The TTDSG (Telecommunication-Telemedia-Data Protection Act) should ensure legal security in the network from December. But in truth, the new law only summarizes a lot that already applies.
“Telecommunication-Telemedia-Data Protection Act” (TTDSG) is the name of a new law that passed the Bundestag and Bundesrat a few days ago with surprisingly few headlines. The new law is due to come into force on December 1st and is in line with the new Telecommunications Act. As Federal Minister of Economics Peter Altmaier explains, this is intended to achieve a compromise between protecting privacy in the digital world and digital business models, which are based on data usage. “With regard to the much discussed cookies, the law opens up the possibility of developing a user-friendly and competition-compliant consent management system that is used by consumers, companies and startups alike.”
Much that is laid down in it is a specification of the European directives and regulations, such as the European General Data Protection Regulation (GDPR) and the E-Privacy Directive. With regard to the digital estate, the law stipulates that telecommunications secrecy does not prevent heirs of the end user and other persons with a comparable legal status from exercising the end user’s rights vis-à-vis the telecommunications provider (Section 4 TTDSG). Access to and storage of information (e.g. cookies) in the end user’s terminal equipment is generally only permitted with consent in accordance with the GDPR. Exceptions are made in accordance with the requirements of the E-Privacy Directive (§ 25 TTDSG).
Consent management is specified
However, user-friendly and competition-compliant consent management, taking services, browsers and telemedia providers into account, is a topic that has not yet been adequately clarified. We are talking about sensible and “effective consent management”, whereby not only the European legislators have a say, but above all the browser manufacturers and, last but not least, the manufacturers of mobile operating systems. After Apple, Google has now also announced that they want to give the user under Android the choice of which apps provide personalized advertising or whether this can be done at all.
In the area of supervision, the Federal Commissioner for Data Protection and Freedom of Information BfDI is to act comprehensively in the future, i.e. also with regard to the imposition of fines, as an independent data protection supervisory authority in the area of telecommunications (Sections 28 and 29 TTDSG). The Federal Network Agency is responsible for the provisions of the TTDSG that do not concern the processing of personal data (§ 30 TTDSG). The TTDSG will probably have to be adapted at a later point in time to the e-privacy regulation currently being negotiated at European level.
No law of the scope of a GDPR
Is the new law the big hit or the GDPR V2 that some politicians are already talking about? Rather not. For on the one hand, for years the federal government has at best pulled along where there was no other way. On the other hand, the TTDSG has largely only formulated what is already applicable law. As a result, companies and website operators will not have to change that much, but can rather use the specifications to process what they still have to adapt on their website.
What is new, however, is the design in the form of flat rates Personal Information Management Systems (PIMS)which should ensure that the user is not constantly annoyed with individual consent management windows. Small blemish: There are still no such blanket solutions – so the calculation was once again made without the host or the browser manufacturer, even if, in view of EU legislation, it is to be expected that this could change soon.