On September 4, 2024, the German federal government adopted a new Consent Management Ordinance decided, more precisely the “Ordinance on Consent Management Services under the Telecommunications Digital Services Data Protection Act (Consent Management Ordinance – EinwV)”. The EinwV is based on the TDDDG (Telecommunications Digital Services Data Protection Act: the old TTDSG, which was amended and renamed to implement the Digital Service Act), which, among other things, regulates telecommunications secrecy and contains provisions on the protection of usage data, number suppression and display, end user directories and cookies. The aim of the EinwV is to implement the provisions already provided for in the TDDDG to avoid “cookie fatigue”. Alternative to the “cookie banners” implement:
- § Section 25 of the TDDDG enshrines the consent requirement for the use of cookies (more precisely: for the storage of information in the end device and access to information stored there) in national German law.
- § Section 26 provides that services can be recognized that manage consent management procedures, so-called Personal Information Management Services or PIMS that centrally manage consents and provide them to providers. The Federal Government is authorized to regulate the requirements for such procedures, the procedure for the corresponding recognition and the TOMs that PIMS can take into account.
Against this backdrop, the EinwV stipulates that PIMS providers can be recognized if they and their solution meet certain transparency requirements, allow switching to another provider and are not discriminatory for competitive reasons. The recognition procedure and the TOMs are also regulated.