The creation of a legally compliant author homepage
Since the entry into force of the General Data Protection Regulation (GDPR), the topic of data security has been on everyone's lips. Although the feared wave of warnings has so far failed to materialize, lawyers or so-called legal experts are still searching the Internet for websites that have gaps in data protection law.
Consult legal counsel in case of doubt
In this article, we will give you tips on how to create a legally compliant author homepage, so that you can protect yourself from such warnings. But please note that this is not legal advice. Therefore, we advise you to clarify cases of doubt with a lawyer.
Working with legal precision
If you decide to have a website as part of your author marketing, then there is a bit of work waiting for you. Nevertheless, you should not be afraid of creating an author homepage, because it is an important tool to make you and your works known. However, there are a few things to consider in terms of data protection. This is no less important than the Copyright or the legally impeccable Cite in your own book. And the more features your website has, the more careful you have to be about protecting personal data. But if you don't want to delve too deeply into the topic of data protection, we recommend keeping your homepage very lean. Nevertheless, you should know some basics about data protection. We have more legal information about your book and your authorship for you in our contribution to the Author's right summarized.
What is the GDPR?
Every author homepage processes personal data
Now you might think that you don't process any personal data on your website. However, this is the case on (almost) every website, for example via contact forms, Google Analytics, Facebook Pixel and much more. But don't worry, as long as your site doesn't include a shop or a newsletter as well as a comment function, then you only need to pay attention to a few things. In addition, this article provides you with tips for plugins that you can activate in your content management system (CMS) and that provide your site with all the necessary tools for data protection.
An imprint has been mandatory on a homepage for a long time and there have been no changes here due to the DSGVO. If you are unsure what the imprint must contain, you can use a so-called "imprint". Imprint Generator use. This is a tool that queries relevant data from you and thus generates an imprint, which you will then receive as a download. How the imprint should look like in your book, you will learn here.
The data protection statement (DSE)
- which data are collected and processed
- whether and how data is passed on to third parties
- on the right of withdrawal, deletion of data and opt-out
- to a contact person for data protection (in most cases this is yourself).
Fortunately, you don't have to write the text completely yourself, but you can also use the so called Privacy generators use. With the help of this tool, your DSE will be customized for your website.
The address field
The existence of personal data becomes particularly clear if there is an address field on your author page. You can use this to send a newsletter and draw attention to news or readings. In this context, the user must be informed about which data is stored for which purpose. You can ensure this by inserting a corresponding note in your DSE (the existence of an address field is queried in common data protection generators) and by using a so-called double opt-in.
Implementation of a double opt-in
You have probably already given this consent yourself, consciously or unconsciously. When you sign up for a newsletter on any website, you must confirm this directly in the EU legal area, usually by ticking a box. You will then receive an email with a link. Only when you have clicked on this, then the receipt of the corresponding newsletter is secured. It is very important that the subscriber only receives what he or she has signed up for. So you have to specify the type of newsletter in the registration field. A corresponding plug-in helps you with this.
By the way, this procedure already existed before the GDPR came into force and is therefore possibly nothing new for you if you use an address field on your author homepage. What is new in this context, however, is the ban on freebies as a "reward" for subscribing to a newsletter. So, for example, you may no longer send your customers a reading sample as a thank you for signing up. Free products may no longer be exchanged in return for personal data.
Especially if a blog is integrated on your author homepage, then the use of a comment function is recommended. The advantages for you as an author are obvious, because on the one hand you get helpful reactions to your content as well as information about your readers and on the other hand it is a good way to get in touch with your target group.
But there are also a number of disadvantages, because responding to comments takes time and you have to make the function legally secure. If a reader makes a comment, then data about the user is automatically stored, how could it be otherwise? And even in this case, there must be the opportunity to object to this. However, there are a number of Plug-insthat help in this context.
Beware of the Google Analytics minefield
If your author homepage serves as a business card that "only" informs your readers about you as an author or your books, then we recommend that you deactivate the use of analysis tools such as Google Analytics in your CMS. The reason for this is the fact that there are regular legal changes and in this context you have to make adjustments to your author homepage every time.
Data transfer to third parties
If you pass on data to third parties, then you must conclude a so-called order data processing contract (ADVV) with this provider. This regulates which data the service provider receives and what he is allowed to do with it. The transfer of personal data to an external service provider happens on every author's homepage. This is because data is already stored by your server provider (e.g. Ionos or All-inkl) and the CMS (e.g. WordPress) when a user accesses your site. Other service providers with whom you have to conclude an ADVV are Google (for Analytics), a possibly existing newsletter provider (e.g. Mailchimp) and social media platforms such as Facebook or Youtube, if you connect them with your author page.
In most cases, the providers provide an ADVV on their pages. If this is not the case, then you should think about changing the provider, because a missing ADVV is liable to a warning. In addition, the responsibility of the user data then lies with you and not with the service provider.
Are author fanpages on social media platforms legally safe?
If, in addition to your author homepage, you have a Facebook Fanpage or operate a page on other social media platforms, then extended guidelines regarding data protection also apply since the introduction of the GDPR. And although the regulation was introduced more than a year ago, there are still innovations and uncertainties regarding social media and data protection.
