digital business 2020 · 2020-06-10 · cyprus e & g economides llc: xenia kasapi & george...

Digital Business 2020A practical cross-border insight into digital business law

First Edition

Featuring contributions from:

Anderson Mōri & Tomotsune

Armengaud Guerlain

Bagus Enrico & Partners

BOEHMERT & BOEHMERT

Boga & Associates

Bull & Co

Cliffe Dekker Hofmeyr

Cozen O’Connor P.C.

E & G Economides LLC

Gowling WLG

Greychapel Legal

Hammad & Al-Mehdar Law Firm

Hassan Radhi & Associates

Lewis Silkin

Orchards

Portolano Cavallo

Shin Associates

Sirius Legal

Veirano Advogados

Walder Wyss Ltd

Digital Business 2020First Edition

Contributing Editors:

Davey Brennan & Alex Brodie Gowling WLG

©2020 Global Legal Group Limited. All rights reserved. Unauthorised reproduction by any means, digital or analogue, in whole or in part, is strictly forbidden.

DisclaimerThis publication is for general information purposes only. It does not purport to provide comprehen-sive full legal or other advice. Global Legal Group Ltd. and the contributors accept no responsibility for losses that may arise from reliance upon information contained in this publication. This publication is intended to give an indication of legal issues upon which you may need advice. Full legal advice should be taken from a qualified professional when dealing with specific situations.

ISBN 978-1-83918-051-4ISSN 2732-5237

Published by

59 Tanner StreetLondon SE1 3PLUnited Kingdom+44 207 367 0720 [email protected] www.iclg.com

Group Publisher Rory Smith

Publisher James Strode

Senior Editor Sam Friend

Head of Production Suzie Levy

Chief Media Officer Fraser Allan

CEO Jason Byles

Printed by Ashford Colour Press Ltd.

Cover image www.istockphoto.com

Strategic Partners

Table of Contents

Q&A Chapters

BahrainHassan Radhi & Associates: Ahmed Abbas & Sayed Jaffer Mohammed

Expert Chapter

1 Navigating Business DigitalisationDavey Brennan & Alex Brodie, Gowling WLG

BelgiumSirius Legal: Bart Van den Brande & Roeland Lembrechts

AlbaniaBoga & Associates: Renata Leka

BrazilVeirano Advogados: Fábio Pereira & Isabel Hering

CyprusE & G Economides LLC: Xenia Kasapi & George Economides

FranceArmengaud Guerlain: Catherine Mateu

GermanyBOEHMERT & BOEHMERT: Dr. Sebastian Engels & Silke Freund

Nigeria Greychapel Legal: Oladele Oladunjoye & Bisola Oguejiofor

NorwayBull & Co: Kristin Haram Førde & Stian Sørensen Schilvold

Malaysia Shin Associates: Joel Prashant & Chermaine Chen Yinn Li

IrelandLewis Silkin: Victor Timon

ItalyPortolano Cavallo: Irene Picciano, Eleonora Curreli, Fabiana Bisceglia & Donata Cordone

JapanAnderson Mōri & Tomotsune: Ken Kawai & Takashi Nakazaki

KosovoBoga & Associates: Renata Leka

IndonesiaBagus Enrico & Partners: Enrico Iskandar & Bratara Damanik

8

13

18

34

50

23

41

57

64

72

87

102

80

92

109

Russia Orchards: Grigory Zakharov & Anastasia Sivitskaya115

Saudi Arabia Hammad & Al-Mehdar Law Firm: Suhaib Hammad123

South Africa Cliffe Dekker Hofmeyr: Fatima Ameer-Mia, Christoff Pienaar, Nikita Kekana & Mieke Vlok

129

SwitzerlandWalder Wyss Ltd: Jürg Schneider, Hugh Reeves & Maria Gentile

136

United KingdomGowling WLG: Davey Brennan & Alex Brodie144

USACozen O’Connor P.C.: Ude Lu, J. Trevor Cloak & Victor J. Castellucci

152

From the PublisherDear Reader,

Welcome to the first edition of the ICLG – Digital Business, published by Global Legal Group.

This publication provides corporate counsel and international practitioners with comprehensive jurisdiction-by-jurisdiction guidance to laws and regulations relating to digital businesses around the world, and is also available at www.iclg.com.

The question and answer chapters, which in this edition cover 21 jurisdictions, provide detailed answers to common questions raised by professionals dealing with digital busi-ness laws and regulations.

The publication’s opening expert analysis chapter provides further insight into navi-gating business digitalisation.

As always, this publication has been written by leading lawyers and industry specialists, for whose invaluable contributions the editors and publishers are extremely grateful.

Global Legal Group would also like to extend special thanks to contributing editors Davey Brennan and Alex Brodie of Gowling WLG for their leadership, support and expertise in bringing this project to fruition.

