IT law and Internet law

Advice on all legal issues relating to digitalisation, IT, the Internet, online trading, cookies and software.
IT law and Internet law

Information technologies, Internet and apps

Lawyers in the field of IT law deal with all legal issues associated with the processing of data and information at the company. Internet law is the area of IT law that addresses online trade as well as legal security on the Internet and social media. IT law is scarcely possible without data protection and the GDPR. Which means that it must be approached in an interdisciplinary way. 

We can support you in these areas in all aspects relating to your online presence:

Why dhpg?

Because IT law and Internet law do not fit neatly into any compartment

Today, IT issues crop up in almost all areas of our business and private lives. No sooner do you click on a website than a cookie banner pops up. No wonder IT and Internet law are developing and changing so rapidly. You can rely on a partner who has its finger on the pulse of the times, but who also has the necessary command of the subject. A partner with an eye for the essentials who also thinks outside the box.


Tailor-made consulting

We are your strategic partner, pragmatic problem-solver or sparring partner in questions that get down to the nitty-gritty - right in line with your needs in the respective situation. We will of course be pleased to provide conceptual advice as well. That's where we can be particularly useful to our clients.


Look around

We pool IT knowledge with the know-how of lawyers, labour law experts, data protection specialists and IT security professionals. In this way, you not only keep an eye on complex issues in all their facets, but also keep them under control.


Internationally networked

In IT and Internet law, it all boils down to good networking. No matter what legal questions you may have: we always have the right contact person for you somewhere in our partner network CLA Global

Your contact persons for IT law and Internet law

Would you like to get together for a personal meeting to obtain advice? We would be happy to schedule a non-binding appointment with you so that we can get to know each other. We look forward to your call or e-mail and to meeting you.

To the contact persons

FAQ - Questions on IT law and Internet law

What are the different types of IT contracts?

Unfortunately, there is no such thing as a typical IT contract. As much as services, hardware and software and their provision and use differ in IT contracts for these areas, so it goes with the contracts. With IT contracts, it is therefore particularly important to look closely at the specifics and practical challenges of each individual IT project. Numerous constellations are conceivable, from software development contracts that are arranged agilely or as a so-called waterfall model, to the creation of software transfer and licence contracts that can be designed for the long term or for limited periods of time, all the way down to provider and hosting contracts. But the most important thing is that they are often based on complex projects and considerable investments. It is therefore all the more important to rely on good advice and not on an "off-the-shelf" set of contracts that can be found online. The following topics must be included in a contract to avoid surprises (such as liability) and disputes:

  • Concrete description of the services 
  • Project description, process and communication
  • Project team and responsibilities
  • Project remuneration
  • Type of contract (service or work contract) 
  • Rights of use and licences
  • Further cooperation (maintenance, support, etc.)

Legal errors in online trade

For many companies, the distribution channel via their own webshop appears to be cost-effective and lucrative. The operator of the webshop has to observe a large number of legal requirements in order to minimise the risk of receiving reprimands and warnings from competitors, however:

  • For example, in order to be legally compliant, the web shop requires not only a data protection declaration and an imprint, but also an up-to-date, individual design of its own general terms and conditions (GTC).
  • One frequent cause of reprimands and warnings is the sending of newsletters to recipients who may not have ordered one, or the use of photos, videos or texts for which there are third party copyrights or which are inadmissible under competition law (e.g. due to a misleading description). 
  • It is also indispensable in online trade with consumers to have a cancellation policy when concluding a contract. In this context, it is advisable not to deviate from statutory model revocation declarations. 

What should be taken into account when outsourcing tasks to an external service provider?

Outsourcing means shifting services to an external service provider. In essence, outsourcing is about working together as partners, which is of course laid down in a set of contracts. Don’t be too hasty in choosing service providers. Often the advantages and disadvantages of the various offers only become apparent through a comparison with other providers. In any case, you should spell out the rights and obligations of a service provider in a precise outsourcing contract. In addition to this contract, a data protection agreement on commissioned processing (ADV) must generally be concluded with service providers in accordance with the GDPR. From a data protection perspective, you need to pay particularly close attention to technical and organisational measures to ensure data security as well as the location where the data processing takes place. Especially if a service provider from a non-EU country is involved, further precautions need to be taken. Pay particular attention to this point. Because when you commission a provider in connection with outsourcing, important tasks and thus data and information of the company are transferred to them. An outsourcing contract therefore always affects the areas of data security and IT security. Advice from a specialised lawyer is a sound investment in such cases.

