21. November 2021

What you need to consider when tracking

An analysis by Fieldfisher

User tracking and cookies continue to be subject to considerable dynamics with regard to legal regulation. Most recently, the ECJ and BGH rulings on “Planet49” and the ECJ ruling on “Schrems II” have created considerable legal uncertainty for the use of marketing technology. The Telecommunications Telemedia Data Protection Act (TTDSG), which will come into force in Germany on December 1, 2021, and current EU legislative projects such as the Digital Services Act are creating additional requirements. In this environment, the legally compliant use of online marketing technology requires not only a detailed legal analysis, but also technical support from specialized (compliance) tools.

Current developments in both case law and legislation not only mean a continuing tightening of legal requirements; they also bring a considerable degree of legal uncertainty to online marketing and e-commerce. This entails enormous and constant compliance costs for the underlying business models.

The end of the opt-out

One of the most significant changes for the German market is the elimination of “legitimate interest.” The BGH ruling in the “Planet49” case de facto abolished the previously applicable “opt-out” principle for the use of cookies. The TTDSG, which will come into force together with the new Telecommunications Act (TKG) on December 01, 2021, now also implements this case law by law.

In future, the storage of or access to information in the user’s terminal device via cookies or alternative technologies such as fingerprints, tags or pixels will require the user’s consent (opt-in consent). The use of such technologies without consent is then only permitted if the storage or access is absolutely necessary for the provision of the service – this is regularly not the case for advertising and marketing cookies.

Schrems II: The digital iron curtain

The ECJ’s Schrems II ruling is also a huge challenge for many adtech and martech setups: companies must ensure that data is adequately protected outside the EU – whether secured by an EU adequacy decision or corresponding bilateral agreements, or by standard contractual clauses – and in the case of the particularly important transfer to the US, it is a technical and legal challenge in typical online marketing scenarios to comply with the legal requirements.

“With the TTDSG, the German special path in matters of cookies is now finally coming to an end. For companies, implementing the data protection requirements remains a challenge, and the larger and more international the tech stack of a website, the more difficult it is to implement all the data protection requirements,” says Stephan Zimprich, partner at the international law firm Fieldfisher, summarizing the developments. “Today, legally compliant implementation requires both: specialized legal advice as well as support from compliance tech – and only if the two go hand in hand can the end result be a solution that can stand up to the critical eyes of the supervisory authorities.”

Klaus Müller, co-CEO of Vienna-based tracking technology provider JENTIS, explains, ” Data regulation is currently the strongest source of uncertainty in the digital economy, and it is not easy for companies to keep up with compliance. The good news is that technology made in Europe can once again help to adequately meet the high demands of data protection made in Europe. Tracking is more than ever a central component of digital functional logics and mechanisms and indispensable for a high-quality user experience. Companies must now take care to intelligently address the technical as well as data protection challenges associated with the new regulatory framework in order to continue to operate a globally competitive business on a privacy-compliant basis.”

About Fieldfisher

Fieldfisher is a dynamically growing international business law firm with around 1000 lawyers in Belgium, China, France, Germany, Ireland, Italy, Luxembourg, Spain, UK and USA – Silicon Valley. The firm has a particular focus on Finance, Tech, Energy & Natural Resources and Life Sciences. The firm also advises companies in all sectors of the economy, from start-ups to leading global corporations, as well as the public sector.

More articles

Past Events
25
Sep

JENTIS at the data protection conference

Visit us at the Data Protection Conference 2022 in Düsseldorf!

News

Denmark: Google Analytics declared unlawful

Google Analytics can no longer be used in a legally compliant manner without further measures. With its decision, Denmark's agency joins other data protection authorities in Europe.

Past Events
21
Sep

Meet JENTIS at DMEXCO

We are pleased about the enormous run on our stand and the two master classes at DMEXCO 2022 in Cologne.