Rory SmithGroup PublisherGlobal Legal Group

Welcome

Digital Business 2020

Chapter 850

Germany

BOEHMERT & BOEHMERT Silke Freund

Dr. Sebastian Engels

Germ

any

1 E-Commerce Regulations

1.1 What are the key e-commerce legal requirements that apply to B2B e-commerce in your jurisdiction (and which do not apply to non-e-commerce business)? Please include any requirements to register, as well as a summary of legal obligations specific to B2B e-commerce.

In general, German law provides for relatively strict legal requirements specific to e-commerce. While most of these legal obligations are limited to B2C e-commerce, there are a number of obligations also relevant to B2B business. To avoid the strict requirements for B2C business, any online offer must sufficiently clarify that it is only directed to business customers and further measures should be taken to effectively avoid that consumers can use a B2B shop.

For every commercial website, including offerings on plat-forms like ebay, Amazon, LinkedIn, etc., online traders are required to provide a full imprint including in particular the full firm of the trader, the name of its representative, a companyaddress, email address, an alternative means to directly contact the online trader and VAT (if applicable). As regards the processing of personal data, online traders are further required under the GDPR to provide for a privacy policy for every commercial website. While most other mandatory information duties applying to B2C e-commerce do not apply to B2B busi-ness, the online trader towards B2B customers must still provide information (1) on the individual technical steps leading to the conclusion of a contract, (2) whether the text of the contract is stored by the online trader after the conclusion of the contract and whether it is accessible to the customer, (3) on how the customer can recognise and correct invalid indications during the ordering process before submitting the purchase offer, (4) on the languages available for the conclusion of the contract, and (5) on any relevant codes of conduct to which the online trader submits and on the possibility of electronic access to these codes. In addition to providing this mandatory informa-tion,onlinetradersinB2Bbusinessarerequiredtoconfirmthereceipt of an order electronically without delay and to provide any customer with the possibility to retrieve the contractual provisions, including terms and conditions (T&C), upon conclu-sion of the contract and to store them in a reproducible form.

Depending on the applicable regulation, a breach of these legal obligations (in particular, GDPR requirements) may result inadministrativefines.Furthermore,Germanyhasdevelopeda very effective system of enforcing the applicable rules by civil law, primarily based on Unfair Competition Law. Infringing upon any applicable obligation may result in a cease-and-desist

letter from competitors. In this context, German law provides for a claim for reimbursement of costs for such letters, and injunctive claims can effectively be enforced through courts in preliminary injunction proceedings within a few days, if no undertaking to cease-and-desist, including a contractual penalty clause, is provided upon receipt of a cease-and-desist letter.

As regards the conclusion of contracts in B2B busi-ness, German law does not provide for specific require-ments in e-commerce compared to non-electronic busi-ness. There is no requirement to register as an online business beyond obligations for any business.

1.2 What are the key e-commerce legal requirements that apply to B2C e-commerce in your jurisdiction (and which do not apply to non-e-commerce business)? Please include any requirements to register, as well as a summary of legal obligations specific to B2C e-commerce.

Online traders selling to consumers, in addition to the above stated minimum requirements for B2B business, must comply with various legal obligations aimed at the protection of consumers in e-commerce. These legal obligations are spread over numerous statutes in German Law. Besides obligations providing mandatory information as well as duties and require-ments for indicating prices, there are also specific require-ments to be complied with in order to conclude a legally binding contract in e-commerce with German customers. The most important German statutes in this context are:■ Regulationsongeneraltermsandconditionsandconsumer

protection within the German Civil Code (BGB).■ UnfairCompetitionAct(UWG).■ QuotationofPricesAct(PrAngV).■ PackagingAct(VerpackV).

German B2C e-commerce law provides a variety of mandatory information duties for online service providers.

For example, the following information must be provided in a clear and comprehensive form before a consumer sends an order:■ theessentialcharacteristicsoftheproducts/services;■ the identity of the online service provider (including

contact details);■ theoverallpriceof theservice/product (includingappli-

cable taxes) and (if applicable) shipping costs;■ thetermsofpayment;■ the terms of delivery (including the estimated delivery

date);■ theexistenceofstatutorywarrantyrights;■ (if applicable) the existence and conditions of customer

services and guarantees beyond statutory warranty rights;

© Published and reproduced with kind permission by Global Legal Group Ltd, London

51BOEHMERT & BOEHMERT


data processing taking place, even small companies are often required to implement complex data protection concepts to meet the legal requirements. Data-driven business concepts further face the challenge to comply with the general prin-ciple of data economy established in the GDPR, generally requiring a restriction of data processing to a minimum.

Cooperation involving multiple stakeholders further requires a concept for lawful transfer of personal data and adequate measures to be taken to ensure an adequate level of data protection for partners outside the European Union.

Finally, transparency can be a challenging factor, in particular where information from various sources is used for purposes, which at the time of aggregation oftheinformation,mightnotevenbefullyspecified.

