Search

Cookies under German data protection law

The Data Protection Conference of the German supervisory authorities has published an orientation guide for telemedia providers (in German)

Accordingly, the supervisory authorities do not consider the provisions of the German Telemedia Act (Section 4; §§ 11 et seq. TMG) to be applicable, as the provisions of the Telemedia Act do not implement the ePrivacy Directive 2002/58/.

For this reason, the lawfulness of processing is governed by the provisions of the GDPR.

In summary, the following rules apply:

  1.  The informed consent of the user is required before cookies are set. The conditions of consent are set out in Art. 4 No. 11 and Art. 7 DSGVO. Consent must be given explicitly, i.e. not simply by an already set “OK” in the content banner.
  2. Website operators must inform users in a clear, precise and easily understood language that cookies are set on the website, e.g. by a banner or active textboxes. The information must be given before the cookies are placed. 
  3. The information must also contain details of the purpose of storing of, or access to, information in the end-user’s terminal equipment. It is not enough merely to advise that this is done. Therefore, stating that “we use cookies to improve your experience on the website” without further clarification is not considered to be compliant with the rules. 
  4. The information must further contain detail about who is setting cookies. Where third parties set, store or gain access to information in a user’s terminal equipment via the provider’s service, exact identificationindication of the third parties must be given. 
  5. Website users must be able to withdraw a consent already given. At the moment it seems to be sufficient to simply inform users about this right in the privacy policy. 

Exceptions 

If the use of cookies and the storage of data on the user’s terminal equipment is a technical prerequisite for the provision of a service expressly requested by the user, such cookies are generally excluded from the rules, as their processing may be based on a legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR.

Such exceptions are shown in the following examples of this are: provision of Internet access, booking systems, web forms, and electronic shopping carts.

activeMind.legal Rechtsanwaltsgesellschaft is a law firm specialising in data protection law. With our partner firms in the UK and Switzerland, we cover all aspects of GDPR compliance and national data protection law in Europe.

Munich

activeMind.legal
Rechtsanwaltsgesellschaft m. b. H
Potsdamer Straße 3
80802 Munich, Germany

+49 (0) 89 / 919 29 49 00

Berlin

activeMind.legal
Rechtsanwaltsgesellschaft m. b. H
Kurfürstendamm 56
10707 Berlin, Germany

+49 (0) 30 / 770 19 10 70

Services

Resources

About

Group

© 2016-2024 activeMind.legal

powered by rethink digital & KLEINWERKSTATT

Contact us!

+49 (0)89 / 91 92 94 – 900

Full details of how we handle your data can be found in our privacy policy.

Secure the knowledge of our experts!

Subscribe to our free newsletter:

By clicking on "Subscribe now" you consent to receive our newsletter. We will only use your data in accordance with our privacy policy.