Suche
Mein Konto
Cookies in sight: What users need to know about data protection and consent!
Find out everything about the UNI Erlangen-Nuremberg and the current data protection regulations in accordance with TDDDG, valid since 2025.
Cookies in sight: What users need to know about data protection and consent!
On May 23, 2025, the legal situation regarding cookies and data protection in Germany will be clarified by the provisions of the Telecommunications Digital Services Data Protection Act (TDDDG). This law originally came into force on December 1, 2021 and supplements the existing regulations of the General Data Protection Regulation (GDPR). The TDDDG combines the provisions of the Telemedia Act (TMG) and the Telecommunications Act (TKG) and at the same time implements the EU ePrivacy Directive, which defines the conditions under which cookies and similar technologies may be used on end devices.
The TDDDG regulates access to data on end devices and stipulates that the storage of information or access to it is only permitted with the consent of the user. The only exceptions are if storage or access is absolutely necessary to provide an expressly requested service. This means that technically necessary cookies, such as those required for session management, do not require consent.
Consent and cookies
Consent for cookies is usually a must, but there are exceptions. Strictly necessary cookies, which are necessary for basic functions of a website, do not require user consent. Challenges arise primarily when implementing consent banners, which must be clear, understandable and not misleading. These banners should contain an opt-in function and offer the opportunity to object. Under the TDDDG, providers are also required to obtain active and informed consent from users, especially when it comes to tracking user data.
Compliance with these regulations is of great importance, as violations of the TDDDG can be punished with fines of up to 300,000 euros. This was illustrated by a first conviction for an illegal cookie banner. State data protection supervisory authorities are responsible for enforcing the TDDDG, provided this is regulated by state law.
Technical aspects and data protection
Cookies are a central part of the discussion about data protection, as they are often stored as a collective term for various types of data that are stored locally on the user's end devices. In addition to cookies themselves, this also includes local storage, web storage, advertising IDs and other technologies. According to the requirements of the TDDDG, website operators must ensure that they avoid cookies and processing that requires consent, if possible, in order to minimize the effort involved in obtaining consent.
An important aspect is also external content that is integrated into websites. These may result in personal data being transmitted to third parties. Website operators should therefore resort to data protection-friendly solutions. Possibilities include local processing, proxy scripts or so-called two-click solutions that enable data protection-compliant integration. Direct integration of content, such as tweets or videos, often involves automatic data transfers, which must be reconciled with the requirements of the TDDDG and the GDPR.
When using external fonts that also transmit personal data, local integration is recommended to maintain data protection. Overall, the regulations aim to ensure that information can only be stored and accessed with the informed consent of the user. This creates more transparency and security in the handling of user data.
For more information offers fau.de comprehensive insights while baden-wuerttemberg.datenschutz.de and dr-datenschutz.de provide further details on the practical implementation and the legal framework.