Data protection and cookies reloaded - The TTDSG
From the 1 December 2021 a new law will apply in Germany.
The law with the crisp name Telecommunication Telemedia Data Protection Act (“TTDSG” for short) includes, among other things, regulations on cookies - but only slightly changes the standards already applicable under the General Data Protection Regulation (“GDPR” for short).
The TTDSG makes it clear that the setting of cookies - as before - requires the consent of the site visitors. Consent is only unnecessary if cookies or identifiers are absolutely necessary for the provision of the website, e.g. for the shopping cart, session cookies, for user preferences, e.g. language and screen settings and to ensure the technical security of the website.
The TTDSG extends the consent requirement for the collection of personal data that was previously applicable to the GDPR to include all information. However, due to the broad definition of personal data, this change is unlikely to have any significance for operators of websites and apps.
Overall, however, the introduction of the law is a good opportunity to test whether cookie banners are working. It can be assumed that the number of warnings from 1.12. will increase.
In perspective, the law enables Internet users to set preferences for cookies & Co. in so-called "Personal Information Management Systems" (PIMS) to deposit. When a user visits a website, it calls up the preference (eg “reject unnecessary cookies”) from the PIMS. Website owners will have to implement this preference. At the moment, however, there is still an implementation regulation that must first specify the standards applied to these systems. That is why there is for providers of web offers on 1.12. no need for action yet.
Vaccination status of employees
The corona situation is worsening. We keep our fingers crossed that our customers and their employees stay healthy and that the company's operations are largely unaffected. A logical consequence of the situation is that we receive many inquiries relating to the processing of the vaccination status of employees. Therefore, at this point a summary: 3G now applies across the board in the workplace - employers are obliged to check on a daily basis whether employees in the company have been vaccinated, recovered or tested. For this purpose, the employer may enter the following data in a table: Last name, first name, type of verification (rapid test, PCR test, vaccination or recovery certificate) and period of validity. The period of validity is particularly important for proof of vaccination. An already known vaccination status does not have to be queried every day, there is no reason to scan the vaccination certificate or test evidence. However, it is possible that employees voluntarily provide their vaccination certificate to the employer. In the event of an inspection, they must be able to show it - and can then refer to the employer. If the vaccination and test status of an employee has been recorded, it must be saved separately from the personnel file. In addition, access to the data must be strictly limited.