From e-Gaming to e-Music

Rechtsanwalt Dr. Wulf Hambach

Hambach & Hambach Rechtsanwälte
Haimhauser Str. 1
D - 80802 München
Tel.: +49 89 389975-50
Fax: +49 89 389975-60
E-Mail: w.hambach@timelaw.de
Against the background of Web 2.0, e-business in Germany has been able to record magnificent records in turnover, and – on the other hand – is faced with treacherous risks – an economic, technical and legal examination of a future market in Germany.

Germany and the WWW: this has, particularly during the last 5 years, been a unique success story – in particular from the economic point of view.

1. The economic side of German e-business

A recent study, commissioned by the BITKOM (German Federal Association for Information Industry, Telecommunications and New Media), forecasts a continuing steep increase in turnover for German e-business. By as early as 2009 – according to BITKOM – turnover will have increased to the incredible amount of 694 billion Euro. Just as the football club FC Bayern München (FCB) will be leading the Bundesliga for an incalculable period of time, Germans seem to be uncatchably active in the WWW, and particularly in European internet trade. Altogether, Germans have sold 30 per cent of all goods and services traded and sold via the internet – according to the latest BITKOM study. And just as Luca Toni (“Il Bomber”) is the trump card for the FCB, the area of internet gaming seems to be a promising card in the pack of German e-business. Nielsen, an international institution for media and market research, reported at the end of August 2007 that the number of online players increased by 76 within a period of only three years. In July 2007, 9.2 million Germans had visited online gaming websites (27.6 of all German internet users), only 5.2 million in July 2004 (17.5 %; source: Nielsen/NetRatings, NetView, Germany, Home & Work).

In a press release from the 10th of June 2008 the German Internet Industry Association BITKOM focuses on the current private Internet Betting industry. This sector is booming especially in times when Europe´s leading soccer nations meet in Switzerland and Austria. According to a new marketing study 2,2 million Germans are betting in the internet on a regular basis. Approximately 700.000 Germans are betting on the UEFA European Championship Tournament. According to BITKOM Vice-President Achim Berg these figures indicate that the private i-betting business is booming in Germany!

The “mother of online gaming”, the digital game market for consoles and PC games, also is continuing to grow steadily in Germany. The motor of this growth, however, mainly is the increasing spread of PCs and the growing number of broad band connections.

This can be seen from the following BITKOM graphics:

Market for digital games grows by 21 per cent

Total turnover with games consoles (hardware) and games for PCs and consoles (software)
in Germany, in Euro (Mrd. = billion)

Worldwide turnover with online gaming in billion Euros

The potential of online gaming in Germany is even beaten by the potential of online gambling and the field of internet games of chance respectively. It is not unlikely that this area (in particular sports betting), will soon be knocked out of the state’s hands (which is what happened in Italy and Spain and will probably soon happen in Sweden and France).

Until the time of the definite end of the (online) gambling monopoly in Germany, it will not only be the legal situation that continues to be fragmented. Economic estimates can hardly be carried out either, due to the lack of regulation and supervision and the growing black market in the area of unlicensed gambling coming with it (in this context, please also see the report in TIME-Law-News by Prof. Dr. Dr. Schneider – “Rapid growth expected of the black market for sports betting”).

Goldmedia GmbH, a consultancy company specialising in consultancy in the area of telecommunications, media and entertainment, in spite of all difficulties dared to make a forecast in 2006, which clearly shows the size of this hugely promising but also risky market:

Forecast: Online gambling (lottery, casino, betting) in Germany,
according to scenarios, stakes and gross profits 2005-2010
Online gambling (lottery, casino, betting) in Germany 2005 – 2010
Stakes/turnover in billion Euros

