On May 20, 2021, the new Act on the Regulation of Data Protection and the Protection of Privacy in Telecommunications and Telemedia (TTDSG for short) was passed. It will come into force on December 1, 2021. An important part of this law concerns the new regulation on the use of cookies, which has been laid down in Section 25.

What is new and must be observed in future?

In order to protect the privacy of users of terminal equipment, cookies can only be used in future with prior consent. The respective user must be clearly and comprehensively informed of this in advance.

Exceptions to this rule mainly apply to technically necessary cookies. These exceptions include

  • Cookies that are necessary to ensure the transmission of data in a public telecommunications network.
  • Cookies that are necessary to transmit data for a telemedia service to which the user has already consented.

This is to ensure that tracking or advertising cookies may only be used with the prior information and consent of the end user.

High fines may be imposed in the event of irregular behavior

Storing information in the form of cookies without information and consent is an administrative offense. It is irrelevant whether the process is intentional or negligent. Depending on the extent and severity of the offense, there are fines of varying amounts in the scales:

  • Up to Euro 10,000
  • Up to Euro 50,000
  • Up to Euro 100,000
  • Up to Euro 300,000

The new law also stipulates that the end user's browser must comply with the settings made by the end user regarding the use of cookies.

What are the requirements for cookie consent management services?

The legislator places high demands on the administrators of cookie consents:

  • User-friendly and competition-compliant procedures
  • Technical requirements for obtaining and managing consent
  • No economic self-interest in data collection
  • Independence from commercial companies
  • No further use of the stored data
  • Security concept with regard to all data protection requirements
  • High quality standards in terms of reliability

Exact specifications for the consent management services will be set out in a statutory instrument before the law comes into force on December 1, 2021.

Subscribe to the newsletter

and always up to date on data protection.

Read more articles

Billionaire at 28 - and advice for anyone under 18

Billionaire at 28 - and advice for anyone under 18

October 6, 2025
AI hijacks humanity - and nobody notices?

AI hijacks humanity - and nobody notices?

October 6, 2025
We're running out of electricians!" - Why the head of Nvidia advises Gen Z to use a screwdriver

We're running out of electricians!" - Why the head of Nvidia advises Gen Z to use a screwdriver

October 6, 2025