2.3 What support are the Government and privacy regulators providing to organisations to facilitate the testing and development of fintech, AI and digital health?

German government bodies, as well as data protection author-ities, have an active interest in the development of AI, fintech and digital health. In recent years, both data protection author-ities and government bodies provided guidance in the form of opinions and guidelines for market participants struggling with the challenges evolving from data protection regulations in this specific field. Besides regional data protection author-ities, the conference of all German data protection authorities (“Datenschutzkonferenz”) in Germany is the main source for such guidance. While not legally binding, such documents summa-rise the opinion of the regulatory bodies and therefore act as a useful tool when designing a data protection concept.

In April 2019, the Datenschutzkonferenz published an opinion outlining seven basic data protection requirements for AI systems processing personal data (ht tps://www.datenschutzkonferenz-on l ine.de/media/en/20190405_hambacher_erklaerung.pdf), namely: ■ AImustnotmakepeopleanobject;■ AI may only be used for constitutionally legitimate

purposes and remains subject to the purpose limitation requirement;

■ AImustbetransparentandexplainable;■ AImustavoiddiscrimination;■ Theprincipleofdata economy remains applicable toAI

systems;■ AI requires responsibility on behalf of the stakeholders

involved; and■ AI requires technical and organisational standards safe-

guarding the protection of personal data.The Datenschutzkonferenz also provided several opinions

regarding the digital health sector, which can be retrieved on its website https://www.datenschutzkonferenz-online.de/.

These initiatives of German authorities are in line with similar initiatives of national public bodies in other EU Member States, as well as the European Commission and the European Data Protection Board.

3 Cybersecurity Framework

3.1 Please provide details of any cybersecurity frameworks applicable to e-commerce businesses.

Cybersecurity has been harmonised to a certain degree at European level. The basic framework for this was provided by the establishment of the European Union Agency for Cybersecurity

■ (ifapplicable)thedurationofthecontract,itsterminationconditions and the minimum duration of the B2C custom-er’s obligations hereunder; as well as

■ (ifapplicable) theoperatingprinciplesofdigitalcontent,its interoperability and compatibility.

There are also specific requirements regarding theform in which prices and additional costs have to be indicated towards consumers (e.g. including VAT).

Besides such information duties, there are also legal requirements directly affecting the effectiveness of a contract in e-commerce. German e-commerce law in general provides a B2C customer with the right to withdraw from a contract concluded electronically (without any reasons) within 14 days. This withdrawal period does not commence until the consumer received information regarding the right of withdrawal meeting the strict statutory stand-ards, and the right to withdrawal cannot be waived by contract. Furthermore,therearespecificrequirementstothedesignofthe

ordering process for electronic sales, which must be met in order to conclude binding contracts with consumers in e-commerce. A lack of compliance with these requirements will render any contract including a payment on behalf of the consumer non-binding.

As with regard to B2B requirements, e-commerce require-ments in B2C business, which do not have a direct effect to the effectiveness of a contract, are primarily enforced by competitors and associations for the protection of competition or consumer rights in civil proceedings.

Finally, German civil law provides broad restric-tions to the effectiveness of terms and conditions limiting the rights of German consumers, in particular as regards the limitation of statutory warranties and liability.

There is no requirement to register as an online busi-ness beyond obligations for any business.

2 Data Protection

2.1 How has the domestic law been developed in your jurisdiction in the last year?

German data protection law has been amended by a second act to adapt data protection law to Regulation 2016/679/EU and to implement Directive 2016/680/EU in 2019. For e-commerce in particular, the following amendments can be of relevance:■ the criteria under which a company has to appoint a

data protection officer have been amended (if at least 20 people (formerly 10 people) are regularly involved in the processing of personal data); and

■ a consent obtained by an employee for the processingof personal data by the employer (if required) does not further have to be obtained in writing to be valid.

2.2 What privacy challenges are organisations facing when it comes to fintech, AI and digital health?

Fintechs and companies active in the field of AI or digital health are often subject to sector-specific requirements besides the general data protection regulations. In comparison to other fields, the challenges for fintech, AI and digital health in particular result from the aggregation and use of personal data from various sources, often taking place in cooperation with several partners in an international environment, as well as the sensitivity of personal data processed, involving in many cases special categories of data.

A key requirement to be met is data security both from a tech-nical and organisational perspective. Due to the sensitivity of


52 Germany


previous year. Germany is responsible for around one quarter of all European B2C e-commerce turnover. In recent years, the share of e-commerce sales in the total B2C sales has consistently increased and is expected to reach 20 per cent in 2020. This is probably partly due to the ubiquitous use of smartphones and tablets in Germany. Today, one in three orders are placed via a mobile device.

Despite the subdued economic outlook for 2020, the bevh expects further growth to an estimated EUR 80 billion this year.

