VG Wort Counter Pixel and Data Protection – What Belongs in the Privacy Policy

If a website operator uses the VG Wort counter pixel, they process server log data and click-path indicators for the purpose of recording copyright-related remuneration claims under VG Wort's METIS procedure, regularly based on legitimate interests under Art. 6(1)(f) GDPR (business management and exercise of rights); given the embedding of third-server pixels, consent is often recommended in practice. This page explains which data the VG Wort counter pixel collects, what website operators use it for and which mandatory information regarding the VG Wort counter pixel belongs in the website's privacy policy.

A. Purpose and Functionality of the VG Wort Counter Pixel

The VG Wort counter pixel is a 1×1-pixel image that authors and publishers embed in journalistic and literary texts on websites in order to have the use of these texts recorded for the disbursement of copyright-related remuneration via the METIS procedure of VG Wort (Verwertungsgesellschaft Wort, Munich). METIS stands for "Meldesystem für Texte auf Internetseiten" (reporting system for texts on internet pages). If a text reaches a minimum number of accesses per year, the rights holder can assert remuneration claims under the German Copyright Act (UrhG).

Functionally, the counter pixel is a single image that is loaded from VG Wort's server (or that of its technical service provider) when a page containing a countable text is accessed. The server registers the access on the basis of the unique pixel ID. According to VG Wort, this involves a standardised, anonymised collection in which only the data points required for counting are evaluated. This page focuses on the integration function: the embedding of the counter pixel via an <img> tag or via a JavaScript variant in the HTML page of the website operator.

B. Mandatory Information in the Privacy Policy When Using the VG Wort Counter Pixel

Beyond general information about the controller, data subject rights and the supervisory authority, the GDPR requires a number of specific items of mandatory information in connection with concrete tools such as the VG Wort counter pixel: the purposes of processing (Art. 13(1)(c) GDPR), the legal bases (Art. 13(1)(c) GDPR) and – where processing is based on legitimate interests (Art. 6(1)(f) GDPR) – the specific legitimate interests pursued (Art. 13(1)(d) GDPR).

Further mandatory information concerns recipients or categories of recipients (Art. 13(1)(e) GDPR), transfers to unsafe third countries and their legal basis (Art. 13(1)(f) GDPR), the storage period or determination criteria (Art. 13(2)(a) GDPR) and – where data is not collected directly from the data subject – the categories of data processed (Art. 14(1)(d) GDPR). The following sections break down these items for the VG Wort counter pixel.

It is not necessary to list every single tool – including the VG Wort counter pixel – with its own text module and named reference in the privacy policy. The "text-module-per-tool" approach produces long, repetitive lawyer-drafted texts, makes the privacy policy difficult to maintain and barely readable. A topic-oriented approach that describes processing operations collectively (server operation, newsletter, tracking, sales …) and lists specific recipients used – including VG Wort – in an appendix is more appropriate. The matterius generator follows precisely this methodology.

C. Provider of the VG Wort Counter Pixel

According to the publicly available information, the contracting partner for German website operators when embedding the counter pixel is Verwertungsgesellschaft WORT (VG WORT), Untere Weidenstraße 5, 81543 Munich, Germany. VG Wort is a German collecting society within the meaning of the Collecting Societies Act (VGG); according to its own information, it acts for METIS as an independent controller for remuneration recording within the scope of its statutory tasks. According to the provider, processing on behalf of VG Wort does not take place within METIS; the website operator or rights holder (author, publisher) and VG Wort each generally act as independent controllers.

VG Wort's privacy notice is available at https://www.vgwort.de/datenschutz.html; general information on METIS is available at https://www.vgwort.de/. According to public information, sub-processors are used for the technical operation of the pixel infrastructure; the specific situation should be verified individually.

D. Data Processing by the VG Wort Counter Pixel – Step by Step

1. Collection: When a page with the embedded counter pixel is accessed, the visitor's browser sends an HTTP request to VG Wort's pixel server. The server thus receives the usual server log: IP address, date, time, user agent, referrer, and the counter-mark ID encoded in the pixel URL.
2. Storage: VG Wort states that it processes the IP address in anonymised form or only briefly and stores only aggregated count values per counter mark and time period. The exact retention periods are set out in VG Wort's privacy notice.
3. Use: From the count values, VG Wort determines whether a text has reached the minimum access numbers and assigns the counter mark to the rights holder's remuneration accounting.
4. Disclosure: According to the provider, no data is passed on to third parties beyond the infrastructure required for METIS.
5. Deletion: Anonymisation or deletion is carried out in accordance with VG Wort's specifications and after the periods required for remuneration accounting have expired.

