Ready for the new Google Consent Mode v2?Jetzt mehr erfahren »
News

Newsletter 09/2021


TTDSG + official letter

Our roadmap had actually planned a different topic for this month, but due to the large number of feedback from customers, we changed our mind at short notice and focused this month on the upcoming changes and clarifications of the German TTDSG. Furthermore, various customers have received questionnaires from data protection authorities, so that we have also implemented more features here that will help our customers to meet the requirements of the authorities more easily (see below for details).

TTDSG: Start on 01.12.2021

The TTDSG is Germany’s answer to the ePrivacy Regulation, which has now finally been implemented into German law. This means that it is now also clearly regulated in Germany that non-essential cookies always require consent and cookie banners are therefore mandatory . Since the TTDSG will come into force on December 1st, 2021, and the authorities are already carrying out initial checks on the basis of the ePrivacy Regulation (see below), it is advisable to question the existing cookie banner again and, if necessary, make design or make logic adjustments.

authority check

As early as May, the data protection authorities of several countries carried out a coordinated review of major websites. The websites concerned had to fill out extensive questionnaires and submit declarations on data protection. Various customers of consentmanager were also among them. The authorities have now mostly evaluated the answers and directed various points of criticism at the affected websites. We took these points as an opportunity and installed various features in the consentmanager to make it easier for our customers to comply with the legal requirements.

The letter from the authorities gives a relatively clear picture of “what works” and “what doesn’t work”. We have summarized the most important points for you here:

  • Easy decline
    The authorities have once again made it clear that refusing must be as easy as agreeing. There must therefore be an equivalent reject button on the first layer. Hiding the opt out in the text or just a submit button is not compliant.
    Recommendation: Make sure your design has two equivalent accept and reject buttons.
  • Legitimate Interests
    It was also underlined that the legal basis “legitimate interest” may only be used for really essential functions. In any case, marketing, analysis and social media are not essential. But this also applies to external fonts, tag managers or chat tools.
    Recommendation: Only designate providers as “functional” / “essential” without which your website will not work. All other providers should always be blocked by default and only activated after approval.
  • descriptions
    In many cases, the authorities have criticized the descriptions of the websites. For example, it is required that purposes are explained clearly and unambiguously (just “marketing” is not enough). Furthermore, the number of providers must be specified on the first layer.
    Recommendation: Store a descriptive text for all purposes and providers and use the macro[vendorcount] in the text to insert the provider number.
  • Non-EU data transfer
    The authorities also consider the reference to data transfer outside the EU to be important. If a provider is located or processes data in non-EU countries, a corresponding note should be attached.
    Recommendation: Check your provider list and expand the text on the first layer if necessary. We also have under menu> CMP’s> To edit> Appearance created the possibility in the second layer (advanced settings) to display the list of providers for which data transfer is ticked. under menu> Offerer> You can edit whether each provider implements a data transfer abroad.
  • Short list of providers
    In many cases there was criticism from the authorities that the lists of providers were too long. The background here is in particular the question of whether consent can be legal if the visitor can no longer have a meaningful overview of the list of providers.
    Recommendation: Sort out providers and shorten the list of providers to the essentials. A provider list with more than 50 or even more than 100 providers will most likely be considered non-compliant.
  • IAB TCF standard
    The authorities have found the IAB TCF standard to be critical. Various authorities have assessed parts of the standard as possibly not legally compliant and have expressed various concerns. For example, the purposes were criticized as too coarse-grained or the interaction between purposes, special purposes, features and special features as too incomprehensible.
    Recommendation: If you do not use online advertising on your website, you should not use the IAB TCF and instead define your own purposes.

More new features and changes

  • Improvements to WCAG / Accessible Display
  • Cookie Groups
  • Purpose descriptions on the first layer
  • Improved crawler reports
  • … and much more.

more comments

News

Newsletter 02/2024

DSA came into force: Does the Digital Services Act apply to your company?  In our latest article, we look at the critical updates and expanded obligations for more online sites brought about by the Digital Services Act (DSA), a key component of the EU Commission’s ‘Europe fit for the digital age’ initiative. The DSA has […]
Digital Services Act
Legal

Does the Digital Services Act (DSA) also apply to your company? Online platforms have additional obligations

The Digital Services Act sets additional transparency requirements for online platforms. The definition of an online platform under the DSA may apply to your business. As a result, you may be required to comply with the additional transparency requirements of the DSA. Read on to find out if your business falls into this category and […]