E-Privacy: Grand coalition facilitates the use of cookie managers

The use of services that provide user-friendly and competition-compliant procedures for consenting to the setting of cookies for advertising purposes and the associated data processing is to be promoted. This could clear the annoying jungle of cookie banners on the web that ask for a click by the user. This is what the heise online amendments put forward by the grand coalition to the federal government’s draft for a Telecommunications Telemedia Data Protection Act (TTDSG).

Service providers use cookies to store personal information on users’ end devices via the browser. With the planned TTDSG, the legislature will for the first time expressly stipulate that this is only permissible if the person concerned “has consented on the basis of clear and comprehensive information”. An exception applies if the cookies are purely functional. The stored data must be absolutely necessary so that the provider can provide a service expressly requested by the user.

This is already prescribed by the EU directive on data protection in electronic communication (e-privacy) from 2009. The legislature had so far failed to implement the requirements in national law. The Federal Court of Justice put pressure on it last year with the announcement in the Planet49 ruling that before cookies are crumbled for advertising purposes on hard drives, users must be explicitly asked for permission.

Consent management services are already possible according to the current legal situation, but not yet widespread. According to the amendment proposed by the government factions of the CDU / CSU and SPD, the federal government should now create a legal framework that would lead to the recognition of such “Personal Information Management Services” (PIMS) or single sign-on solutions. The Federal Ministry of Economics had already provided for this approach, which is in line with the planned e-privacy regulation and which the experts supported at a hearing, in its draft bill. In the government’s TTDSG version, however, it was largely ignored.

According to the coalition, corresponding services should provide user-friendly and competition-compliant procedures with which users can give their place to store information on their terminal equipment and to process connection and location data. The appropriate framework is necessary “so that end users can also entrust their consent to such services,” says the reasoning. At the same time, browser settings that users have made in PIMS for consent should also be taken into account.

According to Paragraph 26, such service providers may not have any economic self-interest in granting consent and must be independent of companies that could develop such consent. Foundations would be an option. The providers must present a security concept that enables the quality and reliability of the service to be assessed. Furthermore, it should result from this that in particular the requirements of the General Data Protection Regulation (GDPR) can be met.

The Federal Government will determine the recognition procedure by means of an ordinance with the consent of the Bundestag and the Bundesrat. This also includes detailed technical and organizational measures that the government will evaluate within two years. The regulation would still have to be notified to the EU, so the Commission and the other member states would have to be given a say.

Schwarz-Rot also anchors in the TTDSG the promise of the Federal Government, linked to the amendment of the Telecommunications Act (TKG), to the Federal Council that an auction should no longer be the norm when awarding future mobile radio frequencies. The legislature is now based on an open choice of procedure. An invitation to tender under transparent and non-discriminatory guidelines would also be an option.

The coalition has also incorporated the new requirements for inventory data information with rules, for example for issuing passwords. In addition, there is a clarification in order to avoid overlapping competencies between federal and state data protection authorities in telemedia. At the request of the Federal Council, Schwarz-Rot also ensures that no fines can be imposed on public bodies. The chamber of states also has a say in the requirements for the new right to fast internet. TTDSG and TKG will come into force largely on December 1st after the revised draft, which is to be passed in the Bundestag on Thursday.


To home page