The tiresome online practice of obtaining consent to data processing with cookie banners is to be overcome with special services.
The flood of cookie banners, with which the operators of most websites currently have to obtain consent within the meaning of the General Data Protection Regulation (GDPR), overwhelms most users. The Federal Ministry for Digital Affairs and Transport (BMDV) came to this conclusion and now wants to change something with a draft for a “consent administration regulation” available to voonze online. By integrating recognized services, a “user-friendly alternative” will soon be available that will “relieve consumers from many individual decisions”.
With the Act on Data Protection in Telecommunications and Telemedia (TTDSG), legal requirements for services have been in effect since December, with which consumers should be able to manage their consent to the setting of cookies by website operators and the associated data processing. “Personal Information Management Systems” (PIMS) or single sign-on solutions come into consideration for this.
What is in the draft
According to the TTDSG, the federal government still has to determine the recognition procedure for and the legal-organizational requirements for PIMS & Co. by means of an ordinance with the consent of the Bundestag and the Bundesrat. The BMDV is now working on this with a first draft, which it still has to coordinate with business associations and the other departments.
According to the 21-page paper, as of July, a consent management service will offer procedures that allow end-users to easily declare or opt-out and manage consent to the storage and access of information. The corresponding mechanisms must therefore be transparent and easy to use.
According to the draft, presettings for the consent queries may not be made. The design and the text should be done in such a way that the user is not “influenced in a certain direction”. According to the justification, this is directed against design tricks such as “dark patterns” that are suitable for “exploiting typical behaviors such as end user impatience”. The decision to grant or reject an opt-in should be “equal”.
Quiet for half a year
According to the plan, users of relevant services can “give general consent sorted by category for specific access to terminal equipment and groups of telemedia providers”. The user must be “informed in an understandable way” about the content of the websites covered under this in order to be able to exclude individual offers if necessary. After six months at the latest, there should be a reminder about the settings and their review.
The provider of opt-in management must be recognized by the Federal Data Protection Commissioner and demonstrate that it has “no economic self-interest” in the granting of consent and in the managed data and is independent. Neutral intermediaries are in demand, but their offers do not have to be free of charge. A security concept must be submitted.
This is how the service works
If a service for consent management is used, according to the draft, a suitable program or other application transmits a signal, for example via an http request via the browser, to the end device of the telemedia provider, which informs about the use of the recognized service and gives the website operator access to the provided.
Browser manufacturers must allow the integration of such services. The BMDV does not specifically address previous “Do not Track” settings. Providers of telemedia, in turn, should be obliged to take the integration of recognized services into account through “technical and organizational measures”.
No panacea against tracking
Users will not be able to escape any kind of tracking with the proposal: the telemedia provider should be able to point out to users that the provision of content is “financed in whole or in part by advertising”, which makes the use of cookies “necessary for these purposes”. In this case, it should be permissible to refer to a “paid alternative offer” such as a premium service or to ask the user “to change their default settings for the consent management service”.
Approval banners, such as those used by media sites such as voonze online or Spiegel.de, would then be permissible. According to the justification, the BMDV wants to take account of the fact that “a large part of the services offered to end users on the Internet are free” and are refinanced through advertising “based on the use of cookies and similar tracking technologies”.
According to a spokesman, the Federal Data Protection Commissioner Ulrich Kelber received the draft on Tuesday. Among other things, the supervisory authority should determine the expected costs for the administration, which arise, for example, from the recognition and testing of services. In terms of content, Kelber only wants to comment on the project once the federal cabinet has launched the government draft.
(mki)