Berlin | Dusseldorf | Frankfurt | Hamburg | Cologne | Munich | Stuttgart
Header-Anwalt-Rechtsanwalt-Kanzlei-MTR Legal Rechtsanwälte
Contact
Berlin | Dusseldorf | Frankfurt | Hamburg | Cologne | Munich | Stuttgart
MTR Legal Rechtsanwälte Logo
Contact
Berlin | Dusseldorf | Frankfurt | Hamburg | Cologne | Munich | Stuttgart
Contact

Legal Lexicon

Wiki»Legal Lexikon»M&A»Information

Information

Information in Law: Concept, Significance, and Legal Framework

Definition and General Principles

In the legal context, the term “information” refers to data, facts, knowledge, or communications that are suitable for expanding the knowledge of third parties or influencing behavior. Information is a cornerstone of modern legal systems and permeates numerous areas of law, including data protection law, copyright law, competition law, as well as contract and liability law.

From a legal perspective, information is not considered property in the classic sense; rather, it is an intangible asset whose use, transfer, protection, and control can be legally regulated. The legal treatment of information depends on its context, content, and significance for the parties involved, as well as the public interest.

The Concept of Information in Law

Distinction between Information, Data, and Knowledge

In numerous laws, information is distinguished from mere raw data and processed knowledge. While data is usually regarded as raw values without context, information acquires meaning through the connection of data. Knowledge arises when information is systematically analyzed, interpreted, and applied.

Legal Sources on Information

The treatment of information is regulated in various legal norms, including:

  • General Data Protection Regulation (GDPR)
  • Federal Data Protection Act (BDSG)
  • Copyright Act (UrhG)
  • Act Against Unfair Competition (UWG)
  • Freedom of Information Acts (IFG)
  • Telecommunications Act (TKG)
  • Commercial Code (HGB)
  • Civil Code (BGB)

Each of these legal norms addresses information protection, access, transfer, or disclosure obligations differently.

Legal Classification of Information

Protection of Information

Certain information is subject to special protection mechanisms, for example as trade and business secrets (§§ 2 et seq. GeschGehG) or as personal data (Art. 4 No. 1 GDPR). Copyright law also protects the presentation of information if it constitutes individual works.

Information Duties and Rights

Laws can expressly require the release, provision, or disclosure of information. This includes in particular:

  • Contractual information obligations: Parties must exchange information essential to the contract (§ 242 BGB – good faith).
  • Public law information entitlements: Citizens have the right under the Freedom of Information Act to obtain official information from authorities.
  • Consumer protection information obligations: Businesses must comprehensively inform consumers before concluding a contract (e.g., Art. 246 EGBGB, Art. 13, 14 GDPR).

Confidentiality and Prohibition of Unauthorized Disclosure of Information

Unauthorized handling of confidential information may be subject to civil and criminal sanctions. The following are notable, among others:

  • Protection of Trade Secrets (GeschGehG)
  • Confidentiality obligations (e.g., § 203 StGB; § 43a BRAO)
  • Data protection restrictions on the disclosure of personal data (GDPR, BDSG)

Protection and Exploitation of Information

Copyright Aspects

Information as such is generally not protected by copyright. Only the specific presentation or arrangement of information enjoys protection, provided it can be recognized as a “work” within the meaning of § 2 UrhG.

Protection of Trade and Business Secrets

The Trade Secrets Protection Act (GeschGehG) regulates which information is considered worthy of protection as a secret and penalizes unauthorized acquisition, use, or disclosure. A prerequisite is that the information is not generally known, is economically valuable, and is protected by appropriate confidentiality measures.

Competition Law Protection of Information

The Act Against Unfair Competition (UWG) also protects trade secrets in the context of fair competition (“Disclosure of Business Secrets”), but also applies where market participants use or disseminate misleading or inaccurate information.

Data Protection Regulations

Personal information is primarily protected by data protection law. The GDPR and BDSG regulate in detail the modalities for collecting, processing, using, and deleting personal data, and impose penalties for unauthorized handling or data misuse.

Access to Information and Right to Information

Right to Information Against Authorities

The Freedom of Information Act (IFG) and comparable state-level regulations govern access to official information from public administration. The aim is to ensure transparency in government actions and to involve citizens in the administration’s information management.

Information Rights in the Corporate Context

Employees, shareholders, and other stakeholders may have specific information rights, for example at the general meeting (§§ 131, 400 AktG) or through co-determination rights in the Works Constitution Act (§ 80 BetrVG).

Right to Information in Data Protection Law

Data subjects have the right to obtain information from controllers about data stored about them (Art. 15 GDPR).

Liability in the Handling of Information

Information Liability in Contract Law

The transmission of incorrect or incomplete information can result in liability, e.g., as a breach of disclosure obligations during contractual negotiations or relationships (§§ 280, 311 BGB).

Tortious Liability Due to Information Transmission

If false or damaging information is intentionally or grossly negligently transmitted or published, tort claims pursuant to § 823 BGB may arise if unlawful damage is caused as a result.

International Dimensions

With the ongoing globalization of information exchange, international regulations such as the EU General Data Protection Regulation (GDPR) or agreements for the protection of trade secrets (e.g., TRIPS Agreement) are becoming increasingly important. Particular attention must be paid to cross-border issues of information protection, liability, and access to information.