The lion’s share of the growing turnover in online gambling, however; goes to the large providers of online gambling in Britain, Malta and Gibraltar. The flowing chalice more or less passes by the state-run providers of gambling in the Deutsche Lotto-und Toto Block and the potential recipients of their funds (e. g. leisure sport associations) who recently registered record losses in turnover. The reason for this is simple: The State Treaty on Gambling, which came into effect on 1 Jan. 2008, provides for a highly disputed prohibition of operations and advertising. However, this prohibition does not apply for some private providers due to reasons based on the EU Treaties and on the German Constitution (compare report in – TIME-Law-News „Taking stock of legislative

activities“ – by the gaming law experts Claus Hambach & Dr. Wulf Hambach). Since the State Treaty on Gambling came into force, sports betting turnover – according to Toto-Lotto Niedersachsen –has collapsed dramatically. Lotto boss Rolf Stypmann said that the game Oddset slumped by 51.3 per cent during the first 15 weeks of this year. The Lotto boss also predicts economic problems in connection with the State Treaty on Gambling for the future. The newspaper Hessische/Niedersächsische Allgemeine Zeitung reported on the topic in an article on 15 Apr. 2008:
“According to the State Treaty, it will be prohibited to play the lottery via the internet from the beginning of next year onwards. “I consider this to be a mistake”, Stypmann said. On the one hand, the internet is an important future market for Toto-Lotto. On the other hand, the game would be easier to control there than in a lottery receiving office, where the players remain completely anonymous.”
Let us now leave the losers of e-business, and return to the winners: For years, so-called internet dating services have been another important pacesetter for German e-business. According to BITKOM, turnover in this segment of internet trade increased by almost one third to an incredible 85 million Euro in 2007. For 2008, an increase to 103 million Euro has been forecast. This means that 6.3 million Germans per month are looking for a partner online. This corresponds to the number of people living in the Federal State of Hesse. With 85 million Euro, Germans spent more money on the online search for a partner than on music downloads.

Market for online dating is growing strongly Turnover of internet dating services in Germany in Euros

(record year for internet dating services in Germany) *= Forecast

However, the e-music industry has no reason to hide behind online gaming and the “Friendscouts”. While the e-music segment so far had shown rather restrained growth in comparison with the rest of the world (2005: 19 million downloads of individual titles, 2006: 24 million; source: heise.de), 2008 seems to finally be seeing the breakthrough. The first quarter of 2008 already gave the providers of legal music downloads a new record. During these three months alone, 10.3 million individual titles were bought online. According to the market research company Media Control, this corresponds to an increase of 38.1 per cent compared to the same quarter of the previous year. Turnover increased by 45.2 per cent to the present figure of 20.4 million Euro (source: GfU/BITKOM).

Bernhard Rohleder, CEO of BITKOM, thinks that, in addition to the growing number of internet users, further factors are decisive for a positive development of e-commerce:
“High safety standards lead to a higher level of Trust in online purchases, electronic payment systems for smaller amounts become increasingly accepted, and mobile telephones have been established as a new sales channel in addition to the PC.
2. Assessment of German e-business under aspects of (internet) technology

A high level of security can be ensured by standards regarding technology or internet law. However: In particular young operators of (start-up) web portals often can hardly implement such high security standards for financial reasons. From such operators’ points of view, such standards rather impede fast initial growth.

However: Simple (start-up) online shops more and more often develop into complex Web 2.0 offers. In addition to the possibility of ordering products, such pages provide e-poker schools, the compilation of an own user profile, internal communications or live streaming offers. The web applications necessary for this are becoming more and more complicated and pose (internet) technical problems for the operators of the websites as well as for their users; as a consequence, the utilisation of such problem-afflicted 2.0 websites (once more) becomes unattractive.

The following commentary from the CHIP online forum shows the technical difficulties:
”Today for the first time I am having massive problems with Online Video Streams. Giga, Gamesports-TV and various other streams are lagging and buffering continuously. Haven’t reset anything and done the whole programme like searching for viruses/trojans/bugs, system recovery, hardware check etc. I have zero problems with my speed on the net, and all audio streams run without any problems. But as soon as I open a videostream via Winamp or WMP, it lags + re-buffers every 20 – 30 seconds.”
Such technical problems lead to frustration – in particular on user sites.

Thus: In order to prevent the operator from a technical and – as a logical consequence – an economic waterloo after the initial web euphoria, prevention is essential. This is because it is sufficiently known: A coffee party amongst elderly ladies is nothing compared the gossip- and criticism-mania of disappointed users who will not let off steam at the coffee table, but regularly in user forums. Obviously, the operator or the person interested in an IT-safe web offer exceeding a mere information site, can find information, in particular on the internet. For instance, the Bundesamtes für Sicherheit in der Informationstechnologie (German Federal Office for Security in Information Technology) provides extensive information in this field (e.g. http://www.bsi-fuer-buerger.de).