4.2 Do any particular payment methods offer any cultural challenges within your jurisdiction? For example, is there a debit card culture, a direct debit culture, a cash on delivery type culture?

Compared to other countries, the changeover from cash to cashless payment in Germany is proceeding rather slowly, but the trend is clearly discernible. The most important arguments against the use of cashless payment methods in Germany are concerns regarding the privacy and security of cashless payment services. There also seems to be a reluctance to trust new players outside the traditional banking sector with payment information.

In 2017, a comprehensive study by the Deutsche Bundesbank (central bank) showed that cash was still the most frequently used payment instrument in Germany, accounting for 74 per cent of transactions. However, for the first time since theBundesbank started its surveys, the share of cash in sales in 2017 has fallen to below 50 per cent. The use of debit cards (mainly girocard) was just under 35 per cent in 2017, while credit cards were used far less frequently for just under 5 per cent of transactions. Credit cards are usually only used for larger amounts. Internet payment methods, which are more wide-spread among younger consumers in particular, accounted for 4 per cent of total sales in 2017, and the trend is rising.

A 2019 study conducted by PwC concluded that mobile payments in particular replace other payment methods amongst the younger generation aged under 30 years. According to the study 46 per cent of the consumers under 30 years currently use mobile payment on a regular basis while in the group of consumers over 60 years this is only 12 per cent. It is expected thatwithinfiveyearsmorethan50percentofallpaymentsbyGerman consumers will be performed through mobile payment.

4.3 Do home state retailer websites/e-commerce platforms perform better in other jurisdictions? If so, why?

According to a study by the DIHK (German Chamber of Industry and Commerce), most of the online retailers surveyed (66 per cent) also sell abroad, but for 90 per cent of the retailers, Germany is still the sales market with the highest turnover. The reason for this is probably the general sales strength of the German market, which is the fifth largest e-commerce sales market in the world by international comparison.

4.4 Do e-commerce firms in your jurisdiction overcome language barriers to successfully sell products/services in other jurisdictions? If so, how and which markets do they typically target and what languages do e-commerce platforms support?

Of the 60 per cent of online retailers who sell goods abroad, 79 per cent use their own online shop. The foreign market with the highest sales is the German-speaking neighbour Austria, where

(ENISA) in 2004 and, more recently, the Directive on secu-rity of network and information systems (EU) 2016/1148 (NIS Directive). The NIS Directive was further enhanced and spec-ified by Commission Implementing Regulation (EU) 2018/151 (DSP Regulation) and the Cybersecurity Act (EU) 2019/881, which strengthens ENISA and establishes an EU-wide cyber-security framework for digital products, services and informa-tion systems.

The DSP Regulation provides digital service providers, including cloud computing services, online marketplaces and online search engines, with certain requirements for security measures and an obligation to report security incidents. While digital service providers are still largely free to take technical and organisational measures they consider appropriate and propor-tionate to manage cybersecurity risks (as long as those measures ensure an appropriate level of security and take into account the elements provided for in the NIS Directive), they must ensure that they have adequate documentation available to enable the competent authority to verify compliance with the security elements set out in Article 1 of the DSP Regulation. However, there are exceptions for micro and small enterprises with fewer than 50 employees and less than EUR 10 million annual turnover.

3.2 Please provide details of other cybersecurity legislation in your jurisdiction, and, if there is any, how is that enforced?

Cybersecurity is regulated directly or indirectly in a large number of different statutes. These include the GDPR, which plays a central role in data protection and data security issues. At the national level, the data security regulations in Germany are further specified by the TMG (“Telemediengesetz”, Telemedia Act) and TKG (“Telekommunikationsgesetz”, Telecommunications Act). The BSIG (“Gesetz über das Bundesamt für Sicherheit in der Informationstechnik”, Act on the Federal Office for Information Security) serves partly to implement European requirements stipulated in the NIS Directive and partly to define the scope of duties and the competencies of the Federal Office for Information Security, which is responsible for safeguarding cybersecurity at national level in Germany and thus plays a central role in its enforcement.German cybersecurity regulations establish specific secu-

rity obligations to various providers of critical infrastruc-ture in the sectors of energy, information technology and telecommunications, transport and traffic, health, water,nutrition, finance and insurance. The relevant critical infra-structure services in these sectors are defined in a subordi-nate national regulation (“BSI-Kritisverordnung”). Competent authorities under BSIG have a range of enforcement instruments ranging from investigation and information measurestobindingordersandadministrativefines.

4 Cultural Norms

4.1 What are consumers’ attitudes towards e-commerce in your jurisdiction? Do consumers embrace e-commerce and new technologies or does a more cash-friendly consumer attitude still prevail?

