The “Telekommunikation-Telemedien-Datenschutzgesetz” translated as the Telecommunications and Telemedia Data Protection Act, or TTDSG for short was adopted on February 10, 2021, by the German Federal Cabinet.
This data protection act is by no means meant to replace the GDPR (which will always remain as the basic privacy law in all the countries belonging to the European Union) but instead comes as an addition to it. Its purpose is to strengthen and better define the way in which German citizen’s data is collected and processed by digital entities.
Overview of the Telekommunikation Telemedien Datenschutzgesetz (TTDSG)
According to Feld M, an analytics and strategy consulting agency from Munich, in July 2020 a document from the German Federal Ministry of Economics and Energy (BMWi) had been leaked. Its title was “Draft of a law on data protection and privacy in electronic communications and telemedia and amending the Telecommunications Act, the Telemedia Act and other laws” and it has led to a lot of speculation in regards to the future of data privacy in the country.
A few months later, the final version of the law has come into effect clearing the air for all website owners who track and store data coming from Germany. But also attracting criticism from important organizations in the country, such as ECO – Association of the Internet Industry: “In order to enable the functioning of digital business models and forward-looking IT technologies, such as in the area of AI, we need clear and at the same time proportionate rules for data processing – here, blanket digital surveillance would achieve the exact opposite.” - ECO Chair of the Board Oliver Süme.
Coincidence or not, on the very same day, a new law proposal called the ePrivacy Regulation was presented to the EU’s deputy ambassadors committee, a subject which we will elaborate on in future blog articles on the Visitor Analytics website.
Cookie Consent under TTDSG
As a basic rule, the regional or national data protection rules must not contradict each other or international laws, so it was very clear from the beginning that the TTDSG will follow the GDPR model and only come with additional, more thorough security measures. You can find the entire contents of the TTDSG in German, here.
In section 24 of the TTSDG, it is precisely stated that cookies can only be used on a website if the visitor has given its informed and clear consent. This same section also establishes rules for “storage of information of the terminal equipment of an end user.”
Moving forward, TTDSG separates cookies into 2 categories:
- Cookies that require consent;
- Cookies that are strictly necessary.
According to Technology Law Dispatch, a major legal news outlet in regards to data protection, privacy, and security, the TTSDG requirements for the methods of obtaining consent and informing users about the data are GDPR compliant. There are two exceptions from the Cookie consent requirement which are identical to Article 5(3) of the ePrivacy Directive:
- The sole purpose of the Cookie is facilitating the transmission of a communication over a public telecommunications network; or
- The Cookie is strictly necessary in order to provide a telemedia service explicitly requested by the user.
How to Be TTDSG Compliant
With fines going up to 300.000 € or about $360,000 (in 2021) according to Section 26 (2) of the TTDSG, this new Data Protection Act is definitely something you shouldn’t ignore, especially if your business is located in Germany or your website has visits coming from this country.
If it’s not your first time reading our blog, you probably know by now that Visitor Analytics is constantly updating its tracking methods in order to be privacy compliant worldwide. The website owners that choose our tool will have consentless tracking methods that respect the TTDSG normative so that the German website visitor’s data is safe and law-abiding.
In this regards, with Visitor Analytics, you are able to stay TTDSG compliant by choosing our maximum privacy mode (which can be enabled or disabled by you from the app’s dashboard whenever you wish, this is not a standard option) and thus not tracking the following website visitor information:
- IP Address;
- Screen Resolution;
- Visited Web Pages;
- Or any data that could lead to the identification of a certain visitor’s identity.