According to media reports, the first cease-and-desist letters have been issued in relation to alleged violations of the EU General Data Protection Regulation (GDPR). The cease-and-desist letters seem to concern, inter alia, data protection declarations on websites. In particular, the letters seem to address specific website tools (e.g., Google Fonts, Like buttons) and whether their use and description in the data protection declaration is compliant with the GDPR.

The legitimacy of the cease-and-desist claims addressed in these letters is unclear. For example, it is doubtful whether unfair competition law can form a legal basis for such claims since it is unclear whether GDPR rules are “market conduct rules” within the meaning of section 3 a) of the German Unfair Competition Act (Gesetz gegen den unlauteren Wettbewerb, UWG).

In order to prevent abusive cease-and-desist letters, various legislative proposals have been put forward by the German legislative bodies.

The Legislative Proposals

On 12 June 2018, the parliamentary group of the Free Democratic Party (FDP) requested that the German federal government combat abusive cease-and-desist-letters. The FDP says that a law is needed to ensure that, in case cease-and-desist letters are based on non-compliance with information duties under Articles 13 and 14 of the GDPR (e.g. incomplete data protection statements), the person who issues the letter has no claim for reimbursement of expenses against the addressee.

According to German daily newspaper Die Welt, Angela Merkel’s Christian Democratic Union (CDU/CSU) parliamentary group plans to enact legislative change before the parliamentary summer break to prevent lawyers from claiming fees for the issuance of GDPR cease-and-desist letters during a one-year grace period. Social Democratic Party (SPD ) representatives so far have been reluctant to express support for the proposal.

Most recently, on 26 June 2018, the federal state of Bavaria introduced draft legislation into the German Federal Council to, inter alia, prevent abusive GDPR cease-and-desist letters. The proposal is to amend the German Unfair Competition Act and the Unfair Terms and Conditions Act (Unterlassungsklagegesetz, UKlaG). According to the proposal, GDPR provisions should be explicitly and generally excluded from the scope of unfair competition law. The right of action of associations under the Unfair Terms and Conditions Act shall further be limited to associations that fulfill the requirements under the GDPR. The proposal aims in particular to protect small- and medium-sized enterprises against unjustified GDPR cease-and-desist-letters.

A Look Ahead

A law on the issue of cease-and-desist-letters based on alleged GDPR violations would bring some legal certainty on whether and under what circumstances cease-and-desist claims are justified. The German Federal Council will decide in July 2018 whether to submit the Bavarian draft legislation into the German parliament. It remains to be seen whether the draft can spawn support in the German Federal Council and what law ultimately will be passed.


This article was originally published on AllAboutIP – Mayer Brown’s  blog on relevant developments in the fields of intellectual property and unfair competition law. For intellectual property-themed videos, Mayer Brown has launched a dedicated channel available here.