TTDSG: what you need to know about cookie banners now

TTDSG ... yet another abbreviation that supposedly makes life difficult for you as a publisher? Don't worry, we'll explain what's behind it. Probably nothing will change for you, since you already follow the existing regulations. Nevertheless, there are a few things to keep in mind.

TTDSG: What is it about?

The Data Protection and Privacy in Telecommunications and Telemedia Act came into force on 1 December 2021. It merges the previous Telecommunications Act (TKG) and the Telemedia Act (TMG) under the requirements of the GDPR and contains a large number of rules relating to telecommunications services and telemedia.

Cookie rules of the TTDSG

But how does the new regulation affect you as a publisher? Here, the requirements of § 25 TTDSG must be observed. Since it is primarily about protecting the privacy of users of telecommunications and telemedia services, you are obliged to obtain their consent to the use of their data. In principle, however, nothing changes for you, because it can be assumed that you have already been requesting this consent for some time by means of a corresponding notice. After all, the obligation to obtain user consent already exists under the ePrivacy Regulation.

User consent is only not required for technically necessary cookies or if the storage of data is necessary for the transmission of a message via a public telecommunications network. However, as soon as cookies or other tracking services are used that request and store the user's personal data and pass it on to third parties, the user must expressly consent to this. If you do not obtain this consent, you could face hefty penalties.

Becoming TTDSG compliant with Cookie Consent Tools

The cookie banner on your website must meet certain criteria in order to comply with the rules of the TTDSG.

• Do not pre-select a checkbox: The user must actively give their consent.
• "Accept" and "Decline" button: Equivalent design, the button to accept cookies should not be particularly highlighted.
• No cookies without consent: No cookies may be set before the user has given his consent (exception: technically necessary cookies).

In addition, you must inform your users exactly which providers and tools use the cookies that are set. 

The IAB provides a list of Consent Management Platforms (CMP) that comply with the Transparency and Consent Framework (TCF v2) and allow you to obtain legally compliant user consent. The tracking we use at advanced store for our ad4mat products is TCF compliant. We are a registered vendor of this framework.

There are also a number of other cookie consent tools that can make your life easier. You can find an overview of the most common applications at e-recht24.de.

PIMS: Will cookie banners soon be superfluous?

So-called Personal Information Management Systems (PIMS) are designed to give users more control over their personal data, to manage their online identity and to control it in secure local or online storage systems. Users should be able to decide for themselves when and with whom they share their data and which services and third-party providers they are allowed to use.

However, PIMS have to meet strict requirements, which is why there are only a few of these services so far. More information is available on the website of the European Data Protection Supervisor.