The winter 2023 edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:
On the 18th of January, the EDPB published the adopted report of the work undertaken by the Cookie Banner Taskforce. The Cookie Banner Taskforce was established in September 2021 in accordance with article 70(1) (u) GDPR to coordinate the response to complaints concerning cookie banners filed with several supervisory authorities by the non-profit organization, NOYB, run by Max Schrems. The aim of this Taskforce was to promote cooperation, information sharing, and best practices between the supervisory authorities.Continue Reading EU-Cookie banner taskforce report: what you need to know
The Summer 2022 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:
The Winter 2022 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:
The German Holiday 2021 edition of the quarterly IT and Data Protection Newsletter has just been released:
Continue Reading Get your update on IT and data protection law in our newsletter (Holiday 2021 edition)
- The user’s consent, or
- The cookie must be strictly necessary in order to provide the service explicitly requested by the user (Strictly Necessary Cookies).
The category of Strictly Necessary Cookies was previously interpreted rather narrowly. There must be a clear link between the strict necessity of the cookie and the delivery of the service. It is not sufficient that the cookie is merely necessary from an economic perspective to run a website. The Article 29 Working Party in WP194 regarded shopping cart, user authentication, security, load balancing, or multimedia player as use cases for Strictly Necessary Cookies.
The legal basis for so-called Reach Measurement Cookies has been heavily debated. Reach Measurement Cookies are statistical audience measurement tools for websites used to estimate the number of unique users, track the users’ interaction with the website and track down navigation issues. Typically, they have not been regarded as Strictly Necessary Cookies because websites can be provided to the users without measuring the users’ interactions with the websites. At the same time, Reach Measurement Cookies only provide useful findings if every users’ interactions with the websites are tracked.
In this context, the French data protection authority (CNIL) has provided guidelines (Guidelines) under which the Reach Measurement Cookies may be considered as Strictly Necessary Cookies and thus benefit from the consent exemption.Continue Reading When are Reach Measurement Cookies exempt from the consent requirement?
The Spring 2021 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:
In this edition we cover the following topics:
- New cookie rules in Germany will apply as of December 1, 2021
- German data protection authorities conduct coordinated audits on international data transfers
Catch up on our Tech Law Talks podcast series for practical observations on technology and data legal trends. We cover product and technology development to operational and compliance issues that technology practitioners encounter every day.
On this channel, we host regular discussions about the legal and business issues around data protection, privacy and security; data…
The German Federal Cabinet adopted the Telecommunications and Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutzgesetz – TTDSG, available here) on February 10, 2021. The TTDSG, among other things, provides new rules on cookies and similar technologies (Cookies), introducing only two categories of Cookies: (1) strictly necessary Cookies and (2) consent-based Cookies. The legal basis of legitimate interests cannot be relied upon for Cookies anymore. Germany will be the last member state to transpose Article 5(3) of the Directive 2002/58/EC, amended by Directive 2009/136/EC (ePrivacy Directive) into national law – almost a decade after the deadline passed, and ignoring the extensive discussions on the Cookie provisions in the ePrivacy Regulation (and particularly the exceptions from the consent requirement).
Continue Reading A new recipe for Cookies – The new German Telecommunications and Telemedia Data Protection Act