According to numbers collected by bevh (“Bundesverband E-Commerce und Versandhandel Deutschland”, Federal Association E-Commerce and Mail Order Germany), the gross turnover with goods in e-commerce in 2019 in Germany has increased to EUR 72.6 billion, an increase of 11.6 per cent compared to the




cancellation of a .de domain name may also be based on rights to a company name included in the infringing domain name.

5.2 Are there any restrictions that have an impact on online brand enforcement in your jurisdiction?

The tools provided by marketplace operators usually depend on registered IP and are not as effective with non-registered rights or with regard to claims based on unfair competition law or contractual issues. Unjustified claims delivered through such tools may also result in counterclaims for injunctive relief and cost reimbursement.

Against infringing .de domain names, trademarks – unlike rights in a company name – cannot usually be used as a basis for cancel-lation claims. Trademarks can only serve to stop an infringing use of a .de domain name. In order to have an infringing domain name cancelled, alternative approaches must be considered involving infrastructure providers such as registrars and domain regis-tries. In this regard, the German concept of secondary liability (“Störerhaftung”) can be an instrument to convince infrastructure providers to take measures against infringing domain names.

6 Data Centres and Cloud Location

6.1 What are the legal considerations and risks in your jurisdiction when contracting with third party-owned data centres or cloud providers?

Some of the key considerations when contracting with third party-owned data centres or cloud providers concern data privacy and data protection.

The European Union – and thus also Germany – has relatively strict data protection legislation, which was further strengthened with entry into force of the GDPR in 2018. Applicability of the GDPR in the context of cloud services can usually be assumed regardless of the cross-border situation, if personal data from EU data subjects is processed or the data processor is acting from within the EU. Cloud services providers are likely to be classi-fiedasprocessorsunderArticle28GDPR.Cross-borderrela-tions with cloud service providers may raise general illegal issues under the GDPR, in particular if access to personal data can be requested by state bodies subject to national law. For example, the CLOUD Act (Clarifying Lawful Overseas Use of Data Act) allows US investigating authorities to access data stored by US companiesonEuropean servers. This is indirect conflict tothe requirements of the GDPR, so there is a risk to either be finedundertheGDPRorsanctionedundertheCLOUDAct.

Furthermore, it must also be noted that the transfer of data in jurisdictions outside the European Economic Area is only permitted under the GDPR if the transfer is to an “Adequate Jurisdiction” (Article 45 GDPR), if the busi-ness has implemented one of the required safeguards of the GDPR (Article 46 GDPR), or if one of the exceptions of the GDPR applies to the transfer (Article 49 GDPR).

Consequently, the location of the servers used for cloud services, as well as the place of business of the service provider, can be of relevance for the assessment of compli-ance risks involved with the cooperation with a data centre or cloud service provider. There are several models avail-able when outsourcing data hosting, ranging from co-loca-tion services, where a fixed server infrastructure in a datacentre is owned and controlled by the customer, to full cloud computing platforms offering most flexibility in terms ofcapacity. Depending on the type and sensitivity of the data

the language barrier does not come into play. However, the DIHK survey also shows that many online retailers have high sales in foreign-language countries, with the largest markets being France, Italy, Great Britain and the US. This success is ultimately due to the fact that many online shops are offered bilingually, with the second language usually being English.

4.5 Are there any particular web-interface design concepts that impact on consumers’ interactivity? For example, presentation style, imagery, logos, currencies supported, icons, graphical components, colours, language, flags, sounds, metaphors, etc.

While shop designs vary in detail, a common general concept developed in recent years is putting a clear focus on intuitiveness and consumer convenience.

For example, Zalando, the largest German online retailer for clothing, offers a simple and tidy website as well as an app, both available in German and English. The easy navi-gability of the webshop is probably one of the retailer’s key success factors. The products are usually presented in high-quality, self-produced photos. The shop offers the possibility to set up a personalised account, which simplifies the busi-ness process and offers personalised promotions on the prod-ucts. Like most other shops, Zalando offers different payment methods, from invoice, direct debit and credit card payments to new payment methods like PayPal. As the survey on payment methods in Germany has shown, the trend, especially among younger consumers, is towards new payment methods, but a large part of the goods are still ordered on account.

Most online retailers invest in various tracking tools compre-hensively analysing the consumer behaviour on websites in order to maximise the consumer convenience and conversion rates.

5 Brand Enforcement Online

5.1 What is the process for online brand enforcement in your jurisdiction?

Corresponding to the various forms of online brand infringe-ment, the online enforcement of brands can be manifold and largely depends on the specific context of brand infringement. A common field for online brand infringement is in

online marketplaces. In Germany, eBay and Amazon are of particular economic relevance. Both platforms, besides the standard complaint forms, provide for effective tools for brand owners to effectively enforce enrolled brands by way of a notice and takedown procedure. Besides such plat-form integrated tools, brand infringements can be effectively enforced against identified infringers through cease-and-de-sist letters and preliminary injunction proceedings. Due to statutory claims for reimbursement of legal costs, effec-tive measures can often be taken on a cost-neutral basis.

