The German Telecommunications and Telemedia Data Protection Act (TTDSG) is a regulatory framework in Germany that governs the data collection and processing in Telecommunications and Telemedia. This article provides an overview of the act and its obligations.
The German Telecommunications and Telemedia Data Protection Act (TTDSG) sets out regulations for handling, processing, and storing the personal data of data subjects and maintaining telecommunication secrecy in Germany. The law was aimed to protect the privacy rights of the data subjects and align German legislation with the EU’s General Data Protection Regulation (GDPR).
If you are a business owner handling personal data of German citizens, this article will provide you with guidelines on how to comply with the TTDSG regulation. Read this blog post to learn the rules and regulations related to data collection, storage, consent requirements, data security measures, and the rights of data subjects.
Let’s get started.
The German Telecommunications and Telemedia Data Protection Act is the principal data protection regulation in Germany that regulates the processing of personal data of German citizens.
The law came into force on 1 December 2021 and consolidates the previously separated Telemedia Act 2007 and Telecommunications Act 1996 into a unified legal framework.
On 28 May 2020, the German Federal Supreme Court ruled out its decision regarding the consent requirements for the use of cookies in the Plant 49 case (cookie case).
A German company, Planet49, used pre-checked checkboxes for cookie consent in an online lottery, which was challenged by a consumer protection agency. The Court of Justice of the European Union (CJEU) ruled that consent must be freely given, specific, and informed, and pre-checked checkboxes do not meet this standard.
Before this ruling, Germany had not fully integrated the EU’s requirements on cookie consent and data privacy into its laws. The TTDSG was introduced to close these legal gaps and uphold a higher standard for user consent in Germany’s telecommunications and internet services.
Also Read: EU’s ePrivacy Regulation: What is it?
The German Telecommunications and Telemedia Data Protection Act regulates various aspects of telecommunications and telemedia, including confidentiality, protection of personal data, privacy requirements for incoming connections, call management, and end-user directories.
It also mandates technical measures for telemedia providers, specifies data disclosure requirements, and safeguards end-user privacy regarding stored information on terminals.
The law establishes supervisory authorities for data protection and privacy in telecommunications, with telemedia oversight remaining under state law and the Federal Data Protection Act. All companies and individuals operating within its scope are subject to this law.
Below are the definitions of some key terms mentioned in the German Telecommunications and Telemedia Data Protection Act.
Telemedia provider: Telemedia provider is any person or legal entity that provides, distributes, or grants access to use their own or third-party telemedia services.
Inventory data: Inventory data refers to personal data used to establish or structure content or alter a contractual relationship between a telemedia provider and a user regarding telemedia usage.
Usage data: Usage data refers to the personal data of telemedia users which is used for providing or billing telemedia usage. It includes:
- Information for identifying users
- Information on the duration and scope of the usage
- Information on the telemedia
Message: Message means any information exchanged between a number of parties using a telecommunication service. This excludes broadcasted information over a public telecommunications network as it cannot be linked to an identifiable user.
Value-added services: Value-added services refer to any additional service provided by a telecommunication service provider that requires the processing of traffic data or location data beyond what is necessary for message transmission or service billing.
Terminal equipment: Terminal equipment means any device connected directly or indirectly to a public telecommunication network interface for sending, processing, or receiving messages. The connection can be established via wire, optical fiber, or electromagnetic communication.
Telecommunications secrecy refers to keeping the confidentiality of telecommunications by providers and operators. It requires providers and operators to safeguard the content and details of individuals’ communications from unauthorized access or disclosure.
Any person involves in a telecommunication process are subject to maintain the confidentiality of telecommunications. Those obligated to uphold this secrecy include providers of publicly available telecommunications services, commercial telecommunications service providers, operators of public telecommunications networks, and operators of telecommunications systems offering commercial services.
This obligation still continues even after the end of the telecommunication activity. The parties involved are prohibited from disclosing telecommunications content or detailed circumstances beyond what’s necessary for providing the service or operating the network.
They are allowed to use the information only for specific purposes, and any other use, including sharing with others, is allowed only if explicitly permitted by law. However, the obligation to maintain telecommunications secrecy does not apply to the person operating a watercraft or aircraft or their representative.
The TTDSG outlines certain regulations for using cookies to track users and their activities on the website. As per the law (Chapter 2, Section 25), storing information on the end user’s device (including cookies) is only allowed if the user has given explicit and prior consent.
The law validates the consent based on the following factors:
- The consent should be freely given. Do not persuade users to give consent. They should have a real choice when giving consent.
- Obtain informed consent from users. This means users should be aware of the data collection activities and how it is used and processed. They should be aware of the consequences of giving consent. Also, users should be informed about who all have access to their data and how long it will be stored.
- The consent should be explicit and specific. Clearly specify the purpose of collecting the data and only use the information for the stated purpose. If there are multiple purposes, obtain specific consent for each purpose.
