We have identified a more suitable language of this document. To change language to please click here or close
Wir haben eine besser geeignete Sprache dieses Dokuments identifiziert. Um die Sprache auf zu ändern, klicken Sie bitte hier oder hier um diese Meldung zu schließen.
We have identified a more suitable language of this document. To change language to please click here or close
For storing your preferred CMS location, analysing referrals from LinkedIn and embedding third party content we need your consent (which you can withdraw any time).
This website uses cookies so that we can provide you with the best user experience possible. Our Cookie Notice is part of our Privacy Policy and explains in detail how and why we use cookies. To take full advantage of our website, we recommend that you click on “Accept All”. You can change these settings at any time via the button “Update Cookie Preferences” in our Cookie Notice.
Technical cookies (required)
Technical cookies are required for the site to function properly, to be legally compliant and secure. Session cookies only last for the duration of your visit and are deleted from your device when you close your internet browser. Persistent cookies, however, remain and continue functioning on repeat visits.
Analytics
CMS does not use any cookie based Analytics or tracking on our websites; see details here.
Personalisation cookies
Personalisation cookies collect information about your website browsing habits and offer you a personalised user experience based on past visits, your location or browser settings. They also allow you to log in to personalised areas and to access third party tools that may be embedded in our website. Some functionality will not work if you don’t accept these cookies.
Social media cookies
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our privacy policy.
TTDSG part I: Telekommunikationsdatenschutz 2.0?
Der Beitrag widmet sich den wesentlichen Neuerungen des TTDSG im Bereich...
The transitional period until the ePrivacy Regulation comes into effect
The transitional period and the new German Act on the Regulation of Data...
Data Law Navigator | Germany
Key content of the ePrivacy Regulation
The ePrivacy Regulation regulates the use of electronic communications services within the European Union and is intended to replace the Directive on Privacy and Electronic Communications (Directive 2002/58/EC). The ePrivacy Regulation is primarily aimed at companies operating in the digital economy and specifies additional requirements they need to meet in relation to the processing of personal data.
On this website, CMS presents key information on the ePrivacy Regulation and the status of the legislative process. We explain in particular the scope of application of the ePrivacy Regulation and deal in detail with the hotly debated topic of tracking. We will also provide information on the rules that will apply during the transitional period.
ePrivacy Regulation – current status and timescale
Originally, the ePrivacy Regulation was intended to apply from 25 May 2018 together with the General Data Protection Regulation (GDPR). Unlike with the GDPR, however, the EU Member States have not yet been able to agree on the draft legislation. The negotiations of the ePrivacy Regulation are still ongoing.
On 10 January 2017, the EU Commission presented the first draft of the ePrivacy Regulation; on 26 October 2017, the EU Parliament adopted an amended draft and voted in favour of negotiations with the Commission and the Council of the European Union (trilogue negotiations). On 5 December 2017, the Estonian EU Council presidency published its own draft. This was followed by drafts from the Bulgarian, Austrian, Romanian, Finnish, Croatian and German Council presidencies.
Most recently, the compromise proposed by Germany failed on 4 November 2020. Up until now there has not therefore been an authoritative draft text of the Council of Ministers available. As a result, the trilogue negotiations that were scheduled to start in the second half of 2018 were delayed. With the change in the EU Council presidency on 1 January 2021 and after many years of going back and forth, the Portuguese presidency has now succeeded – not completely without criticism – in convincing the Member States of its proposal of 5 January 2021. The trilogue negotiations with the European Parliament have started. These are based on a version of the EU Council of Ministers from 10 February 2021.
However, in view of the fact that there are some points of contention regarding the current text of the Regulation, these negotiations have not progressed as quickly as when the Portuguese presidency was pushing the matter of ePrivacy recently. However, experience with the GDPR has already shown that addressing new data protection regulations at an early stage can be worthwhile so that organisations are prepared for the need to implement the requirements in a timely manner.
Current framework of administrative fines under the ePrivacy Regulation
As is already the case with infringements of the GDPR, companies face substantial fines if they breach the ePrivacy Regulation (further information is available via the CMS GDPR Enforcement Tracker; please also see: 4th edition of the CMS GDPR Enforcement Tracker Report).
The draft ePrivacy Regulation essentially cites the provisions of the GDPR with regard to rules on legal remedies, liability and penalties. The stipulation on administrative fines (Article 23 of the draft), for example, refers to Article 83 of the GDPR.
Depending on the nature of the infringement, fines may amount to EUR 20,000,000 or 4% of the company’s worldwide annual turnover, whichever is higher (Article 23(3) of the draft).
It should also be noted that the fine provisions set out in the German Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia (TTDSG) applies since 1 December 2021.
Data processing justified after balancing interests?
The GDPR provides legal grounds for processing personal data based on the legitimate interests of the controller (Article 6(1), sentence 1, letter f). For a long time the Committee of Permanent Representatives grappled with the question of the extent to which a similar provision should be included in the ePrivacy Regulation. If the Council of Ministers decides against this, the crucial question will be raised as to how the scopes of application of the GDPR and the ePrivacy Regulation are to be distinguished in this respect, since legitimation under Article 6(1), sentence 1, letter f of the GDPR is only possible if the GDPR is applicable. The current draft does not contain a comparable provision.
28/11/2023
International Digital Regulation Hub
Following the EU Commission plan “A Europe fit for the digital age”, we have witnessed a lot of digital regulations in the EU including DMA and DSA, AI Act, Data Act and there is still more to come. Whilst presenting companies with a tumultuous landscape to navigate, the legal obligations imposed also present opportunities to develop their business in a new digital framework safeguarding responsible business practices, fair competition and personal data. The CMS Digital Regulation Hub is home to our Digital Regulation Tracker Tool, providing an overview of the key regulatory instruments for area of law, sectors and business activities which are critical for decision makers as they adapt to the increasingly digital landscape. In addition to this unique tool, we explore the impact this tsunami of regulation is having for businesses across a variety of industries and how GCs can ride the waves to stay ahead of the curve. Our latest report illustrates the key findings across Platforms, Content providers, Life Sciences & Healthcare, Energy & Infrastructure, Banking & Finance and Automotive industries. To discuss how to cope with the challenges of Digital Regulations and to explore the opportunities for your business, please contact one of our International experts.
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our privacy policy.