Overview: Information in the Legal Context

Information is protected and regulated in multiple dimensions under the law. Its importance ranges from fulfilling statutory information obligations, protecting confidential data and trade secrets, to ensuring transparency and access to public information. The legal framework both protects legitimate interests and enables freedom of information and fair competition. The development of law in the field of information remains a constant challenge in light of technological progress and the increasing importance of intangible assets in business and society.

Frequently Asked Questions

What legal requirements apply to the sharing of information within a company?

The sharing of information within a company is subject to a variety of legal regulations, particularly those deriving from data protection law, labor law, the Trade Secrets Act (GeschGehG), and potentially industry-specific regulations. It is important to note that personal data (e.g. about employees or customers) may only be shared if it is based on a legal ground (§ 6 GDPR). Within a company, this is often regulated by the “need-to-know” principle, which means that only those individuals who require access to certain information for their professional duties may receive it. In addition, the Trade Secrets Protection Act (GeschGehG) stipulates that sensitive business and trade secrets may only be made accessible to authorized persons. Violations of these regulations can result in labor law consequences, claims for injunctions and damages, or even criminal prosecution. Particularly in regulated industries such as finance or healthcare, further specific requirements regarding information sharing apply, such as banking secrecy (§ 30a KWG) or medical confidentiality (§ 203 StGB).

What legal requirements must be observed when publishing information on the internet?

The publication of information on the internet is subject to various legal frameworks. The most important include the Telemedia Act (TMG), the General Data Protection Regulation (GDPR), the Copyright Act (UrhG), and, where applicable, the Act Against Unfair Competition (UWG). In principle, the identity and contact details of the responsible party (imprint obligation, § 5 TMG) must be clearly visible. Personal data may only be published if the data subject has consented or another legal basis exists. Content, images, texts, or designs may only be published if no copyright or other third-party rights are infringed. When publishing business information, the prohibition of misleading advertising (§ 5 UWG) must also be observed. In addition, personal rights (e.g., unauthorized publication of images under § 22 KUG) must be particularly respected.

What information obligations do companies have towards contractual partners?

Companies are legally required to provide certain information to their contractual partners without being asked. These information obligations arise, among other things, from the German Civil Code (BGB), in particular §§ 241, 312d, 355 BGB, and from specific consumer protection laws. In online trade, pre-contractual information according to Art. 246a EGBGB is relevant, for example about the total price, the essential characteristics of the goods or services, delivery terms, the right of withdrawal, and complaints procedures. Breaches of these obligations can lead to the invalidity of the contract, claims for damages, or fines imposed by supervisory authorities. Information obligations under the Supply Chain Due Diligence Act or in the context of sustainability reporting are also increasingly important.

What statutory regulations exist for the retention and destruction of information?

There are various specific statutory regulations for the retention and destruction of information, which differ depending on the type of information (e.g., tax relevance, personal data, trade secret relevance). According to §§ 257 HGB and 147 AO, for example, business letters, accounting records, and other tax-related documents must be retained for six to ten years. After the statutory retention periods expire, the documents must be destroyed in accordance with data protection requirements, i.e. in a manner that precludes reconstruction (see Art. 17 GDPR in conjunction with DIN 66399). For personal data, the principles of data minimization and the right to erasure (right to be forgotten) must always be observed.

What rights do data subjects have regarding information stored about them?

Individuals whose data is being processed have, under the General Data Protection Regulation (Art. 15 GDPR), extensive rights to information about the personal data stored about them. This includes details about the purposes of processing, categories of data, recipients or categories of recipients, the planned retention period, as well as the existence of data subject rights (rectification, erasure, restriction, objection, right to lodge a complaint with a supervisory authority). The company is obliged to provide the information free of charge—except in cases of manifestly unfounded or excessive requests—and in a structured format within one month. Violations of this right can result in significant fines.

What liability risks exist in the case of incorrect or misleading information provided to third parties?

Incorrect or misleading information provided to third parties may result in civil, competition, and, if applicable, criminal liability risks. Pursuant to §§ 823, 826 BGB, an injured third party can claim damages if they have suffered financial or other loss due to incorrect information. Misleading information in business transactions may also constitute unfair competition under §§ 3, 5 UWG and trigger warnings, injunctions, or claims for damages. In extreme cases, fraud (§ 263 StGB) or violation of information obligations under special statutory provisions may occur, which can have criminal consequences. Companies are therefore well advised to establish internal control systems to ensure the accuracy and lawfulness of disclosed information.

What special regulations apply to the cross-border transmission of information?

The cross-border transmission of information, especially personal data, is subject to special legal requirements. According to the GDPR, personal data may only be transferred to countries outside the European Economic Area (third countries) if an adequate level of data protection is ensured there (Art. 44 et seq. GDPR). This can be achieved through adequacy decisions by the EU Commission, standard contractual clauses, or other appropriate safeguards. Companies must also inform about the data transfer and implement specific contractual and technical protective measures. Violations can lead to massive fines and restrictions on international data traffic.

How is the relationship between freedom of information and the protection of secrets legally regulated?

The relationship between freedom of information, for example under the Freedom of Information Act (IFG), and the protection of trade and business secrets is subject to a balancing of interests. While the IFG provides for a right of access to official information vis-à-vis public bodies, it also stipulates extensive exemptions to protect public and private interests (§§ 3, 6 IFG). Sensitive company information, trade and business secrets are particularly protected; their disclosure is generally only permissible if there are no overriding legitimate interests of the secret holder. The decision regarding disclosure thus regularly requires an individual case assessment and, if necessary, a hearing of the affected party.

Auf dieser Seite

Further term explanations