However, in order to face the task of providing a website which really is secure (in internet traffic) it is not obligatory but advisable to contact the “TÜV (technical control board) for internet security”. A recommendable contact here is, for instance, TÜV Rheinland Secure IT GmbH (www.tuv.com) which specialises in the area of internet security; TÜV Rheinland Secure IT GmbH is a company of the TÜV Rheinland Group which is about to merge with the TÜV Süd. Free events such as the TÜV Rheinland Secure IT event “Webportale: Mehr e-Business durch höhere IT-Qualität” (web portals: more e-business through improved IT quality) can provide an idea of the current dangers looming on the internet for the website operator and his users, and how to best face the continuously growing and changing dangers (click here for more information on this event which took place in Cologne on 18 June).

This is particularly important if entertainment games, competitions or the collection of private data (keyword: build-up of a data bank) are incorporated, if a user portal is established or if music offers are provided (regarding the legal difficulties surrounding the e-music business, please compare the TIME-Law-News report “The utilisation of music on the internet” – by Attorney-at-Law Marco Erler, expert in the areas of music and copyright law. The legal problems which inevitably arise in this context – some of them will be described in the following legal chapter – should also be eliminated in this process. Legal challenges occur as soon as an internet offer is no longer gratuitous, but if payments are due for internet services. Attorney-at-Law Dr. Michael Hettich approaches the problems surrounding so-called e-payment in his TIME-Law-News chapter “E-payment in Europe: Current technical and legal framework conditions”.

The pitfalls of IT law must not be neglected either. Such pitfalls are lurking for the operators of websites, in particular if they use non-updated information obligatory under user or consumer protection laws (keyword: outdated general terms and conditions, data declaration and cancellation notification etc.). For instance, website operators are obligated to adapt their notification on the user’s cancellation rights to the new statutory requirements by 30 Sep. 2008 at the latest in order to avoid expensive legal action. Attorney-at-Law Susanna Münstermann, expert in IT law, describes some treacherous pitfalls of IT law in her legal chapter: “Threat to existence due to cease-and-desist letters”.

3. Legal core assessment of German e-business

a) “The utilisation of music on the internet – still a legal minefield1

As stated already in the introduction, the online utilisation of third-party content is connected with substantial legal problems which must be clarified prior to the utilisation of such content. Otherwise there is the threat of drastic legal problems.

Just as Bayern Munich’s goal guarantor Luca Toni, in spite of knowing the rules, frequently is offside, many users stumble into the numerous pitfalls of the various fields of law, such as the law on copyrights, personality rights, name rights and trademark rights, in spite of having masses of information available warning them that the internet is not an unregulated field.

On 15 April 2008, Spiegel Online correspondingly, under the headline „photo agency Getty triggers online wave of cease-and-desist letters“, reported on the assertion of copyright claims by the photo agency Getty against numerous individuals using images online on their websites. This is not only a German problem. Internet forums show that Getty is pursuing those utilising online images without authorisation in other (European) countries as well. According to the information on Spiegel Online, Getty claims payment of a sum of approx. 1,500.00 Euro for a one-time utilisation per image. The unauthorised use of several images may therefore lead to painful damage payments.

Music generally is not unregulated common property!

In addition to the unauthorised utilisation of images, an online presentation may also violate other rights.

An example is the unauthorised utilisation of music within the framework of the online presentation, e. g. in e-shops. In the past, copyright claims based on the unauthorised exploitation of music, in particular ring tones, by subsidiaries of globally acting large groups of companies, were brought before courts by the holders of the rights. The former illegal download offers provided by Napster also occupied the courts. Streaming offers on Youtube have also been attacked (out of court). The International Federation of the Phonographic Industry (ifpi), i.e. the professional association of the large record labels, founded a separate company assigned with the research and prosecution of illegal online music offers on sharing networks (e.g. Gnutella). The reports to the police and the cease- and-desist letters issued to users generated this way have probably reached a four to five- digit number in the meantime.

German law important for foreign companies as well!

The problems connected with the online utilisation are not limited to German providers. Under certain conditions, foreign online providers also are obligated to comply with the requirements of German copyright law. German copyright law, just as German competition and trademark law, is applicable to foreign online cases if they are targeted directly to Germany. The Telemediengesetz (German Act on Telemedia) on the one hand provides for a privileged position for foreign online providers, according to which generally the law of the country of origin is to be applied. However, this regulation is not applicable to copyright questions, according to section 3 subsection 4 No. 6 Telemediengesetz. This means that German copyright law is applicable to foreign offers with a national reference. As the execution of German court judgements is possible within the European Union, foreign providers should also comply with the requirements of German copyright law when utilising music (online).

