On September 4, 2024, the German government made a groundbreaking decision. The new regulation on consent management services was adopted. It is based on the Telecommunications Digital Services Data Protection Act (TDDDG) and brings a breath of fresh air to the Data protection regulations.
These new cookie regulation Germany sets new standards in Internet law. It allows users to permanently save their decisions on cookie usage. The aim? A more pleasant surfing experience and fewer annoying cookie banners.
For companies, this means They need to rethink their cookie practices. The GDPR-requirements remain, but the way in which consent is obtained is changing. User-friendliness and Transparency are in the foreground.
Important findings
- The ordinance came into force on September 4, 2024
- It is based on § 26 paragraph 2 TDDDG
- Users can store cookie decisions permanently
- The aim is to reduce the flood of cookies
- The Federal Commissioner for Data Protection recognizes new services
- An effectiveness evaluation is carried out after two years
Introduction to the new cookie regulation
The new cookie regulation in Germany brings important changes for the handling of cookies. Online tracking and Website data. It is based on the Telecommunications Telemedia Data Protection Act (TDDDG) and the General Data Protection Regulation (GDPR).
Background to the regulation
Since the end of 2021, there has been a strict consent requirement for cookies in accordance with Section 25 TDDDG. This applies to various types of cookies such as session cookies, persistent cookies and first and third-party cookies. The regulation aims to strengthen users' control over their data.
Objectives of the new regulation
The regulation is intended to improve the user experience and strengthen data protection. It enables the recognition of consent management services that User preferences transparent management. Website operators must now obtain genuine, informed consent for cookies.
Entry into force and transitional periods
The new regulations came into force on December 1, 2021. An evaluation of their effectiveness is planned after two years. The upcoming ePrivacy-Regulation is not expected to be introduced before 2023, with a possible transition period until 2025.
| Aspect | Old regulation | New regulation |
|---|---|---|
| Consent | Partially tacit | Active consent required |
| Cookie banner | Frequently preselected options | No preselected checkboxes |
| Data transmission | Partly before consent | Only permitted with consent |
These changes present companies with new challenges in dealing with Website data and Online tracking. Compliance with the regulation is crucial in order to avoid legal risks and maintain the trust of users.
Legal basis of the New Cookie Regulation Germany
The new cookie regulation in Germany is based on a complex legal framework. The Telecommunications Digital Services Data Protection Act (TTDSG) forms the basis for protecting the privacy of terminal equipment. It requires explicit consent for the storage of information on end devices.
This regulation applies regardless of whether the data is personal or not. It is in line with the European GDPR and the ePrivacy-directive. A legal framework for cookie banners is created for the first time.
The development of the legal framework can be described as follows:
| Year | Event | Meaning |
|---|---|---|
| 2002 | EU cookie law adopted | First regulation on the use of cookies |
| 2009 | Revision of the ePrivacy-Guideline | Tightening of the consent regulations |
| 2018 | Entry into force of the GDPR | Comprehensive data protection reform in the EU |
| 2021 | Introduction of the TTDSG | Transposition of the ePrivacy Directive into German law |
Websites must now actively obtain the consent of users before setting non-essential cookies. These consents must be stored securely for up to five years. Companies are faced with the challenge of implementing these requirements without compromising the user experience.
Key points of the Regulation on Consent Management Services
The new regulation on consent management services brings important changes for companies and website operators. It is based on the Telecommunications Telemedia Data Protection Act and aims to improve the Opt-in consent strengthen and Transparency to promote.
Basis: § 26 paragraph 2 TDDDG
Section 26 (2) TDDDG forms the legal basis for the regulation. It stipulates that an independent body can recognize services that offer user-friendly and legally compliant procedures for consent management. This is intended to ensure compliance with the Cookie policy facilitate.
Requirements for user-friendly procedures
The regulation defines clear requirements for consent services. These must be user-friendly and at the same time comply with the applicable data protection regulations. The aim is to provide users with simple control over their data and at the same time ensure the Transparency to preserve.
Recognition procedure for consent services
An important aspect of the regulation is the recognition procedure for consent services. The Federal Commissioner for Data Protection and Freedom of Information is responsible for this. This procedure is intended to ensure that only qualified services take over consent management.
| Aspect | Requirement |
|---|---|
| User friendliness | Simple operation and comprehensibility |
| Transparency | Clear information about data use |
| Opt-in consent | Active user consent required |
| Technical implementation | Consideration of user settings |
The new regulation ensures that users have more control over their data. It encourages the development of solutions that prioritize both data protection and user-friendliness. Companies must Cookie policy and implement transparent consent procedures in order to meet the new requirements.
Effects on companies and website operators
The new cookie regulation in Germany brings significant changes for companies and website operators. Data protection regulations and the Internet law now require a more careful handling of Online tracking and user data.
