New Rules on the Use of Cookies in Germany
On December 1, 2021, the new Federal Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia (TTDSG), regulating, among others, the use of cookies and similar technologies, entered into force, after which the Data Protection Conference (DSK, a conference of the supervisory authorities of the German federal states) issued guidelines on it.
Not Just the Cookies
The TTDSG/guidelines apply not only to the storage of / access to cookies in user’s terminal equipment, but also to similar technologies like Bluetooth beacons and browser fingerprinting, as well as to access to hardware identifiers and network hardware identifiers (MAC addresses).
Consent is King
For the most part, in order for the processing of the gathered data to be considered legal, an advance, informed, unambiguous, specific and freely given consent by the user (not necessarily the owner) of the terminal equipment shall have to be obtained. Presumed consent is not an option. Neither is the user’s option to (subsequently) opt-out. It should be equally easy to give consent and not to give it (or to subsequently revoke it). And for every option of giving consent (accepting cookies) there should be an option of denying it (rejecting cookies). General descriptions of purposes (e.g. better functioning of the website) shall not be compliant.
Few Exceptions
Exceptions, such as the storage and access technically necessary to provide the requested service, should be interpreted narrowly: if the same functionality can be achieved without storing and accessing data, the use of cookies (or similar) is not necessary, and therefore consent should be sought.
Relying on legitimate interest may only work in extremely rare cases.
Running a website in Germany or one aimed at a German audience? Not sure whether you’re compliant? Pop-us an email to info@jkgroup.si.
Avtor: JK Group
Objavljeno: 8.1.2022
Oznake:
germany,
gdpr,
cookies,
guidelines,
TTDSG,
Data Protection Conference,
jk group
