Germany e-commerce compliance checklist before paid ads (Verbraucherzentrale-proof)

Before scaling paid acquisition into Germany, the seven items below cover the violations that account for most consumer-association filings. Germany has 17 data protection authorities: one federal and one per Land. Together they generate more enforcement decisions per year than any other EU jurisdiction. The consumer protection associations (Verbraucherzentralen) add a parallel enforcement track based on unfair competition law. Either can land a binding order against a non-German seller routing traffic to a .de or .com offer aimed at German consumers.

1. Cookie banner with a refuse-all button equal in prominence to accept-all

The Bundeskartellamt, in coordination with several DPAs, has held that a banner with a green "Accept all" and a grey-text "Settings" link does not satisfy the freely-given consent requirement. A refuse-all button visually equal to accept-all is the expected pattern.

2. No tracker fires before the visitor interacts with the banner

Pre-consent firing of GA4, Meta Pixel, TikTok pixel, LinkedIn Insight Tag, or similar is the single most-fined pattern. The check is mechanical (DevTools, Network tab, fresh window) and Verbraucherzentralen run it routinely on stores running paid spend.

3. Imprint (Impressum) at one click from every page

Section 5 of the Telemediengesetz, now the Digital Services Act in its German implementation, requires a clearly identifiable Impressum reachable from every page. Most stores have one. Non-EU sellers running landing pages for paid ads often skip it, and that single omission is a frequent abmahnung subject.

4. Withdrawal rights disclosed before the order button

Article 6(1)(h) of the Consumer Rights Directive 2011/83/EU requires pre-contractual disclosure of the 14-day right of withdrawal. In Germany, the BGB requires it in a specific form including the model withdrawal instructions. A landing-page-to-checkout funnel that does not surface this before the pay step is a frequent VZBV claim.

5. Total price including VAT shown on the product page

Section 1 of the Preisangabenverordnung (PAngV) requires the total price including VAT to be displayed where the product is offered. Shopify stores selling B2C from outside the EU often default to a tax-exclusive display. That triggers PAngV.

6. Shipping costs disclosed before checkout

Same source. PAngV Section 3 requires shipping costs to be either included in the displayed price or clearly disclosed alongside it. "Shipping calculated at checkout" without indicative shipping costs available on the product page is the pattern Verbraucherzentralen file on.

7. Privacy policy in German with the specific German DPA contact named

GDPR Article 13(2)(d) requires the right-to-complain disclosure. For data subjects in Germany the relevant DPA depends on the controller's establishment. For a non-EU seller without an establishment, the lead DPA is determined by the location of affected data subjects, which means naming the relevant Landesbeauftragte rather than a generic reference.

Why this matters before the ads run

An abmahnung (cease-and-desist letter) from a German consumer association typically demands the violation be fixed, future violations cease, and the association's legal fees be paid. Costs are modest individually (a few hundred to a few thousand euros per letter) but they compound, and they often come in clusters once a store starts ranking on paid traffic. The seven-item audit prevents the cluster.