Why the imprints of many websites, social media sites and apps still contain errors

Following a spate of reprimands and warnings, the imprints of many companies have improved in recent years. However, due to changes in the law, new obligations have to be met from time to time. In addition, numerous particular obligations apply to special providers (e.g. professionals, the medical sector, the financial sector) that are occasionally overlooked. Or are not even requested by online generators used to create an imprint. Companies are often unaware that the creation of an imprint is also legally required for their social media sites and apps - a popular starting point for competitors to send out a warning. But even if a company is aware of the need to provide an imprint in all its telemedia, social networks or apps sometimes confront companies with graphic or technical challenges.

What needs to be taken into account when using cookies or cookie banners

If you want to use cookies or plug-ins on your website that are not technically necessary for the operation of the website and may even transfer data to a third party company, you need the consent of website users. This consent is usually obtained by means of a cookie banner. The following requirements are applied to cookie banners:

  • The cookie banner must be visible to users when the website is first opened. Access to the imprint and the data protection declaration must be possible via the cookie banner. Only when users give their consent may the cookies (which require consent) be activated.
  • Users must - insofar as consent is required - give self-determined and voluntary consent to the cookies and this must be done proactively, such as by placing a tick in the cookie banner. If the tick is set automatically, consent to the cookies is null and void, as it was not given by the user. 
  • Each cookie requiring consent must be listed with the name of the service provider and functions and it must be possible to be activated individually by the user in the cookie banner.
  • The user must be able to easily revoke consent to the use of cookies on the website (e.g. in the data protection declaration) at any time.
  • In addition to "normal" cookies, tools are also used that initially suppress the content of a plug-in (e.g. an embedded video) and only reload it after another click on the consent - the so-called double-click method. Contact us if you have any questions about this or the topic of cookies. 

What can you do if you have been hacked?

Many SMEs believe they are unattractive to a hacker attack. But in 2020, a representative study of 1,000 SME entrepreneurs revealed that almost half had already been victims of a hacker attack. What can you do if you have already been hacked?

  • In order to expose vulnerabilities and ascertain possible traces left by the attackers, a forensic analysis by IT specialists should be initiated immediately.
  • Provided you have taken this important precaution, you should check your existing insurance coverage and inform the insurance company about the incident.
  • Technical, organisational and legal protective measures must be adapted, as exemplified by the development and implementation of a protective concept for the protection of business secrets.
  • If necessary, legal claims such as injunctive relief and claims for damages can be asserted. In addition, criminal charges can be filed and in some cases sanctions under labour law can be invoked.
  • Data protection reporting obligations are to be reviewed and an improvement in the information security management system is to be initiated.

75% of the companies that were hacked suffered significant damage. Therefore: You need to create a comprehensive security strategy and an emergency plan working together with an expert. To make sure that your company is well prepared for any attack, which hopefully will not happen in the first place.

When it comes to IT law, bank on the specialised lawyers at dhpg

IT law and Internet law and hence advice on all legal issues revolving around IT, the Internet, online trading and cloud computing are modern fields of law in a constant state of flux. dhpg provides interdisciplinary advice on the drafting and review of software, IT and licence agreements. We will be pleased to support you in the standardisation and automation of all your contractual documents. We have already advised many companies on the design of a legally compliant website - from the imprint to privacy policy, shop systems to the cookie banner (which has recently become mandatory). Together with our IT specialists, we carry out forensic analyses that can be used in court following a hacker attack and help ensure that your company is able to operate effectively once again.


Get in touch with us

Mail Contact form Telefon +49 228 81000 0
By uploading the YouTube video, you consent to cookies being set by YouTube and Google and to data being transferred to these providers. We process the data in order to be able to analyse access to our YouTube videos or to evaluate the effectiveness of our advertising and ads. YouTube and Google also process the data for their own purposes. In addition, you also agree that your data may be transferred to the USA, although there is a risk in the USA that the US authorities may gain access to your data for surveillance purposes and that you may not have adequate legal protection against such. You will find further information in our Data Protection Policy.
Load YouTube Video