Banner TTDSG and 3G in the workplace. What to consider as an employer?
Industry Insights & News

TTDSG and 3G in the workplace - What to consider as an employer?

252x252_arthur_heydata_882dfef0fd_c07468184b.webp
Arthur
27.01.2023

Data protection and cookies reloaded - The TTDSG

A new law will apply in Germany from December 1, 2021.

The law with the snappy name Telecommunications Telemedia Data Protection Act ("TTDSG" for short) contains, among other things, regulations on cookies - but only slightly changes the standards that already apply under the General Data Protection Regulation ("GDPR" for short).

The TTDSG clarifies that the setting of cookies - as before - requires the consent of the website visitor. Consent is only dispensable if cookies or identifiers are necessary for the provision of the website, e.g. for the shopping cart, session cookies, for user preferences, e.g. language and screen settings and to ensure the technical security of the website.

The TTDSG extends the obligation to obtain consent for the collection of personal data, which previously applied to the GDPR, to all information. However, due to the broad definition of personal data, this change is unlikely to have much significance for operators of websites and apps.

Overall, however, the introduction of the law is a good opportunity to check whether cookie banners work. It can be assumed that the number of warnings will increase from December 1.

 In the future, the law will enable internet users to store their preferences regarding cookies, etc. in so-called "Personal Information Management Systems" (PIMS). When a user visits a website, it retrieves the preference (e.g. "reject unnecessary cookies") from the PIMS. Website operators will have to implement this preference. However, an implementation regulation is currently still pending, which must first specify the standards applied to these systems. Therefore, there is no need for website providers to take any action as of December 1.

Vaccination status of employees

The coronavirus situation is worsening. We are keeping our fingers crossed that our customers and their employees remain healthy and that the operation of the companies is largely unaffected. A logical consequence of the situation is that we receive many inquiries regarding the processing of the vaccination status of employees. So here is a summary: 3G now applies across the board in the workplace - employers are obliged to check daily whether employees in the company have been vaccinated, recovered, or tested. The employer may record the following data in a table for this purpose: Surname, first name, type of detection (rapid test, PCR test, proof of vaccination or recovery), and period of validity. The period of validity is particularly important for proof of vaccination. This means that an already known vaccination status does not have to be queried daily and there is no reason to scan the vaccination certificate or test certificate. However, it is possible for employees to voluntarily provide their vaccination certificate to their employer. If an employee's vaccination and test status is recorded, it must be stored separately from the personnel file. In addition, access to the data must be strictly limited.