The Status of Implementation of the e-Privacy Directive in Germany
In Germany, the if and how of a ratification of Art. 5 (3) of the e-Privacy Directive is still highly debated.
Up until now, the German government was of the opinion that a change of the existing law is not necessary. Rather, it found that current law – that provides for an opt-in only in case data of an identifiable individual is concerned - would sufficiently reflect the rules required under Art. 5 (3) of the e-Privacy Directive. In November 2010, the German data protection authorities issued a joint statement confirming that they found a change in the law inevitable as the Directive’s wording would now require an opt-in in any case. Pressure on German government increased once the Bundesrat (Upper House of Parliament) (in June 2011 as well as the opposition in February 2012) proposed a draft law changing the current wording to opt-in language. The German government did not officially deliver an opinion to these drafts (both proposed the same text). However, it explained that further developments on a European level as well as concepts for self-regulation should be awaited. In between, various drafts of an the German government’s own draft law were discussed internally, but so far were not published. Still, it is very likely that sooner or later the government will provide a draft despite its “no change necessary” view. It remains to be seen whether this would still permit an opt-out approach or require prior, explicit opt-in as is suggested in so many other Member States.
Current legal situation on cookies
What is to come?
Any new law on "consent" for cookies should reflect that opt-out can suffice, in particular, in the case of "normal" cookies that can be declined by changed browser settings