The Telecommunications Telemedia Data Protection Act (TTDSG), which transposes EU requirements into national law, will apply to Germany from December 1, 2021.
The TTDSG applies whenever data is stored in or read from the “end user’s terminal equipment”. From a technical point of view, this means, for example, storing and reading out information by means of cookies or web storages.
Central to this is § 25 TTDSG:
The storage of information in the end user’s terminal equipment or access to information already stored in the terminal equipment is only permissible if the end user has consented on the basis of clear and comprehensive information. The information to the end-user and the consent shall be provided in accordance with Regulation (EU) 2016/679.
What does this mean for my website or app?
Whenever you want to use information in the end user’s terminal equipment, this requires the end user’s consent in accordance with the GDPR. In case of doubt, the same should apply here: Better to ask once too often.
UPDATE 12/24/2021: If you are not sure whether one of your applications falls under this requirement, there is now an orientation guide from the independent federal and state data protection supervisory authorities (german only).
What does the TTDSG mean when using lalalytics?
lalalytics does not store any information in the users’ end device and does not read any information. Instead, lalalytics uses the IP address implicit in the request to produce a temporal hash value.
From our point of view, the TTDSG does not play a role when using lalalytics. If you want to be absolutely sure, continue to inform and ask your users or clarify the issue with your data protection officer.