E. Data Collected by the VG Wort Counter Pixel

According to publicly available information, the following are processed in particular when the counter pixel is accessed: IP address (processed in anonymised form according to the provider), date and time of access, user agent, referrer, the counter-mark ID and, where applicable, a pseudonymous session identifier. According to the provider, no cookies are regularly set in the pure HTTPS pixel variant; in the JavaScript variant, a pseudonymous browser identifier may be set.

These data can be classified into the following standardised data-type classes:

• Server log data: IP address, date, time and time zone of the request, URL of the requested content (pixel URL including counter-mark ID), referrer, information on the browser, operating system and device used, technical metadata such as the server-response status code.
• Click paths: information that a particular page of the website operator was accessed (the pixel trigger is tied to the page).
• Browser information: browser name and version derived from the user agent.
• Device data: device type, operating system, where derivable from the user agent.
• Coarse location data: derived from the IP address, but according to the provider only briefly and not used for profile building.

Personally identifying data fields such as name or e-mail are not collected by the counter pixel itself.

F. Purposes of Use When Deploying the VG Wort Counter Pixel

Website operators – in particular authors, publishers and online publications – use the VG Wort counter pixel to demonstrate the usage figures of their texts to VG Wort and, on this basis, to assert copyright-related remuneration claims from the METIS procedure. In addition, the counter pixel allows the rights holder to obtain an overview of their stock of qualifying texts.

These purposes can be classified into the following standardised purpose classes:

• Function provision: technical provision of the pixel within the page.
• General product improvement: reach analysis of countable texts for the website operator's general business planning.
• Exercise of rights: assertion of copyright-related remuneration claims under the UrhG and the Collecting Societies Act in the METIS procedure.
• Compliance: compliance with the requirements for reporting to the collecting society.

G. Legal Bases for Using the VG Wort Counter Pixel

According to the publicly available functional descriptions, the VG Wort counter pixel falls primarily into the tool category of tracking (statistics), with a clear focus on remuneration recording; it is not a profiling or marketing tool.

Reliance on legitimate interests under Art. 6(1)(f) GDPR is regularly to be considered. The relevant interests are in particular business management (reach measurement of countable texts for internal control), exercise of rights (assertion of remuneration claims under the UrhG) and compliance (compliance with reporting obligations vis-à-vis the collecting society).

The classification under Section 25(1) TDDDG is controversial: where the counter pixel is deployed without cookies and without storage in the end device (e.g. pure HTTPS variant with IP anonymisation), it is sometimes argued that there is no access to information on the end device within the meaning of Section 25 TDDDG. With the JavaScript variant including a pseudonymous identifier, however, a consent requirement under Section 25(1) TDDDG is more likely. In view of this uncertainty, practice and supervisory authorities sometimes recommend obtaining consent under Art. 6(1)(a) GDPR as a safeguard. The choice of legal basis depends on the individual case and must be reviewed by the website operator.

H. Specific Considerations and Notes on the VG Wort Counter Pixel

• Role of VG Wort: According to the provider, VG Wort acts as an independent controller within METIS; therefore, a Data Processing Agreement is regularly not concluded.
• HTTPS pixel variant: VG Wort offers a pure HTTPS pixel variant without cookies and with anonymised IP processing. This variant is preferable from a data-protection perspective.
• JavaScript variant: The JS variant may set a pseudonymous browser identifier; here the consent requirement under Section 25(1) TDDDG must be assessed more critically.
• Third-country transfer: VG Wort is based in Germany; according to the provider, pixel servers are operated within the EEA.
• Privacy notice: VG Wort's privacy notice is available at https://www.vgwort.de/datenschutz.html; website operators should refer to it in their own privacy policy.
• Settings for the website operator: choice of pixel variant (HTTPS vs. JS), restriction of embedding to countable texts, integration into the consent banner if consent is chosen.
• Opt-out: Since, according to the provider, the counter pixel does not build personal profiles, there is no classic user-side opt-out; if consent is used, the user can withdraw it via the consent banner.

I. FAQ on the VG Wort Counter Pixel and Data Protection

J. Conclusion and Call to Action regarding the VG Wort Counter Pixel

The VG Wort counter pixel is a relatively reserved tracking tool without a profiling component and primarily serves the assertion of copyright-related remuneration claims. Website operators should consciously choose the pixel variant, prefer IP anonymisation and cookie-free embedding and limit the embedding to countable texts. Depending on the variant chosen, reliance on legitimate interests or consent come into consideration; the decision should be documented.

For website operators, it usually makes little sense to include a separate text module in the privacy policy for every tool – including the VG Wort counter pixel. This makes the privacy policy long, unclear, hard to maintain and conflicts with the transparency requirement of Art. 12(1) GDPR. A structured, topic-oriented approach that explains tracking tools collectively and lists specific recipients such as VG Wort in an appendix is more appropriate. The matterius generator supports precisely this methodology.

K. Curator