Rights to the music must be obtained!

Therefore, prior to using music (online), it must always be clarified which rights to the music must be obtained. There are only few exceptions where music may be used without approval by the holder of the rights (e.g. for a work of music 70 years after the author’s death), which should be legally examined in each individual case.

The described cases of illegal use of images and of music clearly show that it is necessary to clarify third-party rights in advance, during the phase of preparation of a concept and production of a website presentation. However, due to the variety of the applicable statutory regulations and due to the complexity of the various legal matters, this is easier said than done. The provider of online content must, in addition to the problems of (IT) law, such as compliance with the regulations on distance contracts and with data protection law, also comply with the provisions of the laws on copyrights, personality rights, names, marks and trademarks. The main area affected in the case of the utilisation of music is copyright law.

Where can I obtain the necessary rights to utilise music?

A particularly complex field is the question of obtaining the utilisation rights for using the music. Music transports emotions, and films and advertising campaigns would be unthinkable without it. As the internet will in the future not only be used as a source of information but more and more also as an entertainment medium, the use of music will increase.

However, it could be dissuasive that the necessary approvals must be obtained from the (numerous) holders of rights to the work of music and the musical recording prior to being able to utilise a piece of music. In contrast to regular goods and services, the authorisation to use a piece of music cannot be obtained by means of so-called “one-stop shopping”, i.e. from one person or one company. Rather, several contracts with different parties will be necessary. Uli Hoeneß, Vice-Chairman of FC Bayern Munich, would definitely feel at home here, as he would be able to once again prove his negotiation skills against several “opponents”.

Works of music are created by a composer and a texter or several composers and texters (authors) who thus obtain copyrights to the work of music. The piece of music is recorded by musicians and the singer as well as a producer who not necessarily are identical with the authors. The musical recording or the recorded performance, i.e. the rendition of the work by the singer and musicians as well as the recording by the producer (production of sound carriers) create so-called performing rights which also are regulated in the Urheberrechtsgesetz (German Copyright Act). This means that if music is to be used on a website, the copyrighted utilisation rights to the work and the copyrighted performing rights to the recordings must be obtained.

The majority of authors have (exclusively) transferred their rights to the musical works to a collecting society (Germany: GEMA) and to one or several music publishers for the purposes of exploitation. If several authors contributed to the creation of a musical work, all of the (co-) authors may conclude a contract on his/her part of the musical work with a different publisher. The music publisher and the collecting society administer different rights to the work.

The persons entitled to protection of performing rights, i.e. the singers, musicians and producers of the musical recording, will have granted the right to utilise the recordings to a record label. For cases of a secondary exploitation of the recordings (e.g. broadcast on the radio), performing rights to the recordings will have been granted to a performing rights society (Germany: GVL), by the singer and musicians as well as by the record label. This means that a division of the exploitation rights also takes place with regard to the musical recording.

The contractual relations described above only roughly show the chains of rights between the individual persons and companies who substantially participate in the exploitation of music. Other persons and companies may also be involved. However, for the sake of comprehensibility, we refrain from including a conclusive description.

The provider of a web offer now is faced with the question, whom of the many parties involved he/she will have to contact to be able to use the music online. This mainly depends on the type of utilisation. It is possible that a piece of music is meant to be used online in connection with advertising. Furthermore, a distinction must be made between downloads and streaming. The user must also examine whether the interactive use of music is possible or if the user can only listen to the music without being able to influence the beginning, length and end.

A detailed evaluation of each individual case of utilisation cannot be provided here due to the large number of utilisation possibilities. However, the following may be said as a rough assessment for the German territory: In cases of a utilisation of the work/recording of music for advertising purposes, the author and his/her music publisher and the GEMA as well as the producer or his/her record label must be contacted. In the area of downloads, a licence must be obtained from GEMA and the record label. An evaluation in the area of streaming decisively depends on the question of inter-activity. GEMA as well as GVL (in case of no inter-activity) or GEMA and the record label (in case of inter-activity) may be responsible.

