The TDDDG (previously: TTDSG) is only a few days old, and the first judgment has already come out with a bang: the cookie banner provider “Cookiebot” was declared illegal by the Wiesbaden Administrative Court. In summary proceedings, the RheinMain University of Applied Sciences was ordered to stop using the service.

Background: Cookiebot uses servers located in Europe, but since these servers belong to a US provider, the US Cloud Act applies here. This enables the US authorities to access the servers. Data stored on these servers is therefore not secure and Cookiebot therefore does not store this data in accordance with GDPR. The use of Cookiebot is ultimately illegal.
The verdict is groundbreaking and thus also indirectly affects other providers: In a first small test, we found US services used by all important CMPs and cookie banner providers: Usercentrics, SourcePoint, OneTrust, Didomi, CookieFirst, Iubenda, CookieHub, CookieYes and others also use services such as Amazon AWS, Google Cloud, Microsoft Azure, Cloudfront, Akamai and other US company services. As a logical conclusion from the “Cookiebot verdict”, the cookie solutions of these companies are also illegal.
However, nothing changes for consentmanager customers: We have always relied on purely European providers without headquarters in the USA and without US parent companies. consentmanager is therefore not affected by the Cookiebot ruling.
Log4j – Vulnerability?
Also causing a stir this month was a vulnerability in a widely used Java library called Log4j. A final test is currently still underway, but since we do not use any Java-based components at consentmanager , we currently assume that consentmanager ‘s systems remain secure.
More new features and changes
In particular, this month we have completed many small points from our roadmap. The main ones concern theme settings, blocking fixes, security features, reporting, and more.