As regards domain disputes, there exists no alternative dispute procedure for .de domain names comprising or similar to a registered trademark, like the UDRP. Legal claims must be brought before ordinary courts in Germany. In general, based on a trademark infringement, the trademark holder will only be entitled to claims against the trademark infringing use of a domain name but not to the cancellation or transfer of the domain name registration. Lacking a legal basis for demanding a cancellation of an infringing domain name registration, approaching infrastructure providers (e.g. regis-trars, hosting providers or the .de registry Denic eG) have often proven effective tools in many scenarios. A claim for


54 Germany


In January 2020, the “Forschungszulagengesetz” entered into force providing tax incentives for investments in research and devel-opment; a measure which had been demanded by the industry for years. The law stipulates that companies that conduct research and are taxable in Germany can receive up to 25 per cent of their eligible personnel expenses for research and development after the endoftherespectivefiscalyearuponapplicationtothetaxofficeby deducting them from the income tax or corporate income tax.

8.2 What areas or points of tax law do you think are most likely to lead to disputes between digital businesses and the tax authorities, either domestically or cross-border?

For digital businesses, a physical presence is not neces-sary to generate turnover and profits in a specific country. Consequently, there is often no basis for the taxation of profits in the territory where such profits are generated, resulting in a misalignment between the place where profits are taxed and the place where value is created.

While the initiative of the European Commission for a Digital Service Tax in 2018/2019 was not successful, the general discus-siononthetaxrecordingofprofitsincross-borderdigitalbusi-ness continues and has led to various national initiatives, such as the Digital Services Tax introduced in UK from April 2020 for revenue derived from the provision of a social media service, a search engine or an online marketplace to UK users. It is to be expectedthatthemisalignmentbetweentheplacewhereprofitsare taxed and the place where value is created will remain a main area of dispute between digital businesses and the tax authorities.

9 Employment Law Implications for an Agile Workforce

9.1 What legal and practical considerations should businesses take into account when deciding on the best way of resourcing work in your jurisdiction? In particular, please comment on the advantages and disadvantages of the available employment status models.

The rather strict German employment law tends to conflict with agile employment models. German law makes a fundamental distinction between dependent employees and independent freelancers. While freelancer contracts can be structured more flexibly, employment contracts, which allow a closer control over the employees, must take into account the extensive rights provided by German employment law to dependent employees (e.g. protection against dismissal, minimum wages, statutory holiday claims) and also cover social security contributions.

The assignment to either of the two employment models depends on whether the employed person is subject to individual instruc-tions and integrated in the organisation of the employer (dependent employee) or essentially free to organise his/her activity and deter-mine his/her working time (independent freelancer/self-employed contractor). The contractual provisions themselves are usually only an indication for the legal evaluation of the employment rela-tionship. Greater attention must be paid to the contractual prac-tice and the extent to which the employee is actually acting inde-pendently and for more than one client. Consequently, employers donothavetheoptiontofreelychoosefromthebenefitsofbothstatus models but must carefully weigh the pros and cons of the respective model and consequently decide for either one.

In cross-border situations, the German concept of self-em-ployed freelancers often leads to misunderstandings, as it tends to be much narrower than in other countries. Since

involved, it has to be determined on a case-by-case basis which model best serves the economic and legal requirements.

6.2 Are there any requirements in your jurisdiction for servers/data centres to be located in that jurisdiction?

When processing personal data of EU citizens, the GDPR gener-ally requires the hosting of data within the EU and only allows for a transfer of data outside the EEA where an adequate level of data protection is ensured. With regard to specific sectors, additional regulations may further restrict data outsourcing (e.g. restrictions for public bodies or data in the financial or health sectors).

7 Trade and Customs

7.1 What, if any, are the technologies being adopted by private enterprises and government border agencies to digitalise international (cross-border) trade in your territory?

With the IT system ATLAS (Automatisiertes Tarif- und Lokales Zollabwicklungssystem, Automated Tariff and Local Customs Processing System), the German customs administration provides the prerequisites for the largely automated processing and monitoring of cross-border traffic of goods. Using ATLAS, declarations for the movement of goods and their subsequent transfer to a customs procedure, as well as administrative acts, are processed electronically.

In addition to participating in ATLAS, private enter-prises have the option of electronically submitting their declaration data to the customs offices using the inputmasks (Internet applications) made available online.

7.2 What do you consider are the significant barriers to successful adoption of digital technologies for trade facilitation and how might these be addressed going forwards?

The most relevant barriers to the adoption of digital technolo-gies for trade facilitation in Germany might be the complexity of the status quo of trade relationships. In order to effectively implement digital technologies, trade relationships will have to be simplified to a certain degree.