However, prior to any utilisation it is necessary to legally examine in detail how the music is to be used in the specific case. This is the only way to filter out the affected rights and the parties holding these rights. A legally binding evaluation thus is only possible when looking at the specific case in question.

Payment for music!

Determining the affected rights and the correct addressee of the utilisation inquiry is, however, only the first step on the way to the licence. Now, the remuneration sum must be agreed. As numerous fixed tariffs are offered in the area of online utilisation (e.g. for music-on-demand or webradios), in particular by the collecting and performing rights societies, the user should in advance obtain information on the tariffs and their applicability to the intended type of utilisation. Through this procedure, the offer can subsequently be adapted to be able to use an economically reasonable tariff. Should a record label and/or a music publishing company be responsible, the user of the piece of music will be forced to enter into specific negotiations with this company.

Conclusion

Just as Luca Toni is puzzled by the offside traps set by his opponents, licensing music is not an easy business. One thing, however, applies for Luca Toni as well as for the user of music: If you stick to the rules, what you will get is a goal – or legal utilisation of music respectively.

The compliance of online offers with the statutory provision must be the top focus for German as well as foreign providers, despite the complexity of the various fields of law involved. The necessary rights should be obtained in advance, after consultation of a lawyer familiar with the trade. In our times, characterised by so-called “waves of cease-and-desist letters” and by companies systematically scanning the internet for infringements, there is the threat of painful damage claims for violations, in addition to the obligation to stop using the music due to cease-and-desist claims. On top of this, violations of copyrights may be subject to criminal prosecution.

It definitely is in the interest of the users to be able to use music without any restraints. However, it is essential to obtain a proper licence in order to also ensure musical diversity for the users. Luca Toni also is forced to live with the offside decisions against him – whilst still firmly targeting the goal-getter crown.

b) Threat to existence due to cease-and-desist letters – updates, continuous monitoring and legal consultation in cases of doubt regarding the content of the internet site will pay off2

Cost trap cease-and-desist letters

The risk of becoming the addressee of a cease-and-desist letter dangles above all internet providers like the sword of Damocles. The reasons for such cease-and-desist letters are varied and often are found in what seem to be bagatelles. A few thoughtless words in the notification on the user’s cancellation rights, in the general terms and conditions or the price information may lead to costs amounting to four or five-digit sums. The notification on the user’s cancellation rights is a particularly good example for the fact that even diligent businesses are not safe from cease-and-desist letters, as even the sample notification compiled and suggested up to now by the German Federal Ministry of Justice did not provide protection.

Cease-and-desist letters under competition law are always connected with the request to reimburse the costs for the assignment of a lawyer and may lead to surprisingly high court and lawyer’s fees for a legal dispute if the action is lost, as values for such disputes have been fixed at up to 30,000 Euros3. However, in the meantime there is a tendency in court decisions and legislation to take action against “mass cease-and-desist letters” issued by one provider, and against the collusive cooperation between a “cease-and-desist lawyer” and a company, because competition law is not meant to create a source of income for lawyers, but to provide competitors with means of taking action against the advantages obtained through infringements by their fellow competitors.

However, large and small providers on the internet must equally anticipate to be issued cease-and-desist letters which may make an expensive issue out of what seemed to be a minor carelessness. The old sample notification on the user’s cancellation rights, for instance, was objected to because according to its wording, the deadline for the issue of the cancellation declaration began “at the earliest upon receipt” of the notification instead of on the day “after receipt” of the notification. This risk is a serious burden for the internet economy in Germany; almost 50% of the online shops questioned in a study felt that their existence is threatened by the practice of cease-and-desist letters in Germany4.

New sample notification on cancellation rights

With the sample notification on cancellation rights, the legislator intended to provide a proper notification, upon the economy’s request, in order to make the wording of the notification easier for the companies, and at the same time to fulfil some statutory information obligations. However, this sample notification on cancellation rights has been criticised by the courts, so that even such businesses who had trusted in the validity of the sample notification received cease-and-desist letters. As a consequence of this criticism by the courts, a new sample notification on the user’s cancellation rights was compiled. Internet providers using the former sample text should modify the text correspondingly5. If the shop is re-designed, the new regulation, valid as of 1 Apr. 2008, should be implemented immediately, for all existing internet offers this should be implemented by 30 Sep. 2008 at the latest.