- The consent should be unambiguous. Users should be able to give consent clearly with full knowledge of how their data is being used. Do not use dark patterns or trick users to give consent.
Consent is not necessary for following cases:
- When storing or accessing information on the end users’ device only to transmit a message via a public telecommunications network.
- When storing or accessing information on the end users’ device is essential for the telemedia service provider to deliver a service explicitly requested by the user.
Also Read: New Zealand Privacy Act 2020 – An Overview for Businesses
Follow the below guidelines to comply with TTDSG for using cookies to track users on your website:
- Create a cookie banner: A cookie banner helps you to disclose the use of cookies on your website and obtain prior consent from your site visitors. Check out our detailed guide on creating a GDPR-compliant cookie banner.
- Block cookies until the user gives consent: The TTDSG requires you to collect prior consent from users before loading cookies. Make sure you have blocked third-party cookies on your website until the user gives consent.
- Use simple and clear language: You should use simple language in cookie consent notices so that users can easily understand why their data is collected and how it is used.
- Avoid dark patterns: Using pre-ticked checkboxes or adding friction to decline cookie options are considered dark patterns of cookie banners. Make sure you obtain explicit consent from your users. Follow our Privacy UX guide for more information.
- Allow users to decline or withdraw consent: Provide users with the option to reject cookies or withdraw consent anytime they want to.
- Provide granular consent option: Allow users to consent to only specific categories of cookies.
- Add a close button to cookie banners: Allow users to close the cookie banner without giving consent. This will be helpful for first-time site visitors so that they don’t have to deal with the cookie banner during their first visit.
- Keep a consent log report: Keep a record of users’ consent as proof. This will help you keep track of your cookie consent on your website.
These guidelines will help you comply with cookie laws. You can use any consent management platform to manage cookie consent for your website. It will simplify your efforts in complying with data protection regulations.
Also Read: Thailand Personal Data Protection Act (PDPA): All You Need to Know
The penalties for violating the obligations of the act include a fine of up to 10,000 Euros for minor violations and up to 300,000 Euros for serious violations.
Refer to this guide for morre information on the penalties for non-compliance.
A consent management platform (CMP) is software that helps websites obtain consent from site visitors for collecting, processing, or sharing their personal data using tracking cookies and scripts. It will manage cookie consent for your website.
Consent Management Platforms come with advanced features for complying with major cookie laws. It offers cookie consent banners that meet the standards of different privacy laws. You can customize the banners to match your website theme.
Major data protection laws require you to create cookie policies and privacy policies. CMPs provide templates to create privacy policy and cookie policy for your website. So you don’t have to create one from scratch.
Also, CMPs are designed to align with the standards of data protection frameworks, such as Google’s additional consent requirements and IAB TCF guidelines. These regulatory frameworks continually evolve, introducing new mandates and alterations. So, if you are not updated with these laws, chances are you will have to pay huge fines and penalties.
However, by using a trusted CMP partner, you can ensure compliance with the latest privacy standards for your website.
If you are using WordPress CMS for your website, we recommend you use the GDPR cookie consent plugin as your consent management platform. Our plugin is native to the WordPress ecosystem, which means you don’t have to create any accounts to use our plugin. Also, all the consent-related data will be stored on your server.
We have a detailed article on why you need a native consent management platform for WordPress; check out for more information.
Now, let’s explore some of the key features of the plugin.
The GDPR Cookie Consent Plugin is designed to help websites comply with privacy laws such as GDPR and CCPA. It lets you create a cookie banner with accept or reject options. The plugin will block all third-party cookies until the user gives consent.
You can create a cookie policy using the free template with the plugin. It also lets you keep a consent log report as proof of compliance.
The GDPR Cookie Consent Plugin is one of the most trusted CMP solutions in WordPress. It is now compliant with IAB TCF v2.2 and Google’s additional consent requirements. The plugin is also listed as a listed as a certified CMP by Google.
Conclusion
German Telecommunications and Telemedia Data Protection Act (TTDSG) is the comprehensive data protection regulation in Germany. The law is aimed at protecting the data privacy of German citizens when using telecommunication and internet services.
It outlines various obligations for websites when handling the personal data of German citizens. The law was designed to implement the EU’s cookie consent requirements in Germany.
By using a trusted CMP solution like the GDPR Cookie consent plugin, you will able to manage cookie consent for your website.
We hope this article has helped you understand the German Telecommunications and Telemedia Data Protection Act. If you have any queries, drop them in the comments section; we’d be happy to help you.
Disclaimer: This article was written based on a translated version of the TTDSG Act. It was intended for informational purposes only and does not represent legal advice. We have no intention of obtaining any kind of attorney-client relationship. If you are looking for legal advice, we recommend you contact a professional.
