Germany: Federal Council approved Consent Management Ordinance

On 20 December 2024, the German Federal Council approved the Consent Management Ordinance (BGBl I Nr. 32), a regulation issued under the Telecommunications-Digital Services-Data Protection Act (TDDDG). The Ordinance establishes the legal basis for the recognition of consent management services that enable end-users to manage, store, and revoke their consent for the use of terminal device data under Section 25 of TDDDG. These recognised services are designed to offer a user-friendly and privacy-preserving alternative to the widespread use of individual cookie consent banners. The regulation lays out detailed procedural, technical, and organisational requirements for recognition, including usability standards and interoperability with digital services and retrieval software. The use of such services by digital service providers is entirely voluntary. However, providers, including those in the Internet, cloud, telecommunications, and software sectors may apply for official recognition by the Federal Commissioner for Data Protection and Freedom of Information (BfDI). This status is granted only if the provider can demonstrate both legal and economic independence and full compliance with the Ordinance’s neutrality and transparency standards.