What you need to know about the new German TTDSG

Björn Holeschak, Leiter Datenschutz EIKONA Systems GmbH
Cookie with crumbs which stands for cookies in terms of privacy protection

The latest law regulating data protection and privacy in telecommunications and telemedia (TTDSG) will become legally binding in December 2021. This will place demands on service providers that were previously not, or not clearly, regulated.

What is the TTDSG about?

The TTDSG covers data protection in telecommunications and telemedia. It is intended to introduce the necessary measures that still had to be implemented due to the General Data Protection Regulation (DSGVO) and the ePrivacy Directive. The TTDSG therefore brings IT service providers as well as end users new provisions, among other things, on the digital estate, the protection of privacy in terminal equipment (wiretapping bans), the administration of consent (cookies) and official supervision. The law thus strengthens and further expands existing data subject and control rights.

Who is affected by the TTDSG?

All providers of telemedia services are affected,

  • who provide their own telemedia services or those of third parties in accordance with the law,
  • participate in the provision or
  • provide access to the use of their own or third party telemedia.

These telemedia include, for example, social media and blogs, chat rooms, game apps, information services (info pillars), web portals and private websites, web shops, online auction houses, search engines, webmail services, podcasts and dating communities. Following the European Code of Electronic Communications (ECCED), the TTDSG in conjunction with the provisions of the revised Telecommunications Law (TKG) will in future also cover number-independent communication services (internet-based telephony), so-called OTT services, in addition to so-called number-based telecommunications services. This means that online communication services, such as e-mail or short message services (known as "messenger services such as WhatsApp, Signal, etc.") are now also considered telecommunications services within the meaning of the law. This entails tasks especially for companies that allow or tolerate the private use of e-mail and internet services on or with official devices.

What is regulated in the TTDSG?

With regard to the much-discussed so-called "digital estate", it is now clarified that the secrecy of telecommunications does not prevent possible heirs of an end user as well as other persons with a comparable legal position from exercising (data subject) rights of the end user vis-à-vis the telemedia provider, such as a right to information under the DSGVO (Section 4 TTDSG). Thus, heirs, for example, can assert a claim to inspect the Facebook profile of a deceased person.

The TTDSG also clarifies that the storage of and access to information in an end user's device is generally only permitted with DSGVO-compliant consent, which is currently and will probably in future be regulated in online traffic mainly via "cookies". Exceptions are defined according to the requirements of the ePrivacy Directive (§ 25 TTDSG). However, the law defines ALL technical devices with the possibility of internet communication as end devices, i.e. also smart home devices such as the smart TV, the smart thermostat and so-called IoT devices in the economy.

With regard to cookies, the TTDSG is intended to achieve a user-friendly and also competition-compliant consent management, which is to include recognised such as recognisable management services (known as "cookie management" or "consent management"), internet browsers and telemedia providers. There will then be so-called PIMS services (Personal Information Management Services). The federal government has not yet specified the details of these new structures, in particular the necessary technical and organisational measures. In concrete terms, this means that the rejection of cookies must be mapped more transparently and clearly.

In the area of official supervision, the Federal Commissioner for Data Protection and Freedom of Information (BfDI) is to be comprehensively active in the future as an independent data protection supervisory authority in the area of telecommunications, i.e. also with regard to the imposition of fines (§ 28 and 29 TTDSG). The extent to which this is to be clarified with the individual state data protection authorities has not yet been defined. One could assume that all data protection supervisory authorities could be combined.

Deadline for adjustments to the TTDSG

The Telemedia Telecommunications Data Protection Law will come into force together with the revised Telecommunications Law (TKG) on 1 December 2021. This means that affected companies only have a few months to prepare for a careful adaptation to the new requirements and processes. Therefore, it is important to check now:

1. are you a provider of telemedia/telecommunications services?

2. if so, which services does this include and what data collections are made in these services that have not been communicated transparently so far?

3. once you have identified the services, you "only" have to worry about legally compliant consent management!!

Björn Holeschak
Björn Holeschak
Team Lead, Data Protection

Drawing on his profound data protection expertise, he tackles data protection challenges with renewed vigor every single day. He understands the dangers and stumbling blocks in intimate detail and gives customers practical advice.

Add a comment

Please add 1 and 1.