The focus: Cookies in the focus: new laws and their effects on data protection!

The focus: Cookies in the focus: new laws and their effects on data protection!

dealing with cookies and their legal framework is the focus of the current discussions about data protection. On December 01, 2021, the TDDDG (Telecommunication Digital Dienste Data Protection Act) came into force in Germany, which regulates access to data on end devices. This law complements the GDPR and implements the Eprivacy Directive. Before that, there were considerable ambiguities regarding the regulations for cookies, as in the wnoz.de

The TDDDG calls for an opt-in principle, which means that storage and access to cookies may only be made with the user's consent. Exceptions only exist for technically necessary cookies that support essential functions of the website. In this context, the Federal Court of Justice (BGH) judged in the "Planet 49 judgment" that cookies can be considered personal data if they contain information about identifiable persons. This decision ensures that the processing of cookies is also carried out in accordance with the European guidelines.

The importance of cookies in data protection

cookies are small data storage tanks that are managed in the user's end device. Each cookie file consists of a pair of data (name and value), which is sent to the website during the website call. They are not simple text files, but complex data records that store a variety of information. The type of data can vary and you can potentially contain personal information. Therefore, they are of crucial importance in the context of data protection regulations.

The latest developments show that cookies are viewed as personal data, since they are stored on the user's end device and are often linked to the IP address. This knowledge is supported by the EPRIVACY guideline, which regulates access to cookies and the associated data protection. Traffic data that occurs when accessing cookies can also be personable, which underlines the need for a clear regulation.

Current challenges and outlook

Although the data protection authorities in Germany theoretically have the opportunity to impose fines of up to 300,000 euros for violations of the TDDDG, the practice has so far been behind expectations. As also mentioned in the dr-dsgvo.de Article , the authorities are apparently hesitant to express such punishments that could endanger the enforcement of data protection.

Another central element are cookie banners that are necessary if cookies in need of consent are used. Your design must be clear and understandable, whereby users have to be offered a real choice between "agree" and "rejecting". The use of manipulative techniques, also known as "nudging" or "Dark Patterns", is not permitted. The first convictions have already taken place due to illegal cookie banners, which makes it clear that the topic plays an increasingly central role in the legal and public discussion.