deutschland-2014-03-07.html?nn=72886).
8 Several states have joint media authorities, such as Berlin and Brandenburg as well as Hamburg and Schleswig-Holstein.
9 Section 50 et seq. of the Inter-State Broadcasting Treaty (RStV).
10 Section 38(2) of the RStV.
11 See www.lfk.de/fileadmin/media/recht/2013/16-RStV-April2015.pdf.
13 Section 6 of the TKG.
14 www.bundesnetzagentur.de/SharedDocs/Downloads/DE/Sachgebiete/Telekommunikation/Unternehmen_Institutionen/Anbieterpflichten/Meldepflicht/Amtsblattmitteilung_Nr149_2015.pdf?__blob=publicationFile&v=1; also see Sassenberg/Mantz, MMR 2015, 428ff.
15 The AWG was last modified and thereby fully modernised in June 2013 to increase its comprehensibility.
16 See Sections 21 and 28 of the TKG.
17 Section 25 et seq. of the RStV.
18 BGH GRUR 2015, 1228 et seq.
19 Council Regulation (EC) No. 139/2004 of 20 January 2004 on the control of concentrations between undertakings.
20 Two de minimis exemptions apply under the following conditions:
a one party to the merger achieved less than €10 million turnover during the preceding fiscal year (in the case of the target including the seller and all its affiliates, provided that the seller controls the target and, in the case of the acquirer, including all its affiliates) (Section 35, Paragraph 2); or
b the relevant market (which must have been in existence for at least five years) had a total annual value of less than €15 million in the last calendar year (de minimis market clause, Section 36, Paragraph 1).
21 See Getting the Deal Through – Merger Control, https://gettingthedealthrough.com/area/20/jurisdiction/11/merger-control-germany/.
22 Section 54 et seq. of the RStV.
23 TÜV Rheinland, Bericht zum Breitbandatlas Ende 2015 im Auftrag des BMVI, http://zukunft-breitband.de/SharedDocs/DE/Anlage/Digitales/bericht-zum-breitbandatlas-ende-2015-ergebnisse.pdf?__blob=publicationFile, p. 4.
25 That is digitisation ending up in freeing up spectrum and usually resulting in its reallocation.
26 The next National IT Summit will take place in Saarbrücken in November 2016: see www.bmwi.de/DE/Themen/Digitale-Welt/Digitale-Agenda/nationaler-it-gipfel.html. Subjects of the IT Summit will be closely related to those of the Digital Agenda. In 2016 digital education will be a main subject.
28 The Netalliance Digital Germany initiative started on 7 March 2014: www.bmvi.de/DE/DigitalesUndRaumentwicklung/DigitaleInfrastrukturen/Netzallianz/netzallianz_node.html; www.bmvi.de/SharedDocs/DE/Artikel/DG/breitbandstrategie.html. The Federal Ministry for Transport and Digital Infrastructure will further develop its broadband portal, www.zukunft-breitband.de. Apart from the annual Broadband Atlas and best-practice examples, this portal also includes checklists for local authorities and information on financial support.
31 Section 2(3) No. 4 of the TKG.
33 The Parliament passed an ‘e-government statute’, which came into effect on 1 August 2013: see www.bmi.bund.de/DE/Themen/IT-Netzpolitik/E-Government/E-Government-Gesetz/e-government-gesetz_node.html. This statute facilitates electronic communication with administrative authorities. Furthermore, the German legislator adopted an ‘e-justice statute’ that will enable electronic communication with all courts in Germany from 2020 onwards. As of 2022, it will be mandatory for lawyers to communicate with the court by certain electronic means: see dipbt.bundestag.de/dip21.web/bt.
34 See Section 126 et seq. of the TKG.
35 Sections 2(2) and 41a of the TKG.
36 Section 41a(1) of the TKG.
39 www.bmwi.de/DE/Presse/pressemitteilungen,did=717942.html and www.europa.eu/rapid/press-release_MEMO-15-5275_de.htm.
