Data protection in Germany continues to evolve, driven by the population’s growing commitment to protecting their personal data and the efforts of government authorities. In this article, we will review the latest updates and key activities that have taken place in different states in 2023 and the beginning of 2024.
Recent court decisions
In a recent decision dated January 19, 2024, the Cologne Higher Regional Court (case number 6 U 80/23) ruled that the buttons for accepting and rejecting cookies on banners must be equally accessible and easy to use . This decision goes back to the WetterOnline case. It was found that the banner design did not provide an easy way to reject cookies, as was the case with accepting cookies. The design was considered anti-competitive and misleading, particularly because it included a button labelled “Accept & Close [X]”, which could lead users to inadvertently give their consent to cookies.
This ruling underscores the need for companies to ensure that their cookie banners provide clear and transparent choices to meet legal standards for user consent.
Current reports from regional data protection authorities
Data protection report of Schleswig-Holstein
The 2024 Data Protection Report from the Independent State Center for Data Protection Schleswig-Holstein (ULD) highlights important focus areas such as the handling of health data, employee data protection and the secure use of cloud technologies. The report also underlines the need for legislative progress, particularly in the areas of worker data protection and artificial intelligence.
Important figures and statistics:
- In 2023, 1,344 written complaints were received, a figure consistent with the previous year and indicating a consistent level of public engagement and concern about data protection issues.
- 527 data breaches were reported, an increase from 485 in the previous year.
- The number of complaints related to video surveillance has increased, reaching a new high of 256 written complaints compared to a total of 191 complaints in the previous year (188 non-public and 3 public).
Report of the Saxon Data Protection Authority
The Saxon Data Protection and Transparency Commissioner (SDTB) has summarized the main areas of work for the year in its 2023 annual report .
The most important results and measures:
- An increase in complaints about possible data protection violations of almost 10% to a total of 1,160 complaints. In addition, a record number of 950 data breaches were reported, indicating growing concern in both the public and private sectors.
- The report examines the compatibility of AI technologies such as ChatGPT with European data protection law and highlights the importance of complying with regulatory standards when using such technologies.
Hamburg Commissioner for Data Protection and Freedom of Information
In its 2023 activity report, the Hamburg Commissioner for Data Protection and Freedom of Information points to a significant increase in complaints and data protection violations . The number of complaints increased by almost 20 percent to 2,537, mainly due to problems with Meta and Google products. The number of reports of data breaches also rose to 925, including 235 hacker attacks. The report highlights the crucial role of data protection authorities in overseeing AI systems under the recently passed AI law, particularly in areas that may affect the public interest, such as law enforcement and elections.
Conclusion
The developments in the 2023 data protection activity reports from the various regions of Germany underline the need for constant vigilance and adaptation by companies. Court decisions such as that of the Cologne Higher Regional Court have raised expectations regarding consent banners and guidelines and demonstrate the commitment of data protection authorities to look closely at the details and to decisively counter misleading practices.
To ensure that your cookie banner complies with the requirements of the EU GDPR, you can view our free cookie checklist here .