Germany adopts new data protection and privacy law

with the Bundestag’s upcoming recess and elections set for 26 September, the time-pressured agriculture ministry is aiming “to complete the legislative process before the federal elections in order to prevent the laws from being subject to discontinuity," an agriculture ministry spokeswoman told EURACTIV Germany. [CLEMENS BILAN]

German parliament this week adopted a law regulating data protection and privacy in telecommunications and telemedia. For the first time, the legislator transposed EU requirements on cookies from the bloc’s e-privacy directive. EURACTIV Germany reports.

German data protection was until recently regulated by a series of laws. That led to legal uncertainty due to partially contradictory provisions. Both the Telemedia Act (TMG) and the recently amended Telecommunications Act (TKG) have prompted uncertainty in some quarters.

The Data Protection Act passed on Thursday (20 May) intends to unify the country’s rules and bring them in line with the EU’s General Data Protection Regulation (GDPR).

“Until now, questions about data protection and privacy were split between these two laws. These different data protection rules will now be merged into a single law so that the legal situation is clearer and more consistent,” Social Democrat (SPD) MP Falko Mohrs told EURACTIV.

According to Christian Democrat (CDU) MP Hansjörg Durz, it was a “good day for data protection.” Speaking in parliament, the conservative lawmaker also stressed that the new law had created the “basis of the data economy of the future”.

The new law, known by its acronym TTDSG, has also come under fire from critics. In a statement, MP Mario Brandenburg of the liberal FDP said the new rules undermined “the right to anonymity on the internet.”

The law could in any case soon be superseded by European law since the EU is currently holding intense talks on the new ePrivacy Regulation, which regulates data protection across Europe.

French data watchdog to start checking cookie policy compliance

France’s data protection watchdog CNIL will from Thursday (1 April) begin conducting checks to ensure websites are in compliance with new guidelines on advertising trackers after the deadline it granted expired. EURACTIV France reports.

The cookie problem

The new legislation also implements the E-privacy directive’s requirement to have users agree to cookie settings, which has been enshrined in EU law since 2009.

Rulings from the EU Court of Justice and the German High Court clarified that failure to require internet users to explicitly consent to the use of cookies was incompatible with EU law.

Although the new law transposes the EU’s policy on cookies, opposition politicians slammed the new cookie regulation as a “smokescreen” that did not really contribute to the handling of personal data.

Anke Domscheit-Berg of the far-left Die Linke called for a “ban on mass surveillance for advertising purposes,” and rejected the law because its provisions on personalised data were too loose, while FDP MP Manuel Höferlin said it was “not a real system to manage personal information.”

German-German dispute over fibre optic funding to be decided in Brussels

The European Commission is examining German plans to support the fibre optic industry. The Christian Democrat (CDU/CSU) parliamentary group asked for early approval, while the fixed network industry association BREKO is opposed to the measures. EURACTIV Germany has seen both letters.

Fibre optics

The new law also addressed the opposition’s claim that the amendment to the Telecommunications Act (TKG) passed earlier this month to implement the 2019 EU Code for Electronic Communication did not contain sufficient data protection provisions.

The several hundred-page-long law aims to pave the way for broadband expansion – an area in which Germany lags far behind other countries, particularly in its expansion of fibre optics.

While fibre-optic connections cover between 69% and 75% of broadband in countries such as Sweden, Lithuania or Spain, Germany’s share is only 4.7%.

Germany has opted for a two-pillar system to ensure internet coverage meets the minimum specified in the EU Code.

“On the one hand, the law contains a list of services – such as the interference-free holding of video conferences – that must at least be possible in order to ensure digital participation of citizens. As a second criterion, we have anchored the legal right to internet access in the amendment,” MP Mohrs told EURACTIV.

Austria already adopted a similar approach in 2018, entitling every citizen to a “functional internet connection”.

However, the TKG sets clear standards for the entitlement to internet access based on “80% of the internet speed used by consumers in upload and download,” Mohrs said.

The benchmark is set and reviewed annually by the German parliament, in close cooperation with the country’s network agency.

“By introducing this benchmark, this limit is being dynamically pushed ever higher and the fibre-isation of the country is being driven forward,” Mohrs explained.

[Edited by Josie Le Blond]

Subscribe to our newsletters