On 01.12.2021, the new Telecommunications Telemedia Data Protection Act (TTDSG) will come into force. Content are some clarifications and innovations regarding tracking and cookies for website operators, companies and agencies. Read here in brief the most important regulations of the TTDSG.
Cookies and tracking
There are exceptions to this rule when it comes to technically mandatory cookies / tracking information. Those that serve exclusively to transmit messages via a public telecommunications network are also exempt.
Personal Information Management Systems (PIMS)
Under the TTDSG, end users can also use a PIMS to indicate whether, where and under what conditions they wish to declare their refusal or consent. Via the PIMS, this information is then automatically forwarded to all websites. The aim is to give end users more control over their data and make consent tools unnecessary.
However, it has not yet been determined what the procedure for recognizing such systems will be. Until this has been established by legal regulation, it is not yet possible to use them and they must continue to rely on Consent Tool / Consent Query.
Consent Tool / Consent Query
Accordingly, it is now mandatory for website operators to set up a consent tool / consent query. For many large CMS such as WordPress, there are already ready-made plugins for this.
The TTDSG, on the other hand, does not contain any answers to the question of what such a consent tool / consent query should look like. However, various statements and warnings from data protection authorities and consumer groups have identified a number of key points: Consent must be actively set by the end user. This means, on the one hand, that no option may be preselected and, on the other hand, that tracking must be technically deactivated until consent is given. There must be clear buttons for setting preferences: "Accept" and "Decline". These buttons must be of equal value and presented in the same design. Highlighting or representations on different levels are not permitted. In addition, the user must be informed about the purposes of the tools, number of providers and their headquarters (if outside the EU).
Scope of the TTDSG
The TTDSG goes further than the previous regulations in two respects: Firstly, the regulations refer to all end devices, which means that all devices connected to the Internet are also covered (IOT services, smarthome applications, etc.). Second, the TTDSG applies not only to personal data, but to all information that users of telecommunications services and telemedia disclose and that can thus be collected (e.g., browser fingerprinting). It thus refers to all techniques for which information is stored or read on end devices, i.e. not only to cookies and tracking.
Authorities and fines
In the event of a violation, fines are now possible not only under the GDPR, but also under the TTDSG. These are supervised by the Federal Commissioner for Data Protection and Freedom of Information (BfDI). By contrast, the Federal Network Agency is responsible for regulations that do not relate to the processing of personal data.
If a violation occurs (e.g. lack of a consent tool / consent request and immediate start of tracking), fines from the GDPR and the TTDSG are usually incurred simultaneously, as well as a warning.
Under the TTDSG, public bodies may also inspect inventory and user data of telemedia service providers upon request.
The TTDSG increases the scope of application of mostly well-known data protection regulations on the Internet. It also increases the area in which fines can potentially be incurred. A consent tool / consent query that can obtain genuine and active consents is now definitely mandatory.
If you need help with the practical implementation, we will be happy to support you.