TCF 2/TDDSG-compatibility

[alexgit2k]

Is Klaro! compatible to the Transparency and Consent Framework (TCF) version 2 (https://iabeurope.eu/tcf-2-0/)?

Is Klaro! compatible to the new version of the German Teleservices Data Protection Act (Teledienstedatenschutzgesetz / TDDSG) which will be valid on 1st of december (https://dsgvo-gesetz.de/ttdsg/)?

[jmartsch]

Right now Klaro's default styling and naming of the buttons is not in compliance with the TTDSG. The buttons need to be named "accept all" and "decline" and have to be designed equally. Right now the "accept all" button is green and highlighted.

[BooVeMan]

Our data protection officer today requested that we should not save the consent decision as a Cookie on the client machine as this would be contrary to TTDGS and we need to ask for permission every time. Does setting cookieExpiresAfterDays to 0 achieve that?

[mbsouth]

@BooVeMan @alexgit2k

Our data protection officer today requested that we should not save the consent decision as a Cookie on the client machine as this would be contrary to TTDGS and we need to ask for permission every time.

In the opinion of your DPO, where should the consent decision be stored instead ??? Especially the consent decision does not contain any personal data!

TTDGS is like a viscous pulp; plenty of room for interpretation. I'm looking forward to an Austrian version :-\ Have a look at https://dsgvo-gesetz.de/ttdsg/25-ttdsg/:

§25 Art. 1 The storage of information in the end-user's terminal equipment or access to information already stored in the terminal equipment shall only be permitted if the end-user has consented on the basis of clear and comprehensive information. The end-user shall be informed and consent shall be given in accordance with Regulation (EU) 2016/679.

"on the basis of clear and comprehensive information" and that would be your job! And you can do it with Klaro!

[jmartsch]

Our data protection officer today requested that we should not save the consent decision as a Cookie on the client machine as this would be contrary to TTDGS and we need to ask for permission every time. Does setting cookieExpiresAfterDays to 0 achieve that?

In my opionion (and I am not a lawyer) the consent decision cookie is technically required, so there is no need to ask for permission.

I think only a lawyer can give clear information here, but so do various other cookie consent banners like CCM19.

It would be interesting to hear what your data protection officer says about this, or a lawyer.

[mbsouth]

@jmartsch CCM19 is probably a little joke "MADE AND HOSTED IN GERMANY" !?

When I visit this page and click on "Schließen" button I assume that I have not agreed to anything! Nevertheless, a pixel image is loaded in the background (analytics.papoo-service.de) and a script is executed (chat.papoo-service.de) and thus at least my browser fingerprint is transmitted in the referer to a 3rd party provider the owners analytic service.

I love uMatrix and pfBlocker.

[mbsouth]

@jmartsch Ahhh, Papoo Software & Media GmbH is the owner of CCM19. And the owner legitimizes the data rip-off under "...der Betreiber ein berechtiges Interesse nach DSGVO Art6, Abs. 1 hat. ".

Interesting topic that refers to all Transparency and Consent Frameworks!

[jmartsch]

@mbsouth How about keeping the discussion about the topic of setting a cookie for storing cookie preferences instead of bashing on the website of CCM19? It was just an example of one cookie banner I know, that uses this technique.

[mbsouth]

@jmartsch You're absolutely right. I would like to apologise for that.

[DanielRuf]

Right now Klaro's default styling and naming of the buttons is not in compliance with the TTDSG. The buttons need to be named "accept all" and "decline" and have to be designed equally. Right now the "accept all" button is green and highlighted.

Can anyone provide the needed steps and codes to cover this and the other points? Any guidance is very welcome.