18 July 2022
The new Act Data Protection and Privacy of Telecommunication and Telemedia Services (TTDSG) has been in force in Germany since December 1, 2021. It merges the data protection provisions of the Telemedia Act (TMG) and the Telecommunications Act (TKG) in a single new Act. In doing so, the German legislature is fulfilling, with considerable delay, its obligation to transpose European law into national law in conformity with the respective European Directives (in particular the Directive 2002/58/EC as amended by Directive 2009/136/EC; so-called Cookie Directive).
The TTDSG is intended to harmonize the data protection provisions of the TKG and the TMG and eliminate legal uncertainty regarding the distinction between the sector specific data protection rules and the General Data Protection Regulation (GDPR).
Due to the revision of the TKG in December 2021, the TTDSG applies not only to providers of telecommunications services that are number-based (i.e. telephone services), but also to providers of number-independent services (so-called over-the-top services such as webmail or messenger services).
The TTDSG also applies to providers of telemedia services. Telemedia are electronic information and communication services, unless they are telecommunications services or telecommunications-based services (see above) or broadcasting. This includes websites and other online offers of goods/services, video on demand platforms, but also simple advertising e-mails.
The geographic scope of application basically corresponds to that of the GDPR.
The TTDSG regulates data protection and privacy in telecommunications. The provisions of Secs. 88-107 of the former TKG and supplementary provisions have been transferred to Secs. 3-18 of the TTDSG and concern in particular:
Furthermore, the TTDSG regulates telemedia data protection. While the general rules concerning telemedia services are further codified in the TMG, the TTDSG applies to telemedia data protection with priority over the GDPR. Essential regulations concern:
Section 26 TTDSG supplements Section 25 TTDSG to the effect that independent services, so-called Personal Information Management Systems (PIMS), can be used for consent management.
The Commissioner for Data Protection and Freedom of Information (BfDI) remains responsible for the supervision of the processing of personal data of natural persons and legal entities. The Federal Network Agency (BNetzA) retains supervision for ensuring the provisions of the first and second parts of the TTDSG concerning telecommunication services. Violations of the provisions of the TTDSG can be prosecuted under criminal and regulatory law. Violations of the confidentiality of communications can be punished by imprisonment of up to two years or fines, while violations of the other provisions of the TTDSG can result in fines of up to EUR 300,000.00. It should be noted that violations of telecommunications secrecy are subject to the general Criminal Code (StGB) and can be punished with a prison sentence of up to five years or a fine under Section 206 of the StGB.
by Dr. Daniel Tietjen and Dr. David Klein, LL.M. (Univ. of Washington), CIPP/E