A ruling by the Cologne Higher Regional Court in January 2024 underlines the need for equivalent buttons in cookie banners. This forces website operators to review and adapt their existing consent procedures.
The Bavarian State Office for Data Protection Supervision used AI scans to uncover 350 websites with faulty cookie banners. These results highlight the urgent need for action in implementing the new guidelines.
| Cookie type | Function | Consent required |
|---|---|---|
| Technically necessary | Basic website functions | No |
| Analytical | Optimize user behavior | Yes |
| Functional | Personalized functions | Yes |
| Marketing | Personalized advertising | Yes |
Companies must disclose their use of cookies transparently and give users the opportunity to make detailed decisions about the use of their data. This applies in particular to tracking and targeting cookies, which require explicit consent.
Adapting to these new requirements is essential for companies in order to avoid legal risks and maintain the trust of users.
New requirements for cookie banners and consent management
The design of cookie banners and the Consent management are subject to stricter rules. Website operators must now ensure greater transparency in the processing of Website data offer.
Design of cookie banners
Cookie banners must be more detailed and comprehensive. They should contain a clear list of the individual cookies and offer users a variety of choices. The buttons for consent and rejection must be designed equally.
Consent management by recognized services
Users can register with consent management services to manage their consent. User preferences to be defined. These services store the Opt-in consent for various websites. Providers of digital services should respect these settings.
Transparency and traceability
The new regulation aims to increase transparency. Users are to be reminded annually to check their settings. Consent is not limited in time. However, critics complain that website operators are not obliged to use these services.
- Detailed list of cookies
- Equivalent design of consent and rejection options
- Possibility to register with consent management services
- Annual reminder to check the settings
The new requirements pose challenges for companies, but promise more control for users over their data.
Relationship to the GDPR and existing data protection regulations
The new cookie regulation in Germany supplements the existing Data protection regulations. It works hand in hand with the GDPR and the ePrivacy Directive. The focus is on consent management for cookies and similar technologies.
While the GDPR has regulated the protection of personal data since 2018, the new regulation is aimed at the integrity of end devices. It specifies the requirements for managing user consent.
One important aspect is the extraterritorial application. The regulations apply to all companies that process the data of EU citizens - regardless of their location. This significantly strengthens data protection in the digital space.
The new regulation allows access to personal data on user devices for contract fulfillment. This expands the criteria for necessary access compared to previous versions.
The regulation on analytical cookies is also interesting. The use of cookies purely to measure visitor numbers no longer requires explicit consent. This makes website optimization easier for operators without neglecting data protection.
Violations could result in penalties similar to those under the GDPR. The fines can amount to up to 20 million euros or 4% of annual turnover. This underlines the importance of compliance with these data protection regulations for companies.
Practical implementation and best practices
The new cookie regulation in Germany requires careful adaptation of the Cookie policy. Companies need to Consent management-review and optimize processes. Transparency is the top priority here.
For effective implementation, we recommend
- Provide clear and understandable information
- Implement granular consent options
- Use recognized consent services
- Design cookie banner with equivalent buttons
One important aspect is the use of PIMS (Personal Information Management Systems). These give users improved control over their data. Consent management should be user-friendly and allow changes to be made at any time.
There are various ways for website operators to implement this:
| Solution | Description | Advantages |
|---|---|---|
| Opt-In | Consent when entering the site | Maximum legal certainty |
| Opt-Out | Information with delete option | More common, less invasive |
| Cookie Consent Tool | Free solution (e.g. SilkTide) | Simple integration |
| Premium WordPress plugins | Paid solutions | More options, good support |
The choice of the right solution depends on the individual requirements. It is important that the chosen method promotes transparency and enables effective Consent management makes it possible.
Possible consequences of non-compliance
The new cookie regulation in Germany brings significant changes for companies. Violations of the data protection regulations could have serious consequences. The Internet law provides for strict sanctions that website operators should be aware of.
Legal risks
Companies that disregard the new regulations expose themselves to considerable legal risks. According to the Telecommunications Digital Services Data Protection Act (TDDDG), website operators must obtain explicit consent for cookies and tracking services. Violations can result in fines of up to 300,000 euros.
Fines and warnings
The financial consequences can be considerable. In addition to the fines under the TDDDG, the GDPR provides for penalties of up to 20 million euros for serious infringements. In addition, warnings from competitors or consumer protection associations can result in considerable costs.
Reputational damage
In addition to the financial consequences, companies are also threatened with reputational damage. Users are attaching increasing importance to the protection of their data. A negligent approach to data protection regulations can permanently undermine customer trust and have a negative impact on a company's image.
English 
Deutsch 
Español 
Français 
Polski