The new statutory regulation takes into consideration the criticism voiced by the courts up to now; however, there always is the danger that some judges may hold that the new sample notification text is not free of mistakes either. For the practice, what remains to be stated is that the wording of the sample notification still is long and clumsy. The ultimate aim, which is to inform the consumer in an easy and understandable way, can hardly be achieved by this. However, the new sample notification text will probably provide businesses with the highest possible level of protection against cease-and-desist letters.

General terms and conditions and distance sales law

Additional pitfalls are lurking in the general terms and conditions and in the compliance with the information obligations for distance sales contracts. For instance, a violation of the necessary precision of the general terms and conditions may already lie in the inclusion of the – often used – supplement “usually” when stating the delivery time6, and a reference to “insured shipment” may be considered to mislead the consumer7. Not all faulty clauses in general terms and conditions present a reason for a cease-and-desist letter; however, special attention is to be paid to the transparency of the wording, the price information and the compliance with the statutory provisions in the area of warranty rights8. Mistakes and inaccuracies in these areas may lead to the assumption of an anti-competitive advantage for the user of this clause, and thus allow the issue of a cease-and- desist letter.

Data protection – an underestimated duty?

The users’ interests in the protection of their data should not be underestimated, as can be seen from the angry reactions to the intended modification of the data protection regulations by StudiVZ around the turn of the year. The enthusiasm shown by the users when compiling their user profiles and filling them with content does not mean that they agree to their data being used for commercial advertising purposes.

Many internet providers regard the compliance with data protection regulations as a nuisance and negligible duty. However, in particular web 2.0 in all its forms of appearance shows that users readily and willingly disclose personal data, while they have some reservations against the utilisation of their data for commercial advertising. The statutory requirements and the extent of the users’ consent, however, are of substantial importance for the use of the customer data, in order to avoid costs for cease-and-desist letters, fines or even penalties under criminal law. Section 43 subsection 3 BDSG (Bundesdatenschutzgesetz – German Federal Data Protection Act), for instance even provides for a fine of up to 250,000 Euro, and section 44 BDSG provides for imprisonment of up to two years in case of an intentional violation of certain provisions of data protection law.

c) E-payment in Europe: Current technical and legal framework conditions9

[quote]”When I was young I thought that money was the most important thing in life;
now that I am old I know that it is.“
Oscar Wilde[/quote>]The basic requirements for payments of money have always been the same, and remain unchanged even now while the important flows of money only take place in the virtual world:

The wish to ensure safe payments and fast transactions.

While the virtual world promises independence of business transaction from time and place, the speed of payments with a sufficient level of security still had to be developed and had to be accepted by the users.

The new uniform European payment standard “Sepa” is meant to speed up money transfers in Europe in the future, however, it is not to be expected that the transferred sum will be credited in the same second. However, this is exactly what e-business requires, and what, prior to the introduction of alternative payment methods, could only be achieved through the use of credit cards. The reservations against the disclosure of the credit card number on the internet and the restricted access to credit cards due to the necessary credit worthiness still left a gap which was filled by the new payment methods such as PayPal, Giropay, Click & Buy or Moneybookers. Here, the transferred sum is credited immediately, also providing a minimum security standard with account and password authentication.

With PayPal, the payment system purchased by ebay, and the payment system Click & Buy used for a number of news magazines, a high level of market saturation and popularity of e-payment has already been achieved. However, some legal questions are yet to be clarified; new technical standards are required and additional regulations are expected, a small selection of which shall be described hereinafter.

EU Commission: User trust in e-payment in need of improvement

EU Commissioner Charly McCreevy recently declared on a study carried out on behalf of the Commission in 2007, that the EU Commission actively strives to keep the dangers due to fraud in cashless payment transactions at the lowest possible level, in the interest of the consumers as well as the financial service providers and credit institutions. According to the study, the users’ trust can still be improved, while significant directives, such as the Directive on the Prevention of Money Laundering (2005/60/EC) and the Directive on Payment Services (2007/64/EC) have either not been incorporated into national law, or this has only been done recently. The long-term success of these regulations and the spread of improvements among the users have therefore for the most part not yet been achieved.

New security standards for credit card transactions

The obligation to comply with new security standards for credit card transaction has developed without any pressure from Europe (PCI DSS – Payment Card Industry Data Security Standards).

