Consent for Connected Devices Compulsory via German Telecommunications and Telemedia Data Protection Act

On 1 December 2021, the German Telecommunications and Telemedia Data Protection Act (TTDSG) came into force. This brings German law into line with European requirements. In the eco Academy webinar, Dr Jens Eckhardt explained why the TTDSG goes far beyond being a new cookie directive.

Since 1 December 2021, the TTDSG has brought together existing data protection provisions of the German Telemedia Act (TMG) and the Telecommunications Act (TKG) and aligned them to the European rules of the General Data Protection Regulation (GDPR). “An overdue step that now gives longstanding practice a different framework, but one that is not really better”, said Dr Jens Eckhardt, specialist lawyer for IT law and Board Member at EuroCloud Deutschland. “The legislators have failed to align the new rules to the GDPR in a clearly structured way”, said Eckhardt.

Conflict between the GDPR and the TTDSG remains a challenge

If the GDPR and the TTDSG clash with each other, the GDPR will in principle take precedence. “In essence, the GDPR supersedes the TTDSG, since the GDPR as an EU regulation takes precedence over national laws such as the TTDSG”, said Eckhardt. However, the regulations of the TTDSG are again based, at least in part, on an EU legal act: the so-called ePrivacy Directive. The GDPR settles the conflict by opening it up to national law (a so-called opening clause) in Article 95 of the GDPR. According to this, the German TTDSG still applies insofar as it transposes the provisions of the ePrivacy Directive. In other words, the prevailing GDPR opens itself up to regulations in national law that transpose the ePrivacy Directive. “However, the exemption for national laws only applies to regulations concerning the provision of publicly available electronic communications services in public communications networks. And it only applies if the regulations are based on the ePrivacy Directive”, said Eckhardt: “What sounds complicated is unfortunately also not so simple in practice.”

With the aim of making this simpler through two EU regulations and at the same time guaranteeing effective protection of the privacy of the data subjects, the EU is currently working on having the ePrivacy Regulation adopted. This will then supersede the data protection provisions of the TTDSG, but it is currently unclear whether and when this will come into force – in any case, it does not seem likely that it will come on stream before 2023.

TTDSG is also more than a new cookie regulation

Regardless of whether it’s to do with connected cars, smart refrigerators or smart meters: “The TTDSG goes far beyond a new cookie regulation, and not only in the telecommunications sector”, said Eckhardt. “The new regulations on access to information in terminal equipment and the storage of information in terminal equipment go far beyond the much-discussed cookie issue. The new regulation must be considered for all connected devices.” This is the case because the terminal device classification in the context of the TTDSG depends above all on whether the device is directly or indirectly connected to the interface of a public telecommunications network. Eckhardt: “Providers must therefore factor the special requirements of the TTDSG into the assessment.”

For example, it is only permissible to store information in terminal equipment if users have consented on the basis of clear and comprehensive information. The same applies when providers want to access data stored in terminal equipment. What’s different is if the access is strictly necessary: for example, to supply telemedia services that are explicitly requested by users. “In that case, no consent is required”, said Eckhardt. Those who produce smart devices must know the rules. Violations can result in fines.

TTDSG webinar for members online

Whether it’s fines, claims for damages or compensation – the list of possible sanctions is long. The TTDSG is not a completely new concept. “Rather, it extends old rules”, said Eckhardt: “Which means that nothing fundamental is changing for websites and apps.” A look at other EU countries can help, where the types of rules that the TTDSG now provides for Germany have already been longstanding for over 10 years. Eckhardt: “It just took longer for us.”

The complete German-language webinar is available for members of eco, EuroCloud or EuroCloud Native in the password-protected members+ area. Further information on the TTDSG by Dr Jens Eckhardt in the Otto Schmidt podcast.


Dr Jens Eckhardt is a specialist lawyer for information technology law as well as an ECSA Legal Auditor, Data Protection Auditor (TÜV – German Technical Inspection Association) and Compliance Officer (TÜV). He works for Derra, Meyer & Partner Rechtsanwälte PartGmbB and, since 2001, has been advising national and international companies nationwide on data protection, information technology, telecommunications and marketing.

Consent Compulsory for Connected Devices: German Telecommunications and Telemedia Data Protection Act 1
© Anja W. | istockphoto.com