Find out today what the legal world will be talking about tomorrow.
For operators, this often raises the question of which cookies require user consent and how the so-called cookie banner must be designed. In the meantime, there are numerous different implementations on the market. The TTDSG should now bring clarification.
Everything new from December 2021 or continue as before?
With the TTDSG, the legislator wanted on the one hand to react to the case law that has been handed down in this area so far and finally implement the ePrivacy Directive. This at least puts an end to years of discussions as to whether the German legislator has actually implemented the ePrivacy Directive. However, the law does not contain many more innovations, at least in the area of cookie consent.
Consent required for non-essential cookies!
Section 25 of the TTDSG now clearly requires the consent of the user if information is to be stored on the user's "terminal equipment" or if the website operator wishes to access this stored information. The provision largely corresponds to the wording of Article 5 (3) of the ePrivacy Directive. The term "terminal equipment" of the user is to be understood as any device with an Internet connection. This is intended to guarantee a broad scope of application of the law and protection of users. It should be noted that due to the extension of the scope of application, smart home applications, for example, may also be affected by the consent requirement in the future.
As was already the case under the ePrivacy Directive, however, the use of such cookies remains possible in the scope of application of the TTDSG, even irrespective of the existence of consent, which can be described as essential or necessary. This therefore still requires a differentiation of cookies and website operators must check into which category the cookie used falls.
Recognition of consent management services
As a real innovation, the legislator has introduced a regulation on information management of consents in Section 26 TTDSG. This is intended to create a legal framework that results in the recognition of consent management services. In order to be recognised, such services must in future prove that, in addition to user-friendly and competition-compliant procedures and technical applications for obtaining and managing consent, they have, among other things, no economic self-interest in granting consent and have a qualitative and reliable security concept. However, the recognition procedure required in this context will only be determined by the issuance of a statutory instrument pursuant to Section 26 (2) TTDSG.
As a result, the creation of the TTDSG represents a standardisation of the previous legal situation. When using cookies and other tracking tools, it must continue to be ensured that consent is obtained from the respective user of the website. Only in exceptional cases, e.g. when setting technically necessary cookies, can such user participation be waived. Due to the henceforth broad scope of application of the TTDSG, the aforementioned principles must also be kept in mind outside of "classic" end devices.