Is the “cookie” law coming soon? Draft bill TTDSG

Key Facts

The draft bill of the TTDSG aims to eliminate legal uncertainties between the GDPR, TMG and TKG.
The most important provisions on cookie regulation are dealt with and clarified in Section 15 (3) of the TMG.
Supervision of data protection is carried out independently by the Federal Commissioner for Data Protection.
The TTDSG is due to come into force on December 21, 2020, at the same time as the requirements of Directive 2018/1972/EU.
The controversial implementation of cookies is clarified in Article 5 of the ePrivacy Directive, based on a ruling by the Federal Court of Justice.
Consent for cookies is not required if they are technically necessary, contractually agreed or required by law.
A possible future alternative could be a browser setting for cookie acceptance in order to reduce banners.

A draft bill for the Telecommunications Telemedia Data Protection Act, or TTDSG for short, is currently being circulated. According to the draft, this is intended to eliminate the current coexistence of the GDPR, the Telemedia Act (TMG) and the Telecommunications Act (TKG) and the associated legal uncertainties for consumers, service providers and supervisory authorities. The cookie regulation in Section 15 (3) is also to be regulated. TMG. Article 1 of the bill contains the provisions required to implement Directive 2002/58/EC, which are currently contained in the TKG. The data protection provisions of the TMG are repealed insofar as they are no longer applicable due to the primacy of the General Data Protection Regulation.

The new TTDSG (Article 1) contains the provisions previously contained in Sections 88-107 TKG implementing Directive 2002/58/EC, as well as other provisions previously regulated there that have not been replaced by the GDPR. A legal basis is created for the recognition and operation of personal information management services.

Furthermore, clarifications are made with regard to terminal equipment that may be accessed on the basis of contractual agreements or statutory orders. Supervision will be restructured from the point of view that in the future the Federal Commissioner for Data Protection and Freedom of Information, as an independent data protection supervisory authority, will be solely responsible for supervising the provisions on the protection of personal data of natural persons. The competence of the Federal Network Agency for Electricity, Gas, Telecommunications, Post and Railway in all other respects shall remain unaffected. In addition, the data protection provisions of the TMG, insofar as they are unaffected by the GDPR, will be regulated in the new TTDSG. Articles 2 and 3 contain the consequential amendments by repealing the corresponding provisions in the TKG and TMG.

The draft specifies December 21, 2020 as the target date for entry into force, which is also the deadline for the implementation of Directive 2018/1972/EU and whose requirements also apply to the implementation of Directive 2002/58/EC.

It is also interesting that the question of the implementation of Article 5 (3) of the ePrivacy Directive, which is controversial in Germany particularly with regard to the setting of cookies, is to be clarified with the draft. In its ruling of May 28, 2020 (I ZR 7/16 – Cookie Consent II), the Federal Court of Justice assumed that the legal situation in Germany meets the requirements of the Directive. In particular, Section 15 (3) sentence 1 of the German Telemedia Act (TMG) in its current version, as interpreted in conformity with European law, does not permit the use of cookies without the user’s consent to create user profiles for the purposes of advertising or market research. In addition to other data protection provisions of the TMG, Section 15(3), which permits the processing of usage data for the creation of pseudonymous user profiles for these purposes as long as the user does not object, is also superseded by the provisions of the GDPR and must be repealed.

A few – partly – disputed questions, when the consent of e.g. cookies is dispensable, shall be clarified in § 9 II. Thus, consent shall be dispensable if there is

1. is technically necessary to transmit a communication over an electronic communications network or to provide telemedia that the end user wishes to use,

2. has been expressly contractually agreed with the end user to provide certain services, or

3. is necessary to comply with legal obligations.
It is also interesting to note that the draft states that a browser setting to accept cookies/reject cookies is a feasible option under European law and therefore a possible alternative, according to the BMWi. Maybe in the future many of the annoying, but current clearly necessary, cookie banners can become obsolete.

However, it remains to be seen what the final version of the TTDSG will look like.

Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.

Tags: Consumer Federal court General Data Protection Regulation Information KI Laws Privacy Regulation service Sicherheit Telemedia