Legal pitfalls in website creation: what businesses need to know
The most common legal mistakes on new websites: from missing mandatory information to copyright and GDPR violations.
Copyright: using images and texts without a license
The most common and most costly legal mistake in website creation is using images without a valid license. Many business owners assume that images found via Google Image Search are free to use — that is a misconception with expensive consequences. Every image is protected by copyright from the moment it is created, regardless of whether a copyright notice is visible or not. Safe image sources include licensed platforms like Shutterstock, Adobe Stock or iStock, as well as free portals with CC0 licenses such as Unsplash or Pixabay. Even with your own photos there are pitfalls: if recognizable people appear in them, you need their written consent. Logos of partner companies may only be used with the explicit permission of that company. Copyright infringement warnings in Germany regularly cost between 500 and 2,000 euros — plus potential compensation claims.
Mandatory notices: legal notice and privacy policy
The German Telemedia Act requires every commercial website operator to publish a complete legal notice (Impressum) — regardless of company size or industry. The legal notice must contain the full name and postal address (no PO box), direct contact options (email and ideally phone), the responsible supervisory authority, and — for licensed trades — the relevant permit. It must be reachable from every subpage within two clicks. The privacy policy is equally important: it must exhaustively name all categories of data processed, list every third-party service individually (Google Analytics, Hotjar, YouTube embeds, contact forms, newsletter providers) and comply with the legal bases under GDPR. Outdated or incomplete privacy policies — for example those that do not mention Google Fonts or Stripe — are increasingly targeted by legal warnings.
Third-party services and data transfer to the US
A particularly frequent and underestimated risk comes from external services that transfer data to the United States. Specifically affected are: Google Fonts loaded directly from Google servers (which transmit every visitor's IP address to Google), Google Maps without consent, YouTube embeds, Facebook and Instagram plugins, and many chat tools and analytics tools. Following the CJEU's Schrems II ruling, such transfers without the user's explicit consent are legally problematic. The technical solution is manageable: Google Fonts can be hosted locally (eliminating the external request), Google Maps and YouTube are embedded behind a consent layer (two-click solution), and analytics tools only load after cookie consent. These measures are not something to address "at some point" — they are a legal requirement today.
Competition law and price information
Anyone communicating prices on their website must comply with the German Price Indication Regulation (PAngV). In the B2C sector, gross prices including VAT are mandatory — an offer of "from 999 euros" without reference to VAT is grounds for a legal warning. In the B2B sector, a clearly recognizable reference to net prices is sufficient, but this notice must be unambiguous and not buried in fine print. Beyond pricing, misleading advertising claims are prohibited under the Act against Unfair Competition (UWG): superlatives like "the cheapest prices in Germany" or "market-leading service" are legally problematic without verifiable evidence. Promising specific response times or success rates without a realistic basis can also create legal exposure. At Manotea we systematically review all legal requirements before every launch — so you can start with confidence and without unpleasant surprises.