Updated guidance document for telemedia from the German data protection authorities
The German Data Protection Conference (Datenschutzkonferenz; the “Data Protection Conference”), which is the joint committee of the data protection authorities in Germany, recently published an updated version of its guidance for telemedia from the supervisory authorities (only available in german). This was published together with an informative evaluation report on the public consultation procedure (only available in german), which had been conducted prior to the update.
In order to minimise exposure to supervisory measures and fines, companies would be well-advised to use the German data protection authorities’ updated guidance as an opportunity to review the design of their websites, apps and other telemedia to see whether or not these take into account the supervisory authorities’ common positions. This also relates in particular to consent mechanisms for cookies and similar technologies.
Background: No special provisions for telemedia in the EU General Data Protection Regulation (GDPR), selective special provisions in the German Act to Regulate Data Protection and Privacy in Telecommunications and Telemedia and already-established guidance from the Data Protection Conference.
Specific adjustments and additional details in the updated guidance
Necessity for companies to consider revising their practices
Even if the updated version of the guidance does not conclusively and unambiguously answer all of the questions that are relevant in practice for ensuring that the design of telemedia conforms with data protection rules, nevertheless both the updated guidance and the evaluation report on the consultation procedure offer legal practitioners valuable insights into the German supervisory authorities’ legal views. It can be assumed that the supervisory authorities will base their administrative practice on the jointly formulated positions and, if any data protection requirements, as interpreted in their guidance, are violated, will take remedial action and, where necessary, impose fines.
Consequently, companies should keep the updated guidance and the evaluation report on the consultation process in mind when designing websites, apps and other telemedia. This applies especially to consent mechanisms for cookies and similar technologies (e.g. local storage, session storage, possibly browser fingerprinting, etc.). In order to minimise exposure to supervisory measures and fines, we recommend that companies use the German data protection authorities’ updated guidance as an opportunity to review the design of their websites, apps and other telemedia to see whether or not these take into account the supervisory authorities’ common positions.
Any questions? Please contact: Sebastian Dienst or Alexander Brandt
Practice Group: Data Privacy