Cookies 2019 Year in Review: Germany DSK Guidance
In our weekly Cookies 2019 Year-in-Review blog series, we're covering headlines that were made from regulations in 2019. This week, we're focusing on updated Guidance from the Germany DSK.
In our weekly Cookies 2019 Year-in-Review blog series, we’re covering headlines that were made from regulations in 2019. This week, we’re focusing on updated Guidance from the Germany DSK.
Germany DSK Updated Guidance
In March 2019, the association of German Supervisory Authorities for data protection (‘Datenschutzkonferenz’ or DSA) released updated Guidance on the applicability of the German Telemedia Act (‘TMG’).
The Guidance aims to serve as Guidance for the implementation of data protection requirements when processing users’ data through telemedia services. This Guidance is the result of a stakeholder consultation carried out by the different German Supervisory Authorities last year.
8 Key Takeaways
- In accordance with Article 4(11) and Article 7 of the GDPR, consent must be informed, specific, freely given and affirmatively expressed. The user should always be able to exercise their rights, and should not suffer in the event of absence or consent withdrawal.
- Suitable options to ensure valid consent to data processing include the ticking of boxes on a website, the selection of technical features, or other forms of declaration of will or active behavior.
- Any form of data processing should be explained clearly and understood by the user.
- In accordance with Recital 32 of the GDPR, implied consent such as silence, inaction, or pre-checked boxes cannot be considered consent.
- Cookie banners providing information about cookies and an ‘OK’ button, but no option to refuse to the setting of cookies are not considered to be sufficient as consent is not freely given as required under Article 7 of the GDPR.
- The lifespan of cookies is not specified under German law. However, under the GDPR, shorter lifespans are more likely to meet the requirements.
- An option to withdraw consent must be provided and the procedure to withdraw must be as easy as the procedure to consent.
- The cookie policy must be user-friendly and should include simple terms, not overlying complex legal or technical terminology.