New data protection rules: What you need to know about cookies!

New data protection rules: What you need to know about cookies!

On July 10, 2025, developments surrounding data protection and cookies in the digital space will be at the top of the list of current topics. With the entry into force of the TDDDDG In December 2021, the legal situation in Germany changed significantly. There was previously a lack of clarity about the use of cookies, which is now regulated more clearly by the new law. The opt-in principle in particular has provided a breath of fresh air, as it requires active consent from users for the storage of information on end devices.

The TDDDG combines the provisions of the Telemedia Act (TMG) and the Telecommunications Act (TKG) and implements the requirements of the ePrivacy Directive. Particularly worth mentioning here is Section 15 Paragraph 3 TMG, which until this law required an opt-out - an approach that contradicted the European requirements. These changes are intended to help users be more transparently informed about data storage and processing, which in turn should increase their trust in digital services.

Cookies and your consent

Well, what does this mean specifically for website operators? Obtaining user consent in a clear and understandable manner is mandatory as long as no technically necessary cookies are used. Such necessary cookies are essential, for example, for session management or user management in online forms. For all other types of cookies that are not strictly necessary, active consent must be obtained from users. This also includes so-called tracking mechanisms, for which particular caution is required in order to avoid legal problems. Privacy-friendly alternatives like thisTwo-click solutionsare intended to defuse legal gray areas and provide additional security.

Consent banners are a sensitive topic. They must be clearly worded and users should not be misled into consenting by misleading information. The use of techniques such as “nudging” or “dark patterns” is not only prohibited, but can also be punished with heavy fines – up to 300,000 euros are possible. The data protection supervisory authorities of the federal states have control here and take action in the event of violations.

External content and its processing

Another important aspect is the integration of external content. Websites that include videos or social media plugins must take particular care to ensure that they do not transmit any personal data without authorization. The most important thing here is data protection-friendly integration in order to protect the personality of the users. Alternatives such as local processing or proxy scripts can help to comply with data protection regulations.

The digital world is changing and the challenges of data protection are inevitable. Website operators are well advised to remain vigilant and design their offerings so that they are both legally compliant and user-friendly. Ultimately, it is up to us as users how well we are informed about how our data is handled and how our online experiences are designed.

Sport4Final has already provided interesting insights in its reporting on these developments that make and explain how to deal with cookies and data protection in the digital space a little easier.