Ready for the new Google Consent Mode v2? Learn more »

Newsletter 12/2021

The TTDSG is only a few days old when the first verdict comes with a bang: The cookie banner provider “Cookiebot” was declared illegal by the Administrative Court of Wiesbaden. In summary proceedings, the RheinMain University of Applied Sciences was ordered to stop using the service.

Background: Cookiebot uses servers located in Europe, but since these servers belong to a US provider, the US Cloud Act applies here. This enables the US authorities to access the servers. Data stored on these servers is therefore not secure and Cookiebot therefore does not store this data in a GDPR-compliant manner. The use of Cookiebot is ultimately illegal.

The verdict is groundbreaking and thus also indirectly affects other providers: In a first small test, we found US services used by all important CMPs and cookie banner providers: Usercentrics, SourcePoint, OneTrust, Didomi, CookieFirst, Iubenda, CookieHub, CookieYes and others also use services such as Amazon AWS, Google Cloud, Microsoft Azure, Cloudfront, Akamai and other US company services. As a logical conclusion from the “Cookiebot verdict”, the cookie solutions of these companies are also illegal.

However, nothing will change for consentmanager customers: We have always relied on purely European providers without a registered office in the USA and without US parent companies. consentmanager is therefore not affected by the Cookiebot verdict.

Log4j – Vulnerability?

Also causing a stir this month was a vulnerability in a widely used Java library called Log4j. A final check is still ongoing, since we do not use any Java-based components at consentmanager, we currently assume that the consentmanager systems are still secure.

More new features and changes

In particular, this month we have completed many small points from our roadmap. The main ones concern theme settings, blocking fixes, security features, reporting, and more.

more comments

EDPB opinion on pay or consent model
Legal, News

The latest decision of the EDPB on “consent or pay” models for online platforms

The Dutch, Norwegian and German (Hamburg) regulators asked the European Data Protection Board (EDPB) for guidance on whether large online platforms can implement ‘consent or pay’ models for behavioural advertising based on valid and freely given consent. This was prompted by Meta’s introduction of a subscription model in October 2023, where users were given the […]
New regulations US 2024

New US data protection laws come into force in 2024: Update your US-specific privacy settings

In the United States, new data privacy laws will take effect in the second half of 2024 – in Florida, Texas, Oregon and Montana . Companies that operate in these states or have customers in these states will need to review their data privacy practices to ensure compliance with the new data privacy laws. To […]