As is well known, Facebook in particular is a thorn in the side of data protectors from all over the world, as the platform's handling of personal data is still not very transparent. For this reason, the Federal Court of Justice confirmed once again in July 2019 that the page operator is always jointly responsible with Facebook for data protection. This puts you as an author in a difficult position, because you can not intervene in the use of data on the part of Facebook.
Do I have to give up my Facebook author page now?
If you want to be on the safe side with 100%, then you would have to Facebook author page give up. The fact is that not only Facebook, but also other social media platforms do not meet the standard of European data protection, even more than a year after the GDPR came into force. But we don't advise you to take such drastic measures, after all, Facebook offers countless marketing opportunities and brings you into contact with your readers. However, you should only keep "living" fanpages alive. It is therefore pointless to set up a social media page and then not maintain it. Only worry about privacy if you can and want to post content regularly. Otherwise, you should actually deactivate the page to be on the safe side.
But what do you have to watch out for now? First of all, you should keep your eyes and ears open, because there are constant innovations in relation to social media and data protection. In the meantime, there are some lawyers who have specialized in online law. Subscribe to the corresponding newsletters, for example from eRecht24 or easyrechtssicher. Yes, another newsletter doesn't make the email inbox any emptier, but you should always stay up to date on the topic of data protection to avoid nasty surprises in the form of warnings or fines.
With these measures you can secure your author fanpages
To make sure your author fan page is legally compliant within reason, there are a few steps you should implement. Set the DSE on your author homepage with the help of an Generators to your fan pages. This is especially true if you link to your social media accounts from your homepage. Your DSE must therefore contain precise information on which platforms you are active. Furthermore, you should implement a DSE on your fan page that deals with the data that the operator of the social media platform collects. You can find a sample for this text as well as instructions on how to integrate it at lawlikes. This DSE must be published clearly visible for the visitor, on Facebook this is possible for example via the function "Story", the menu item "Info" or a pinned post.
What happens if my author page or fan page is not legally compliant?
First of all, nothing. Unfortunately, there are shrewd law firms and even private individuals who try to track down sites that are not legally compliant. The data protection authority also randomly checks compliance with the GDPR.
The possible penalties are high, there is talk of fines of up to 20 million euros or 4% of the annual turnover. In addition, there are warning, lawyer and possibly court costs. Furthermore, it is possible that you will receive a cease and desist order in addition to the fine. This means that you have to close your homepage or social media fan page immediately.
Of course, you don't have to pay millions if there are gaps in the imprint on your author homepage. But you should still be prepared against warnings. Because these cost not only money but also time and first and foremost you are an author and not a data protection officer.
However, if you keep your author homepage lean with information about you as an author as well as your works, then imprint, DSE as well as ADVVs with your server provider are sufficient.
Conclusion: The legally compliant design of a simple author homepage is not that difficult!
We hope that with the help of this article you can master the challenge of a legally compliant author homepage. We would like to point out once again that the liability for your author homepage always lies with you, even if you use the tools and generators mentioned. In addition, there are always legal adjustments and especially the free tools often do not include an update service, so you have to be constantly up to date. In case of doubt and if your author homepage becomes more complex, for example through the implementation of a shop, then by all means consult a lawyer who specialises in the topic of data protection.
All in all, it's not that difficult to create a legally compliant author homepage, since most pages don't have an integrated shop and Google Analytics only plays a minor role for an author. If you don't have your own author homepage yet, then we definitely recommend this to you, in order to inform your (future) readers and to draw attention to yourself through this tool of author marketing.
Here you will find an overview of the most important terms relating to data protection:
The DatensprotectiongroundvheoThe Data Protection Directive is a directive of the European Union that entered into force on 25 May 2018. Its content is rules on the protection of personal data stored and processed by data processors on the Internet. It consists of eleven chapters, each with 99 articles. Here you'll find the exact wording of the agreement.
With a AuftragsdatenvereinbarungsvThe collection, processing or use of personal data is agreed with a service provider in a contract. Such a contract must be agreed, for example, with a service provider who sends a newsletter on your behalf and to whom you send e-mail addresses collected by you for this purpose. The content of the contract must specify, among other things, exactly which data is stored for which purpose. The contract also specifies when the data will be deleted and what measures must be taken to protect it.
With the help of a Content-Management-Systems you create your author homepage. It is a software that helps you implement content, i.e. texts, videos or photos. In addition, you can give your site a structure with the help of the CMS. The most popular systems are WordPress and Typo3.
Cookies are small text files that are stored on the user's computer when visiting a website. They contain information about his behavior. These are reactivated when the website is called up again. A distinction is made between cookies that are automatically set by the respective website and those that are actively set by a user. This includes address data in an online shop, which is stored for a renewed purchase.
With the help of a generator, you can create a DSE or an imprint, for example, based on current legal texts. Unlike sample files, you do not have to manually adapt the relevant passages with your individual information. Instead, these are online applications that request the relevant data. With one click you will receive a file with your individual text. There are both free and paid generators on the Internet. The latter usually have an update service, so that the data always corresponds to the current legal situation.