No more daily click marathon?
Anyone who regularly surfs the internet knows the game: you can hardly open a website without a cookie banner popping up. Agree, reject, configure - every day anew. But now this is set to end. A new regulation, which comes into force on April 1, is bringing a breath of fresh air to the world of online consent.
In future, users will no longer have to make a new cookie decision every time they visit a website. Instead, they can save their choice once centrally - via so-called recognized consent management services. This regulation is based on Section 26 of the Telecommunications Digital Services Data Protection Act (TDDDG), according to which service providers must offer "user-friendly and competition-compliant procedures" and must have "no economic self-interest in granting consent". Sounds like a digital spring clean for all our nerves. But does it really work?
How the new cookie controller works
The idea behind the new regulation is simple: instead of having to click through annoying queries on every page, you submit your decision once to a trusted service - and it automatically transmits it to all websites that support the system. The basis for this is a regulation that the Bundestag and Bundesrat passed back in 2024. It is now in force.
These new consent services should not only keep track of our decisions, but also store them securely - until we change or revoke them ourselves. So once you say "No cookies, please!", you should be able to surf in peace - without having to keep clicking.
Sounds good, but... Where are the providers?
One small catch: there are currently no officially recognized services that implement the system. The Federal Data Protection Commissioner Louisa Specht-Riemenschneider has explained what such a service must look like - including a security concept and technical protective measures. But as yet, no one has submitted an application for recognition. Without a provider, the beautiful plan remains theory for now.
Furthermore, websites are not obliged to participate. This means that anyone who wants to can continue to use their own cookie banners - regardless of whether a user has already saved their decision centrally. This could undermine the new system even before it really takes off.
Data protection? Yes! But with real rules, please
Consumer advocates and data protection experts are therefore skeptical. They fear that many website operators will simply not adhere to the decisions that are communicated. And that users - despite clearly rejecting tracking - will be asked again and again. Or worse: that their browser settings will be ignored.
The idea of reminding users of their cookie decisions only once a year also sounds good - but assumes that websites actually respect users' wishes. At the moment, it doesn't look as if the system is really taking everyone with it.
The new regulation is a step in the right direction: fewer clicks, more control, better data protection. However, without recognized providers and without a clear obligation to participate, the project is in danger of failing the practical test.
