How to make your website compliant with TDDDG

Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz (aka TDDDG) is a privacy law that restricts how German citizens’ data is collected and processed. This law doesn’t replace the European GDPR, but only strengthens privacy protection in Germany. It came into force on December 1, 2021, and applies to digital businesses and organizations.

In short, to comply with TDDDG, you need to receive visitors’ consent to store cookies or access their device data like screen resolution, browser plugins and the like. In this article, we’ll show you a few ways to set up Piwik PRO and follow the TDDDG guidelines. But before you decide on one, consult your legal team.

One way is to place a consent form on your website and ask visitors for consent to the collection and use of their data. You can then collect such data from people who consent. For visitors who choose not to consent, you have two options:

  • Collect data without using cookies
  • Don’t collect data (The safest option.)

To make sure that Piwik PRO doesn’t access data from a visitor’s device without their consent, you’ll need to turn on an additional setting: Don’t collect visitor’s device data.

Here’s what the entire setup could look like:

  1. Apply the GDPR guidelines. Read more
  2. Turn on Ask visitors for consent and turn off Use visitor cookies.

    Setting: Administration > Sites & apps > Privacy > Ask visitors for consent (on) + Collect anonymous data from non-consenting visitors (on) + Use visitor cookies (off)

    Settings in versions below 16.0.0: Administration > Websites & apps > Settings > Ask visitors for consent (on) + Collect data without using cookies (on)

    or

    Turn on Ask visitors for consent and turn off Collect anonymous data from non-consenting visitors.

    Setting: Administration > Sites & apps > Privacy > Ask visitors for consent (on) + Collect anonymous data from non-consenting visitors (off)

    Settings in versions below 16.0.0: Administration > Websites & apps > Settings > Ask visitors for consent (on) + Don’t collect data (on)

    Note: Some triggers in Tag Manager create cookies to work correctly. If you use one of the following conditions in triggers, we’ll set a cookie:

    • Event condition > Traffic source
    • Event condition > Returning visitor
    • Event condition > Campaign
    • Event condition > External referrer 
    • Multiplicity > Fire tag once per session
    • Multiplicity > Fire tag multiple times per session, excluding first
    • Multiplicity > Fire tag once per page view

    Make sure that tags with those triggers are set with the right consent type.

    We also set essential cookies that store visitor’s consent decision. More about cookies

  3. Turn on Don’t collect visitor’s device data. With this option turned on, you won’t read screen resolution and browser plugins from a visitor’s device without their consent.

    Setting: Administration > Sites & apps > Privacy > Compliances > Don’t collect visitor’s device data (on)

    Settings in versions below 16.0.0: Not available

    Note: Make sure you don’t use any other technology that would access the end user’s terminal equipment.

Another way is to stop using cookies and collect less detailed data about your visitors. The advantage of this method is that you won’t have to ask for cookie consent. However, you’ll still need to make sure that Piwik PRO doesn’t access data from a visitor’s device by turning on an additional setting: Don’t collect visitor’s device data.

Here’s what the entire setup could look like:

  1. Apply the GDPR guidelines. Read more
  2. Turn off Ask visitors for consent and turn off Use visitor cookies.

    Setting: Administration > Sites & apps > Privacy > Ask visitors for consent (off) + Use visitor cookies (off)

    Settings in versions below 16.0.0: Administration > Websites & apps > Settings > Ask visitors for consent (off) + Use visitor cookies (off)

    Note: Some triggers in Tag Manager create cookies to work correctly. If you use one of the following conditions in triggers, we’ll set a cookie:

    • Event condition > Traffic source
    • Event condition > Returning visitor
    • Event condition > Campaign
    • Event condition > External referrer 
    • Multiplicity > Fire tag once per session
    • Multiplicity > Fire tag multiple times per session, excluding first
    • Multiplicity > Fire tag once per page view

    If you don’t want to use these cookies, don’t set these conditions in the trigger. More about cookies

  3. Turn on Don’t collect visitor’s device data. With this option turned on, you won’t read screen resolution and browser plugins from a visitor’s device.

    Setting: Administration > Sites & apps > Privacy > Don’t collect visitor’s device data (on)

    Settings in versions below 16.0.0: Not available

    Note: Make sure you don’t use any other technology that would access the end user’s terminal equipment.

Was this article helpful?

Technical support

If you still have any questions, visit our community.
There’s always someone happy to help!

Back to help center