Court ruling on email: What enterprises in Germany must know nowCommunication affects all departments in everyday business: product development, human resources, sales etc. But how much should be sent by regular email or as an email attachment? Depending on their content, various regulations apply to data transfers and those must be observed. In addition, there are requirements for signing documents which determine their legal validity. In Germany, there is a lot that needs to be considered in this regard. We asked the CFO of Cryptshare, Oliver Kenk, to shed more light on this.

In their day-to-day business, companies and organisations in Germany deal with data that is subject to a wide range of laws and regulations. There is the Law on the Protection of Trade Secrets, the legal requirement for having official documents in writing, and, above all, the General Data Protection Regulation (GDPR)… so what needs to be considered for compliance?
Oliver Kenk: A company should first create transparency about what types of data are exchanged on a daily basis and how high the need for protection of this data is. For a great deal of data, there is a strong company interest in keeping it confidential, but also in complying with significant external obligations or requirements imposed by the legislator – the GDPR comes to mind. Therefore, the careful evaluation of the available types of data is followed by whether and how the handling of these is regulated by law, and in the third step – very important – the staff must be trained accordingly. Finally, employees must be equipped with the right tools to handle data correctly. In the end, this is how good compliance is achieved.

Better, but still a way to go: GDPR awareness for users.Better, but still a way to go: GDPR awareness for users in Europe.

Data is not only used internally, but also externally as it is sent to third parties. Digital communication is increasing both in terms of quantity and quality. What do companies have to bear in mind when exchanging information digitally?
Oliver Kenk: First of all, we must differentiate here: On the one hand, there are the messages and files that need to be sent, on the other hand there is the transport itself. Those involved must be aware of what they are actually sending, what the specific content is, and what the respective legal requirements are. How this exchange of information then takes place depends on the answers to these questions.

What does this look like in everyday work?
Oliver Kenk: Nowadays, data can almost always be sent digitally, which is significantly faster and cheaper than sending it via regular mail. However, if the messages and files need to be protected, for instance a company’s intellectual property or personal data, then the digital transfer route should or must be encrypted. Our communication solution Cryptshare fulfils this requirement and offers legal security for the digital transport route because the sender can trace the delivery.

So when does the type of document to be sent make a difference?
Oliver Kenk: In the B2B sector, i.e. among fully qualified merchants, the type of document is less important for the digital exchange itself – as long as it is protected from access by unauthorised third parties and the document itself does not explicitly exclude digital transfer. In the B2C sector, however, a lot more attention is required. According to article 126 of the German Civil Code (BGB), the so-called ‘Schriftformerfordernis’, meaning the legal requirement for documents in writing, comes into play. This, for example, goes for documents pertaining to labour law. In such cases, it is important to check whether there are special legal requirements or whether the type of transfer is also specified in the document itself. With that being said, however, according to article 126a BGB, the legal requirement for documents in writing can also be fulfilled digitally if they are signed with qualified electronic signatures. This legal requirement for documents in written form therefore does not necessarily mean that digital transport is excluded.

Still number one in business communication: email.Still number one in business communication: email.

In business, email remains the undisputed number one means for communication worldwide. What does the ruling of the State Labour Court in Cologne from January 2022 mean for email correspondence going forward?
Oliver Kenk: Regular email will clearly remain one of the main means of communication in the business world. But it is not always the appropriate means of transferring information. This was confirmed in the ruling of 11 January 2022 [author's note: LAG Köln, Urteil vom 11. Januar 2022, Az: 4 Sa 315/21]: In this case, it was not sufficient for the employer to send an email to their employee and show their own outbox as proof of delivery. The employer reasoned that they had not received any sort of notification concerning their sent email – neither that it had not been delivered nor that it had been delivered with a delay. The court was not convinced by this argument: according to article 130 of the German Civil Code (BGB), the sender of an email bears the full burden of proof that their email was actually delivered to the recipient.

What does this mean in concrete terms for corporate communications in Germany?
Oliver Kenk: That there are cases in which a regular email is not enough. The mere sending of an email says nothing about if or when it was delivered to the recipient. When an organisation chooses a means of communication, it should always ensure that the delivery can be clearly proven.

Is the sender in the clear if they request a read receipt?
Oliver Kenk: A read receipt is not necessarily sufficient. A lot depends on the email system on the recipient's side, and as such the sender usually has no control. With IMAP-based email clients, the sender can receive a read receipt if an email was merely marked as read. And without IMAP, there is no way to send a read receipt with some mobile systems. Furthermore, German freemail providers like and GMX explicitly point out on their websites that read receipts are not legally recognised in contractual matters – and cannot be legally invoked.

So what would be your advice for enterprises and organisations who want to act now?
Oliver Kenk: This brings me back to what I said at the beginning. My recommendation for action is: Don't leave your staff with email alone; give them something they can work with! Provide a communication solution, such as Cryptshare, that allows everyone to exchange messages and files in a legally secure and simple way, so they can achieve compliance. This will set you up for success and alleviate the stress that comes with navigating legal requirements.

Find out how you can protect your
business communication easily and securely.

About this blog

With our software Cryptshare we enable our customers to share e-mails and files of any size securely in an ad-hoc way with a detailed audit trail and a strong ROI.

On our blog we write about email encryption, cybercrime, security gaps, malware, data protection and more. In short, anything about data security.

Follow us