German Federal Supreme Court Issued Cookie Decision in Planet 49 Case

On May 28, 2020, the German Federal Supreme Court handed down its decision in the Planet 49 case regarding the consent requirements for the use of cookies. The decision follows the Court of Justice of the European Union’s preliminary ruling of September 10, 2019. The decision has not yet been published, but the court has issued a press release.

The court decided that the use of pre-ticked boxes was not a valid form of obtaining consent for cookies before May 24, 2018 and remains an invalid way of obtaining consent under the GDPR. The court’s decision applies the German provisions on cookies in the German Telemedia Act which it interprets in light of the EU Directive on Privacy and Electronic Communications (“ePrivacy Directive”).

According to the court, the use of cookies that create user profiles for advertising or market research purposes require consent. Consent is required even where users are assigned a randomly generated ID number and the data collected through the cookies is “pseudonymised”. Although this appears to contradict Section 15(3) of the Telemedia Act, which allows the creation of user profiles using a pseudonym for the purposes of advertising and market research “unless the user objects”, the court clarifies that this provision needs to be interpreted in line with the ePrivacy Directive. In the court’s logic, a user that has not given his or her valid consent has objected to the creation of user profiles. For this reason, the Telemedia Act is in line with the ePrivacy Directive and both require consent for the creation of user profiles used for advertising or market research purposes.

The court’s decision addresses a much-debated topic in Germany, namely whether the provisions on cookies of the Telemedia Act continue to apply after the entry into application of the GDPR. The German Supervisory Authorities are of the opinion that the provisions of the Telemedia Act do not implement the ePrivacy Directive and are, therefore, no longer enforceable because they conflict with the GDPR. According to the court, the fact that the Government has not amended abovementioned Section 15(3) of the Telemedia Act means that it is of the opinion that it transposes appropriately the ePrivacy Directive. According to the court, it is possible to interpret Section 15(3) of the Telemedia Act in a way that is in line with the ePrivacy Directive.