GDPR and the new TTDSG, how should German companies adapt?
What is the TTDSG?
It regulates the storing and accessing of information in the terminal equipment of an end user, or, in other words, the process of placing and reading browser cookies. It clearly states that informed consent is necessary for these interactions. There are only two exceptions to this rule:
- Cookies needed for transmission of the communication
- Those cookies that are strictly necessary for the provision of an information society service that has been explicitly requested by the user
The TTDSG is limited to end-users and only protects terminal equipment, which includes computers but also smart devices and more.
How does the TTDSG differ from GDPR
This becomes clearer when examining some examples. Imagine a hacker steals business secrets from a server. Since the data only contains corporate non-personal information, the GDPR is not applicable. The GDPR only applies when personal data is affected.
In some cases, both GDPR and TTDSG are applicable, but they protect you in a different way. If there was, for example, a leak of health data from a hospital server, the TTDSG would protect the hospital’s server while the GDPR is protecting the patient’s health data.
These different protection goals can be summarized as follows.
The TTDSG is a cookie law and therefore protects device integrity. The transmission of communication and the provision of an online service are exempt from the rule.
The GDPR is a data protection law and protects personal data. Data collected with a legitimate interest or those required to be collected by law are exempt.
TTDSG requires immediate action: Are you ready?
On most websites, cookie preferences are divided into essential, functional and marketing cookies. With TTDSG, essential cookies, such as shopping cart and language preference cookies, can remain mandatory. However, functional cookies, including basic web tracking, now require informed consent, just as marketing cookies already did in the past. This means that opt-out solutions are no longer possible.
Furthermore, we recommend that you check your consent management for completeness. Could it be that you added some cookies since the last time you updated the cookie consent banner? It may also be the case that some cookies need to be reclassified.
Free consent management check-up
Consequences of not complying with privacy regulations
The maximum fine is set 20 million Euros or 4% of the company’s yearly revenue (the higher amount applies). So far, the highest fine ever paid in Germany was a 35 million Euro fine against H&M.
The TTDSG includes provisions for monetary fines and prison sentences when negligence can be proven, although the fines are much lower in nominal terms at a maximum of 300,000 Euros.
Benefits of a consent management platform
There are 3 major reasons for using a CMP:
1. Essential for compliance
Consent management systems provide a much-needed structure that clearly lists all cookies and similar technologies deployed on a website. The CMP can be considered the most vital tool for complying with existing and new regulations.
2. Fosters customer relationships
Customers are becoming more and more privacy-conscious. Companies now need to provide much needed transparency to establish trust. A consent management platform can give customers a clear overview of what third-party services are in use. Users can then make use of a granular selection instead of seeing broad terms such as “marketing cookies”.
Every company has their own identity and their website should reflect this. Your CMP can be implemented to be as unintrusive as possible. You can consider how your content is displayed and decide on a form factor that fits the flow of your website.
Our offer: Finding your ideal consent management platform
About the author
He and the team is ready to support you in Web Analytics & Consent Management area!
Hanloser, S. (2021). What’s the Latest With ePrivacy & the German TTDSG. Retrieved 9 December 2021, from https://www.youtube.com/watch?v=bsnNVDYLMY0
Top 3 Benefits to Utilizing a Consent Management Platform (CMP) – Omeda. (2021). Retrieved 9 December 2021, from https://www.omeda.com/top-3-benefits-to-utilizing-a-consent-management-platform-cmp/
TTDSG: Neues Datenschutzgesetz als Alternative zur ePrivacy-VO?. (2021). Retrieved 9 December 2021, from https://www.dr-datenschutz.de/ttdsg-neues-datenschutzgesetz-als-alternative-zur-eprivacy-vo/
Was ist das TTDSG? Was wird im TTDSG geregelt?. (2021). Retrieved 9 December 2021, from https://keyed.de/blog/was-ist-das-telekommunikation-telemedien-datenschutzgesetz-ttdsg/
What Is Consent Management? The Ultimate Guide (2021). (2021). Retrieved 9 December 2021, from https://exponea.com/blog/consent-management/
What is the TTDSG?. (2021). Retrieved 9 December 2021, from https://www.robin-data.io/en/data-protection-academy/wiki/german-telecommunication-and-telemedia-privacy-law