Taking a relaxed approach to the new consent management regulation

von Olaf Brandt

The new Consent Management Ordinance (EinwV) was adopted on December 20, 2024 and is expected to come into force on April 1, 2025. However, experts are already describing it as a “pipe-dream” and it is considered doomed to failure even before it comes into force.

For a long time, the idea was discussed under the heading “Personal Information Management System (PIMS)”. The current regulation is based on Section 26 (2) TDDDG and is intended to enable the central management of consent across websites and devices.

The original intention was to make individual cookie or consent banners superfluous with the help of “recognized consent management services”. However, the EinwV will hardly achieve this, because

• Consent management by the website operator is declared voluntary. Websites can support these services, but do not have to. So why should they make the integration effort if they do not derive any benefit from it? This would only change if such services were to gain a critical mass of users, which is more than doubtful.

• “blanket default settings for possible consent requests from the provider of digital services” (BT-Drs. 20/12718, p. 22) are not envisaged. Users would therefore still have to make a consent decision for each individual website. Users would merely be spared having to experience different dialogs with different designs. Of course, this would also rule out dark patterns.

• the EinwV should only consents pursuant to Section 25 (2) TDDDG regulate. In practice, consent is almost always required under the GDPR for the processing of personal data. One exception is etracker analytics, where only the use of analytical cookies requires consent as standard, but the data processing is based on the overriding legitimate interest. For marketing services such as Google, Meta and TikTok, however, consent must include both cookies and data processing. In these cases, consent management services would therefore only do half the job. Users would rather have the disadvantage of having to interact with two separate consent dialogs per website.
• the strict certification requirements will hardly motivate providers to develop such a service. The required interoperability in particular also makes it difficult to attract providers. It is questionable whether a first mover can enjoy lasting advantages.

At present, website operators cannot make any preparations for the introduction of a consent management service. However, in view of the points mentioned above, it makes sense to wait and see anyway. However, it makes sense and is recommended now,

• to set up tracking independently of consent or to use consent-free web analysis services such as etracker analytics and
• standardize consent and tag management with an integrated solution that increases efficiency and avoids errors due to settings in different tools, as made possible by the etracker tag and consent manager.