Another relevant barrier might be a general scepticism against the adoption of digital technologies both amongst decision makers within companies and public authorities. This scepticism could andshouldbeaddressedbyfocussingonthebenefitsofdigitaltechnologies for all participants in simplifying processes and cutting costs, in particular for small and medium-sized companies.

8 Tax Treatment for Digital Businesses

8.1 Can you give a brief description of any tax incentives of particular relevance to digital businesses in your jurisdiction? These could include investment reliefs, research and development credits and/or beneficial tax rules relating to intellectual property.

While other EU countries (e.g. Ireland, Hungary and Italy) implemented tax incentives attracting digital business, Germany so far has been reluctant to implement such tax incentives, as the German government fears a race to the bottom if EU Member States step into competition for the most attractive tax environ-ment for digital businesses.




While investment in digital infrastructure in Germany has in the past not been as high as it could have been, the environment for digital business in Germany has essentially improved in the past years and is expected to further improve. The availability ofhighlyqualifiedpersonnelinGermanyisgenerallygoodandGermany’s attractiveness to foreign workers tends to be positive.

11 Online Payments

11.1 What regulations, if any, apply to the online payment sector in your jurisdiction?

The online payment sector in Germany is largely governed by harmonised EU law, in particular by the Payment Services Directive (EU) 2015/2366 (PSD2) and the Commission Delegated Regulation (EU) 2018/389 with regard to regu-latory technical standards for strong customer authentica-tion and common and secure open standards of communi-cation. In Germany, the Directive is implemented in civil law by the provisions of §§ 675c-676c of the German Civil Code (BGB) covering the contractual relationship and in the “Zahlungsdiensteaufsichtsgesetz” (ZAG, Payment Services Supervision Act) covering the regulatory aspects.

Pursuant to the regulatory provisions of the ZAG, an institu-tion wishing to provide relevant payment services as a payment institution in Germany, whether commercially or on a scale which requires a commercially organised business undertaking, needs written authorisation from the Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht, or BaFin). The same applies to e-money institutions. The ZAG follows a technology-neutral approach when evaluating a new busi-nessmodel.WhileBaFinhasnoflexibilitytopromoteinnova-tive business models, it usually applies proportionate supervi-sion measures largely depending on the scope of risks entailed with a specific payment service. As regards the territorialscope of the German regulatory framework, according to the practice of BaFin, relevant payment services are carried out in Germany not only if the payment provider has its registered officeinGermany,butalsoiftheprovideroftheservicemerelytargets the German market in order to offer its services repeat-edly and on a commercial basis to companies or individuals havingtheirregisteredofficeorregularresidenceinGermany.

As a measure to increase the security of online payments and reduce fraud, the PSD2 set out stricter technical require-ments for payment service providers to verify customers’ iden-tity (Regulatory Technical Standards on Strong Customer Authentication (RTS - SCA)). The PSD2 further included providers of payment initiation services and account information services into the regulatory framework.

11.2 What are the key legal issues for online payment providers in your jurisdiction to consider?

With the extension of the scope of the Payment Service Directive by PSD2, a number of payment services, which previously grew rather unsupervised, have become subject to supervision. The regulatory requirements and, in particular, the implementation of the new minimum requirements on strong customer authen-tication may be a challenge for some online payment providers when establishing new innovative business models. At the same time, the implementation of RTS - SCA might also help to over-come the reservations against the security of online payment services still existing amongst German customers in compar-ison to the traditional banking sector.

the incorrect classification of an employment relationshipmight even result in criminal prosecution, the legal situa-tion should be carefully examined in each individual case.

9.2 Are there any specific regulations in place in your jurisdiction relating to carrying out work away from an organisation’s physical premises?

According to the definition of freelancing activity (see question 9.1 above), it is a prerequisite for freelancers that they organise their work independently, i.e. the employer typically does not have to observe any specific regulations.

For dependent employees, however, the “Arbeitsschutzgesetz” (Occupational Safety and Health Act) stipulates safety require-ments which the employer must take into account even if the employee does not carry out his work on the employer’s premises. To further specify these obligations in detail, the “Arbeitsstättenverordnung” (Workplace Ordinance) was adopted, which in particular regulates requirements for so-called “tele-work stations”. However, according to the wording of the Regulation, “telework stations” are only covered if the work equipment was provided by the employer. Since this is rarely the case, there is considerable controversy in the literature as to whether an extensive interpretation of the regulation, in particular in conformity with EU law, would be manda-tory. Also, the Regulation does not usually apply in cases whereanemployeeoccasionallyworksinahomeoffice.

10 Top ‘Flags’ for Doing Business as a Digital Business in Different Jurisdictions

10.1 What are the key legal barriers faced by a digital business operating in your jurisdiction?

When analysing the legal environment for digital business in Germany, no specific legal barriers can be identified for oper-ating a digital business in Germany. While Germany is currently not at the top of the list of countries in digital capability, the German government in recent years has put a focus on the development of digital infrastructure. Most relevant fields of law in recent years have been strongly harmonised throughout the European Union strengthening the Digital Single Market and facilitating cross-border business within the EU.

