Is the “cookie” law coming soon? Draft bill TTDSG

A draft bill for the Telecommunications Telemedia Data Protection Act, or TTDSG for short, is currently being circulated. According to the draft, this is intended to eliminate the current coexistence of the GDPR, the Telemedia Act (TMG) and the Telecommunications Act (TKG) and the associated legal uncertainties for consumers, service providers and supervisory authorities. The cookie regulation in Section 15 (3) is also to be regulated. TMG. Article 1 of the bill contains the provisions required to implement Directive 2002/58/EC, which are currently contained in the TKG. The data protection provisions of the TMG are repealed insofar as they are no longer applicable due to the primacy of the General Data Protection Regulation.

The new TTDSG (Article 1) contains the provisions previously contained in Sections 88-107 TKG implementing Directive 2002/58/EC, as well as other provisions previously regulated there that have not been replaced by the GDPR. A legal basis is created for the recognition and operation of personal information management services.

Furthermore, clarifications are made with regard to terminal equipment that may be accessed on the basis of contractual agreements or statutory orders. Supervision will be restructured from the point of view that in the future the Federal Commissioner for Data Protection and Freedom of Information, as an independent data protection supervisory authority, will be solely responsible for supervising the provisions on the protection of personal data of natural persons. The competence of the Federal Network Agency for Electricity, Gas, Telecommunications, Post and Railway in all other respects shall remain unaffected. In addition, the data protection provisions of the TMG, insofar as they are unaffected by the GDPR, will be regulated in the new TTDSG. Articles 2 and 3 contain the consequential amendments by repealing the corresponding provisions in the TKG and TMG.

The draft specifies December 21, 2020 as the target date for entry into force, which is also the deadline for the implementation of Directive 2018/1972/EU and whose requirements also apply to the implementation of Directive 2002/58/EC.

It is also interesting that the question of the implementation of Article 5 (3) of the ePrivacy Directive, which is controversial in Germany particularly with regard to the setting of cookies, is to be clarified with the draft. In its ruling of May 28, 2020 (I ZR 7/16 – Cookie Consent II), the Federal Court of Justice assumed that the legal situation in Germany meets the requirements of the Directive. In particular, Section 15 (3) sentence 1 of the German Telemedia Act (TMG) in its current version, as interpreted in conformity with European law, does not permit the use of cookies without the user’s consent to create user profiles for the purposes of advertising or market research. In addition to other data protection provisions of the TMG, Section 15(3), which permits the processing of usage data for the creation of pseudonymous user profiles for these purposes as long as the user does not object, is also superseded by the provisions of the GDPR and must be repealed.

A few – partly – disputed questions, when the consent of e.g. cookies is dispensable, shall be clarified in § 9 II. Thus, consent shall be dispensable if there is

1. is technically necessary to transmit a communication over an electronic communications network or to provide telemedia that the end user wishes to use,

2. has been expressly contractually agreed with the end user to provide certain services, or

3. is necessary to comply with legal obligations.
It is also interesting to note that the draft states that a browser setting to accept cookies/reject cookies is a feasible option under European law and therefore a possible alternative, according to the BMWi. Maybe in the future many of the annoying, but current clearly necessary, cookie banners can become obsolete.

However, it remains to be seen what the final version of the TTDSG will look like.