40 Directive 2005/29/EC of the European Parliament and of the Council of 11 May 2005
concerning Unfair Business-to-Consumer Commercial Practices in the Internal Market.
41 Section 20(1) and (2) UWG.
45 Law on the Federal Office for Information Security.
46 Section 8a of the BSIG.
47 Section 8b of the BSIG.
48 Section 109a(4) of the TKG.
49 Section 13(7) of the TMG.
52 Judgment of the BVerfG of 15 December 1983, 1 BvR 209/83 et al, BVerfG collection, 65,1(41).
53 www.bfdi.bund.de/SharedDocs/Publikationen/GesetzeVerordnungen/Unabhaengigkeitsgesetz.pdf?__blob=publicationFile&v=1. The law will come into effect on 1 January 2016.
56 Judgment of the BVerfG of 2 March 2010, 1 BvR 256/08, 1 BvR 263/08, 1 BvR 586/08, BeckRS 2010, 46771.
57 Judgment of the CJEU of 8 April 2014, C-293/12 and C/594/12, BeckEuRS 2014, 393023.
60 Becklink 2001085 of 16 September 2015.
61 Judgment of the BGH of 3 July 2014, III ZR 391/13, BeckRS 2014, 14643.
63 Section 55(1) of the TKG.
64 Section 53(1) of the TKG.
65 Section 54(1) of the TKG.
66 Section 54(2) of the TKG.
67 Section 62(1) and (2) of the TKG; also see Scherer/Heinickel, NVwZ 2012, 585 (591f).
70 Section 55(10) of the TKG.
71 Section 61 of the TKG.
75 For an overview of the developments in internet and multimedia law in 2015, see Hoeren/Thiesen, MMR-Beilage 5/2016, 1 et seq.
76 Judgment of the CJEU of 13 May 2014, C-131/12, BeckEuRS 2014, 395156.
77 Becklink 2000746 of 3 August 2015 and Becklink 2000735 of 31 July 2015.
78 Judgment of the FCJ of 14 May 2013, VI ZR 269/12, BeckRS 2013, 08626.
79 Judgment of the FCJ of 5 February 2015, I ZR 240/12, GRUR 2015, 485et seq.
80 Judgment of the CJEU of 16 June 2015, BeckRS 2015, 11533.
81 Judgment of the FCJ of 15 August 2013, I ZR 80/12, GRUR 2013, 1030 et seq.
82 www.bmwi.de/BMWi/Redaktion/PDF/S-T/telemedienaenderungsgesetz-aenderung,property=pdf,bereich=bmwi2012,sprache=de,rwb=true.pdf; MMR-Aktuell 2015, 369968.
83 Judgment of the CJEU of 5 June 2014, C-360/13, MMR 2014, 544 et seq.
84 Judgment of the FCJ of 8 January 2014 Bearshare, I ZR 169/12, NJW 2014, 2360 et seq.
87 Order of District Court of Munich of 18 September 2014, 7 O 14719/12, MMR 2014, 772 et seq.
88 GRUR-Prax 2016, 175.
90 GRUR 2016, 268.
92 ZD-Aktuell 2016, 05152.
93 ZD-Aktuell 2015, 04629.
94 For an overview of the ongoing discussion about IT outsourcing, see Mann, MMR 2012, 499.
97 Tonner, VuR 2013, 443 et seq.
98 Order of the District Court of Munich of 28 October 2014, VI ZR 135/13, MMR 2015, 131 et seq.
99 Advocate-General’s opinion of 12 May 2016 – C-582/14, BeckRS 2016, 81027.
100 Becklink 2003818.
104 Grapentin, in: Auer-Reinsdorff/Conrad, Handbuch IT- und Datenschutzrecht 2. Edition 2016, paragraph 59 et seq.
105 CJEU, Decision of 6 October 2015 – C-362/14.
108 Kühling/Martini in: EuZW 2016, 448.
110 BVerwG NVwZ 2016, 1081.