The new Telecommunications and Telemedia Data Protection Act (TTDSG) (link in German) is the result of a campaign to clean up German data protection law. The TTDSG, which entered into force on December 1, 2021, merges data protection regulations in telemedia and telecommunications law that were previously scattered across a wide range of German laws. Among other things, the TTDSG regulates the protection of confidentiality and privacy when using Internet-ready terminal infrastructures such as websites, email services or smart home devices. To this end, the data protection provisions of the Telemedia Act (TMG) and the Telecommunications Act (TKG) are repealed and combined in the new TTDSG. In addition, the TTDSG regulates the responsibilities of the Federal Network Agency and the Federal Commissioner for Data Protection and Freedom of Information (BfDI). For website and app operators, however, the TTDSG does not impose any new obligations. On the contrary, the TTDSG provides them with clarification and greater legal certainty when processing (personal) data, for example in connection with cookies.
New regulations for cookies and cookie banners?
In addition, Section 26 TTDSG establishes standards for services that administer end-user consent, known as “Personal Information Management Services” (PIMS) or single sign-on solutions. This applies to services intended to allow end users to make their own decision to accept or decline cookies. Article 26 TTDSG provides that these services must be certified by an independent body. However, no such service is yet on the market.
Extended Scope: Internet of Things
Products that can be connected to the Internet, such as connected cars and smart life, are increasingly popular with consumers. Although the ePrivacy Directive generally does not cover the entire structure behind the Internet of Things (IoT), the TTDSG does: Article 25 regulates the storage of information in “terminal infrastructures”. Unlike the “terminal equipment” of the ePrivacy Directive, the infrastructure that connects IoT devices and which is usually stored in the cloud is now also covered (and not just the IoT hardware itself).
Section 4 TTDSG introduces the rights of heirs of telecommunications users and thus creates practical regulations: In the event of death, electronic communications such as e-mails, etc. must be made accessible to heirs.
Location data regulations are consolidated in one place (Article 13 TTDSG).
Extended Articles 22 to 24 of the TTDSG again regulate the information rights regarding inventory and usage data and implement the requirements of the decision of the Federal Constitutional Court of 27 May 2020 (1 BvR 1873/13 , 1 BvR 2618/13 – Inventory Data Information II), which also declared Section 113 TKG unconstitutional.
Section 9 TTDSG regulates processing rights (including certain deletion obligations) of traffic data. It corresponds to the former provision of § 96 TKG.
The German Data Protection Conference (DSK) has recently published a new guidance document (link in German) for telemedia providers on the TTDSG app. Among other things, the guidance addresses when and how consent should be obtained in accordance with Section 25 TTDSG, and replaces the existing DSK Guidance Document from 2019 on Telemedia and Art. 5 para 3 ePrivacy Directive (OH Telemedien 2019). At the same time, the European Commission continues to work on a European ePrivacy regulation, which would for example replace section 25 of the TTDSG again (but would not come into force for at least two years).
©2022 Greenberg Traurig, LLP. All rights reserved. National Law Review, Volume XII, Number 6