.svg "Logo White")
Telekommunikation Telemedien Datenschutz Gesetz (TTDSG)
Overview
The Telekommunikation-Telemedien-Datenschutz-Gesetz (TTDSG), or Telecommunications-Telemedia Data Protection Act, effective December 1, 2021, combines privacy-related provisions from the Telecommunications Act (TKG) and the Telemedia Act (TMG). It aligns these with the General Data Protection Regulation (GDPR) and the ePrivacy Directive, mainly focusing on user consent for accessing or storing information on their devices. While TTDSG governs data access and tracking, provider identification obligations remain under the TMG’s Section 5 obligations, currently integrated in the Digital Services Act (DDG).
Regulation Summary
Timeline
-
May 20, 2021: TTDSG passed by the Bundestag
-
June 23, 2021: Published in the Federal Law Gazette
-
December 1, 2021: TTDSG takes effect
What Businesses Are Affected
- Applies to website and app operators, online platforms, advertising networks, and analytics providers.
- Both German and foreign companies that offer services to users in Germany fall under its scope.
- Applies across all industries and company sizes, including small businesses and freelancers with a professional online presence.
Exemptions
- Public authorities may be partially exempt when acting in official sovereign roles.
- Some technical exceptions apply for accessing or storing data without consent (e.g., cookies necessary for communication).
- The Impressumspflicht under the TMG does not apply to purely private, non-commercial websites.
Responsibilities for Businesses
- Businesses must obtain GDPR-compliant consent before storing or accessing most data on users’ devices (e.g., non-essential cookies, tracking technologies).
- Consent must be freely given, specific, informed, and unambiguous.
- Only strictly necessary cookies (such as those enabling a shopping cart) are exempt from consent.
- In addition to privacy obligations, businesses must also comply with DDG Section 5, which requires clear provider identification.
Specific Responsibilities for Website Owners
- Must use cookie banners or consent tools to allow users to accept or reject tracking.
- Must collect consent before placing non-essential cookies.
- Required to provide clear explanations about data collection purposes and third-party involvement.
- Must provide an Impressum (legal disclosure) page on the website, including:
- Business name and legal form
- Address of establishment (no P.O. box)
- Contact information (email, phone)
- Commercial register details (if applicable)
- VAT ID (if applicable)
- Responsible person for editorial content (if applicable)
- The Impressum must be easy to find, directly accessible, and constantly available, typically linked in the footer.
Additional Requirements
- User consent must be logged and stored to prove compliance in case of audits.
- If using third-party services (e.g., embedded YouTube videos or analytics), businesses share responsibility for transparency and lawful processing.
- Businesses must ensure their Impressum is accurate and up to date, or they risk legal consequences under German competition law.
Individual Rights
- Under GDPR, users can request:
- Access to their data
- Correction of inaccuracies
- Deletion of data
- Restriction or objection to processing
- Data portability
- Users must also be able to withdraw cookie consent at any time.
- The Impressum is not directly related to data subject rights, but it often includes contact info for exercising those rights.
Enforcement
- TTDSG enforcement is handled by:
- Federal Network Agency (BNetzA) for telecom-specific issues
- Data protection authorities (DPAs) in Germany’s federal states
- Violations of the TTDSG can result in fines up to €300,000.
- Failure to provide a valid Impressum under the TMG can lead to:
- Fines up to €50,000
- Cease-and-desist letters and lawsuits from competitors or consumer watchdogs
Questions?
If you would like to learn more, our compliance experts are happy to support you.
Leave us a Message