The key legal challenges faced by digital businesses operating in Germanywilllikelyvarydependingonthespecificfieldofbusi-ness. For e-commerce businesses and in particular for example for start-up companies, the strict enforcement of consumer protection regulations through competitors and consumer protection associations might be perceived as a challenge in the beginning. For data driven businesses the same applies with regard to the strict requirements stipulated under the GDPR.

10.2 Are there any notable advantages for a digital business operating in your jurisdiction?

With more than 83 million inhabitants, Germany is a major market also for digital businesses. With 68 million people (84 per cent of the German population) online on a regular basis, Germany is responsible for around one quarter of all European B2C e-commerce turnover. The German industry and in particular German small and medium-sized companies have a leading position when it comes to innovation capability. Therefore, the economic potential for digital businesses oper-ating in Germany is a major advantage.


56

Dr. Sebastian Engels is a partner at BOEHMERT & BOEHMERT in Berlin. He advises clients in all aspects of IP law and is specifically working with German and international clients to develop IP strategies both in Germany and abroad. One of the special focuses of his expertise is further advising and representing digital businesses with regard to consumer protection regulations, contractual matters, data protection law and domain name disputes. Sebastian represents clients in all types of intellectual property disputes, including trade mark, trade dress, copyright, and unfair competition matters and has a focus on digital business and effective online rights enforcement. His clients range from start-up companies to multinational companies.

BOEHMERT & BOEHMERTKurfuerstendamm 18510707 BerlinGermany

Tel: +49 30 23 60 76 70Email: [email protected]: www.boehmert.de


Germany

Silke Freund is a partner at BOEHMERT & BOEHMERT in Munich. She focuses on the contentious – sometimes cross-border – enforcement of soft IP rights (trade marks, copyright, design and unfair competition) and the defence against asserted infringement claims, having almost 20 years of experience before German Courts and in all forms of IP litigation. Beyond IP litigation she supports her clients in all aspects of IP law, with a particular focus on handling worldwide trade mark portfolios and respective strategic advice. Silke advises German and interna-tional clients ranging in size from individual start-ups and small to medium-sized companies right up to large multinational enterprises. Her advice is directed to all different sectors and industries, from consumer, energy, financial services, health, technology and media to digital businesses.

BOEHMERT & BOEHMERTPettenkoferstr. 2280336 MünchenGermany

Tel: +49 89 55 96 80Email: [email protected]: www.boehmert.de

As one of the largest and best-known law firms for Intellectual Property (IP) in Europe, BOEHMERT & BOEHMERT has been representing the interests of its clients for more than 80 years both with regard to the registration of property rights and in legal disputes. The special strength of BOEHMERT & BOEHMERT lies in the close cooperation of interdisciplinary teams of attorneys and patent attorneys enabling the development of customised, creative, and practical solutions that meet our clients’ requirements. Our attorneys offer support in all fields of applied and engineering sciences and have proven expertise in traditional as well as young industries in all business sectors, and across borders. In addition to our six offices in Germany, our law firm maintains interna-tional offices in Alicante, Paris, and Shanghai. The global network of our offices and the close collaboration with selected partner firms throughout the world guarantees unrivalled quality and efficiency.

www.boehmert.de


Current titles in the ICLG series

Alternative Investment Funds

Anti-Money Laundering

Aviation Finance & Leasing

Aviation Law

Business Crime

Cartels & Leniency

Class & Group Actions

Competition Litigation

Construction & Engineering Law

Consumer Protection

Copyright

Corporate Governance

Corporate Immigration

Corporate Investigations

Corporate Tax

Cybersecurity

Data Protection

Derivatives

Designs

Digital Business

Digital Health

Drug & Medical Device Litigation

Employment & Labour Law

Enforcement of Foreign Judgments

Environment & Climate Change Law

Family Law

Financial Services Disputes

Fintech

Foreign Direct Investment Regimes

Franchise

Gambling

Insurance & Reinsurance

International Arbitration

Investor-State Arbitration

Lending & Secured Finance

Litigation & Dispute Resolution

Merger Control

Mergers & Acquisitions

Mining Law

Oil & Gas Regulation

Outsourcing

Patents

Pharmaceutical Advertising

Private Client

Private Equity

Product Liability

Project Finance

Public Investment Funds

Public Procurement

Real Estate

Renewable Energy

Restructuring & Insolvency

Sanctions

Securitisation

Shipping Law

Telecoms, Media & Internet

Trade Marks

Vertical Agreements and Dominant Firms

Workplace Pensions

The International Comparative Legal Guides are published by:@ICLG_GLG

digital business 2020 · 2020-06-10 · cyprus e & g economides llc: xenia kasapi & george...

Documents