Following the Bundestag, the Bundesrat voted shortly before Christmas for a controversial regulation aimed at curbing the flood of cookie banners. The legal act is expected to come into force on April 1.
Advertisement
The core of the initiative: A recognition service must provide end users with a transparent tool with which they can permanently give consent or express an opt-out. However, Dennis Lehmkemper, Data Protection Officer of Lower Saxony, thinks little of the approach adopted. One of their criticisms: Website operators are free to implement approved services for consent management.
38C3: Day 3 brings hacked prisons, location data and tax fraudHardly any change for website visitors?
Lehmkemper fears that “many providers will continue to rely on traditional consent banners”. The profits for visitors to your websites are likely to decrease accordingly. Other than this Data Protection Officer explainsThat now regulated consent management services only cover opt-in or refusal under the Telecommunications Digital Services Data Protection Regulation (TDDDG), but not under the General Data Protection Regulation (GDPR). According to EU standards, website operators must ask users for their consent to various types of cookies every time they use their service.
Lehmkemper complains that making administrative services now possible in this country should not lead to any simplification in dealing with cookie banners. Furthermore, there are currently no services that meet the requirements of the regulation. It is also unclear who will provide such services in the future, “especially considering the strict certification requirements.”
Examples include “personal information management systems” (PIMS) or single sign-on solutions. Lehmkemper believes that “unfortunately, the current practice of dealing with consent on websites is unlikely to change.” According to him, the problem can be solved more easily: website operators should “make their offers continuously more data protection-friendly” by excluding third-party services and cookies – especially for highly digital marketing that is too sensitive for the user. is not anticipated.
The Federal Data Protection Officer explains the requirements
The Interior and Economic Affairs Committees of the Federal Council demanded, inter alia, that the requirements for integrating a service for consent management should be equally mandatory for all providers of digital services. However, he was unable to make it to the full season. in one State Chamber appeals to federal government for solutionTo “carefully and seriously” complete the planned evaluation of the regulation within two years. As a precautionary measure, development of alternative approaches should begin in parallel with the evaluation whenever possible.
According to the regulation, the recognition of new services for consent management follows the presentation of a security concept by the Federal Data Protection Commissioner Louisa Specht-Riemenschneider. its requirements are Explained And an application form was submitted online. Therefore various technical and organizational protective measures should be introduced. Information on economic and organizational structure as well as financing is also required. For approval, the Federal Government has estimated an annual cost to the data protection authority of approximately 79,000 euros. They should be transferred into the economy. So far, Specht-Riemenschneider has not received any applications for recognition.
(No)
Wiesbaden Administrative Court: Identity cards must have fingerprints on them
