A Major Milestone for Osano...and the Industry
When we founded Osano, our goals were ambitious. We wanted to...Read Now
January 12, 2022
On Dec. 1, 2021, Germany passed the Telecommunications-Telemedia Data Protection Act (it's being called the TTDSG because of its German translation). The law aims to start implementing the forthcoming ePrivacy Regulation provisions, which the EU government has been trying to pass for a few years.
The law regulates over-the-top (OTT) services like email and messaging services and requires they be covered by telecommunication law. The TTDSG codifies into national law that organizations deploying tracking technologies must gain consent – regardless of whether the data is processed. As Deloitte reports, consent is not required if the tracking technology is used to transmit a message or necessary for the user's service.
Here is the portion of the TTDSG that applies to cookies:
Section 25: Protection of privacy in terminal equipment
(1) The storage of information in the end-user's terminal equipment or access to information already stored in the terminal equipment is only permissible if the end-user has consented on the basis of clear and comprehensive information. The information to the end-user and the consent shall be provided in accordance with Regulation (EU) 2016/679.
In late December, the German Data Protection Conference (the group of German data protection authorities) issued guidance on the law. The group said that organizations must differentiate their requests for user consent under the TTDSG and the GDPR. If user consent is obtained in a bundled format (with one click), consent banners must include transparent and specific information. In addition, rejecting consent can't take more clicks than accepting it, and there must be a simple way – on the website – to withdraw consent at any time.
The group also reiterated that website operators remain responsible for obtaining valid consent even if they're using a third-party consent management tool.
The Osano staff is a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet. Occasionally, the team writes under the pen name of our mascot, “Penny, the Privacy Pro.”