This concerns regulations created directly by the leading credit card organisations, and which obligate all companies working with credit card transactions. This ensures additional security against system manipulation – in the interest both of the credit card institutions and of the customer.

In order to implement the regulations, it was made clear that the credit card institutions are entitled to impose severe penalties on their trading banks, while the dealers may be obligated to hold the banks harmless and bear any damages which may have been incurred. Contractual penalties of up to 500,000 US dollars per case of infringement are possible if data have been compromised due to the non-compliance with security standards. The most painful possible penalty would, however, be the discontinuance of acceptance of credit cards for the provider concerned.

For companies with more than 6 million credit card transactions per year, 30 September 2007 was the deadline for the implementation of the new PCI DSS. From January 2008 onwards, these compliance requirements also apply for companies with one to six million credit card transactions.

Framework with regard to supervisory law for e-money providers

A long-term cooperation with an e-payment provider in Germany is not only measured according to its business concept and solvency, but also according to the legal requirements. As the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin – Federal Financial Supervisory Authority) supervises among others the credit and financial services institutions and is authorised to close down their businesses if they do not have sufficient licences, the requirements set by this institution are decisive under the Kreditwesengesetz (German Banking Act).

As the requirements set by the BaFin, in particular for e-money institutions located in Germany, are very demanding, and the definition of the term “e-money“ by the BaFin is very narrow and restricted, this business form has hardly developed with German business locations and German banking permissions (the only known company is NCS mobile payment GmbH – Crandy).

The promising business areas already existing on a large-scale for e-money institutions thus are operated from other countries. With a registered location in one of the countries of the European Economic Area, the provider can extend the licence it holds there under the bank or finance supervision of its own country to the entire European Economic Area, with the help of the “European single passport”.

Applications for the “European single passport” are filed with the supervisory authority in the respective country in which the company is based. The foreign supervisory authority informs the German BaFin of the intended commencement of activities of the e-money institution, whereupon BaFin will inform the institution within two months of some special regulations applicable in Germany which must be complied with; following this, business operations in Germany (e.g. via the internet) can be commenced.

With this regulations, less strict requirements set by other countries of the European Economic Area can be exploited to the advantage of the e-money institutions which are based in the European Economic Area and wish to do business in Germany without applying for a separate licence there.

The economically interesting German e-money market can thus be operated cross-border without the requirement of any large expenses. This means that there is an opening in the banking market, the possibilities of which have not yet been fully utilised.

Summary

The new e-payment methods can boast high growth rates and continuous new designs which require the implementation of further technical security standards and provide specific chances of a cross-border market from the legal point of view. However, legal security in detail does not exist so far, so that a specific risk analysis is necessary, from the point of view of supervisory law as well as with regard to the risks of money laundering. This not only applies to e-payment providers, but also to internet shops or service providers only looking to cooperate with an e-payment provider.

1 The article „The utilisation of music on the internet – still a legal minefield“ was written by the Attorney-at-Law Marco Erler

2 The article an article „Threat to existence due to cease-and-desist letters – updates, continuous monitoring
and legal consultation in cases of doubt regarding the content of the internet site will pay off“ was written by
Attorney-at-Law Susanna Münstermann

3 compare OLG (Higher Regional Court) of Hamm, resolution dated 28.03.2007, ref. 4 W 19/07.

4 Poll by Trusted Shops GmbH, Shop-Abmahnungen im Internet, April 2007.

5 You will find the current version in Annex 2 to the Informationsverordnung zum Bürgerlichen Gesetzbuch (Information Decree to the Civil Code) under www.gesetze-im-internet.de.

6 KG (Regional Court) of Berlin, resolution dated 03.04.2007, ref. 5 W 73/07.

7 LG (Regional Court) of Hamburg, resolution dated 06.11.2007, ref. 315 O 888/07.

8 For instance, the hidden exclusion of sales to consumers is not legally valid (OLG of Hamm, judgement dated 28.02.2008, ref. 4 U 196/07), nor is the reference to third-party general terms and conditions (Landeslotteriegesellschaft) which also are meant to be included into the procurement contract (OLG of Celle, judgement dated 28.02.2008, ref. 13 U 195/07).

9 The article „E-Payment in Europe: Current technical and legal framework conditions“ was written by Attorney-at-law Dr. Michael Hettich