German digital ministry drafts alternative cookie consent regulation

The new draft is meant to be an alternative to the current "cookie terror," as the constant popping up of cookie banners is often called.  [Zsolt Biczo/Shutterstock]

Germany’s digital and transport ministry is currently working on a draft law for a new cookie consent management regulation that aims to reduce the many pop-ups users encounter on websites, a document that was passed on to the media states.

The digital and transport ministry “is presenting a new regulation to simplify consent management for cookies” that aims to be an alternative to what some have branded “cookie terror” – the constant popping up of cookie banners.

“With this, we are implementing the legal framework created in §26 TTDSG,” the ministry said, referring to the Telecommunications Telemedia Data Protection Act, the national law transposing the EU e-privacy directive, also known as the “EU cookie law”.

According to the draft, data custodians like the so-called Personal Information Management Systems (PIMS) will ensure users’ consent to cookies on one website is replicated for others so that users are not asked for their consent on every website.

This will not apply to ad-financed websites, for which users will be asked for their consent each time if they keep declining consent. Users who accept cookies on ad-financed websites will no longer encounter banners on these websites.

According to the ministry, users who decline cookies on an ad-financed website will be more likely to not access such a website in the future, as access is only possible through tracking cookies or by opting for a paid service.

“If there were to be a general exemption for ad-financed websites, then the regulation from §26 TTDSG would be redundant, as the primary use case would be to use non-essential cookies or other web identifiers for the purpose of serving personalised advertising,” a board member of the German Association for Data Protection (DVD) told EURACTIV.

“This would be further evidence that the BMDV [the ministry] is not very serious about consumer interests if it affects corporate interests,” the association’s board member said.

But the technical system presented in the draft regulation does not even currently exist, noted Stefan Hessel, a lawyer specialising in digital matters at the consulting firm reuschlaw.

The ministry’s proposed regulation also gives more detail on the data trust services, saying they should have no interest in the data and must act independently, but remains silent on what organisations are to take on such a role.

German regulator welcomes Google's 'reject all' cookie button plan

Google’s plans to include a “reject all” button on cookie banners after its existing policy violated EU law was welcomed by Hamburg’s top data protection official, who presented his activity report on Thursday (7 April). EURACTIV Germany reports.

No hope in the e-Privacy regulation

The proposal made by the ministry indicates that Germany may have lost hope in seeing progress when it comes to the ePrivacy Regulation, an EU proposal intended to regulate cookies, among other things, but that has been stuck in the legislative process for years now.

However, the two things for the digital ministry are not related as the ePrivacy Regulation does not provide a solution to this management proposal. While the regulation remains deadlocked in interinstitutional negotiations, the ePrivacy Direct remains in place, which is also known as the ‘cookie law’.

The ePrivacy Directive was transposed in Germany with the Telecommunications Telemedia Data Protection Act (TTDSG). It imposes an obligatory opt-in procedure – as confirmed by the Court of Justice in Luxembourg.

The German ministry confirmed that the new cookie law would be aligned with the TTDSG.

Cookies: French data protection watchdog welcomes increased compliance

Following on from its guidelines on the rules to be applied to cookies, the French data protection authority (CNIL) drew up on Tuesday (14 September) the results of its second campaign of formal notices sent to companies for non-compliance with the legislation on cookies.

Open questions

Improvements are needed in consent management, Tobias Bacherle, chairman of the Green Party’s digital committee, told EURACTIV, adding that the goals of the regulation are heading in the right direction.

“What is important is that the implementation does not create any new possibilities for circumvention or exceptions, which will keep cookie use so de facto difficult to track,” Bacherle said.

According to Bernd Nauen, CEO of the Central Association of the German Advertising Industry (ZAW), the draft reveals serious gaps and inaccuracies and fails to do justice to telemedia providers.

For example, Nauen criticises that the central management “no longer grants providers their own consent management, largely cuts off customer relations and does not comply with the legally founded precedence of individually granted consents over general consent managers.”

Nauen also criticised the draft law for not trying to simplify the complicated data protection rules already in place.

However, according to the German Association for Data Protection’s board member, who asked not to be named, data protection should not be blamed for what he called a ‘disastrous cookie consent practice’, “but rather upon the largely unchecked spying interests of the advertising industry about internet users to date.”

The draft regulation was sent to the departments last week and will soon be sent to the associations and the federal states. A new draft bill will then be sent to the EU Commission. The regulation will most likely not be adopted this year, but the ministry expects that the regulation could eventually be passed by 2023.

[Edited by Luca Bertuzzi/Daniel Eck/Nathalie Weatherald]

Read more with Euractiv

Subscribe to our newsletters

Subscribe