Germany Update: New main law for Data Protection

Introduction

With the Telecommunications Telemedia Data Protection Act, or TTDSG for short, a new data protection act was passed by the federal government on February 10, 2021 .

The corresponding ministerial draft of the Federal Ministry for Economic Affairs and Energy became public last summer and has seen numerous changes since then.

So far, GDPR, TKG and TMG were applicable side by side and caused a lot of confusion for those affected and consumers. The aim of the law is to standardize data protection in the field of telecommunications and telemedia and to bring it together in a main law. This is intended to provide more legal clarity. At the same time, the ePrivacy Directive (EU / 2018/1972) is being implemented in national law, albeit a little late.

The regulations from §§ 88-107 TKG and §§ 11-16 TMG are affected.

Limitation of the scope to publicly available telecommunication services

In § 1 TTDSG-E the scope of the law is limited to publicly accessible telecommunication services. Internal company networks and telecommunications services that are not used via publicly accessible networks are not covered by the regulation.

In addition, the so-called over-the-top services (OTT) are also recorded by the TTDSG. Over-the-top services are content that is offered via an Internet connection without the Internet provider himself having any influence or control over the content. OTT services are decoupled from the infrastructure provider. Well-known OTT providers are, for example, Amazon Prime and Netflix.

Lawfulness of processing based on consent

In the future, consent will be required to justify the storage of data on the end user’s device or the reading of data stored there. This principle can be found in Section 24 (1) TTDSG-E. The consent requirement applies to cookies and comparable technologies that store information in the user’s terminal equipment or access information that has already been stored. However, this is not a typical data protection regulation, as it is not based on personal data, but on all information that can be stored in end devices.

Section 24 (1) TTDSG-E is an implementation of Section 5 (3) sentence 1 of the ePrivacy Directive. The legislator has adopted the corresponding regulation in national law almost word for word. The background to this was the BGH decision on the “planet49” case.

Exceptions to this are standardized in Section 24 (2) TTDSG-E. In the following cases, no consent is required for the storage of data on end devices or for access to data already stored there:

• If this is technically necessary to transmit communication via an electronic communication network.
• If this is technically necessary to provide Telemedia that the end-user wishes to use.
• If the data storage has been expressly contractually agreed in order to provide certain services.
• If the data storage is necessary for the fulfillment of legal obligations.

At sight

There will also be a change in the supervision of the TTDSG in the future. The Federal Commissioner for Data Protection and Information Security will take over the supervision of the regulations for the protection of personal data according to § 27 TTDSG-E. The Federal Network Agency will remain the competent supervisory authority for all other regulations.

Conclusion

The TTDSG is to be welcomed as it creates clarity in the thicket of different data protection regulations through a uniform law. The German legislator cannot change legal-political faulty constructions such as consent when surfing the Internet due to the flood of cookie consent banners, as the competence for this lies at EU level. The clarifications in the TTDSG and in particular the literal implementation of Art. 5 Para. 3 ePrivacy Directive are to be welcomed. In addition, the law creates the possibility of enabling data protection-friendly default settings in the browser.

It is very likely that the legislature will take up the suggestions of the expert hearing and will continue to amend the TTDSG until its final version. It is also quite possible that the TTDSG will be expanded to include regulations on the “digital estate”. At least the federal government expressed this wish. The heirs of the end-user and other persons with a comparable legal status should not be prevented by telecommunications secrecy from exercising the rights of the end-user vis-à-vis his telecommunications provider.

The regulations on the Personal Information Management System (PIMS) still contained in the draft bill is unfortunately no longer in the current version. The establishment of an institutional framework would have been very desirable here.

Outlook

After the first reading in the Bundestag, the law is currently in the lead committee for economics and energy. Should the ePrivacy Regulation come into force one day, it will supersede the TTDSG. With a one to a two-year implementation period for the ePrivacy Regulation, the TTDSG will certainly keep us busy for the next few years. There will be far-reaching changes, especially for providers of OTT services.

By  Paul Glasses, MELCHERS, Germany, a Transatlantic Law International Affiliated Firm. 

For further information or for any assistance please contact germany@transatlanticlaw.com

Disclaimer: Transatlantic Law International Limited is a UK registered limited liability company providing international business and legal solutions through its own resources and the expertise of over 105 affiliated independent law firms in over 95 countries worldwide. This article is for background information only and provided in the context of the applicable law when published and does not constitute legal advice and cannot be relied on as such for any matter. Legal advice may be provided subject to the retention of Transatlantic Law International Limited’s services and its governing terms and conditions of service. Transatlantic Law International Limited, based at 42 Brook Street, London W1K 5DB, United Kingdom, is registered with Companies House, Reg Nr. 361484, with its registered address at 83 Cambridge Street, London SW1V 4PS, United Kingdom.