phone screen: opportunity knocks

The TTDSG and me: What smart home companies need to know

Reading time: 3 minutes

Read now

In its tireless efforts to protect data, Germany has reached another important milestone with the Telecommunications Telemedia Data Protection Act (TTDSG). The young law was passed in Germany in June 2021 and has been in effect since December 1, 2021, without a transition period. New tasks now await smart home companies, and they need to be addressed quickly. This article explains why this is the case and how APOCRAT can support you.

Germany has achieved two significant objectives with the TTDSG: It firstly enacts the European ePrivacy Directive in Germany at the national level and secondly aligns the previous data protection regulations of the Telecommunications Act and the Telemedia Act with the provisions of the GDPR. This affects all companies and individuals that have their place of business in Germany or provide their services in this market. Thus, the marketplace principle also applies here. The scope of the TTDSG ranges from telecommunications secrecy and the special protection of personal data to the provision of end-user data to directory assistance services and the protection of privacy in terminal equipment. The regulations relating to terminal equipment are particularly important for companies that offer products and solutions in the smart home sector. More on this in the next paragraph.

Article 25 - What has changed for smart home companies?

In detail: Article 25 is titled "Protection of privacy of terminal equipment" and regulates the storage of and access to information on terminal equipment. The term "terminal equipment" includes all devices that communicate via telecommunications services such as WLAN and LAN, among others. This means that smartphones as well as smart vacuum cleaner robots or the smart light bulb in the bathroom are all subject to this law. Specifically, the storage of information in the end user's terminal equipment or access to information already stored in the terminal equipment is only permitted if the end user has given his/her consent on the basis of clear and comprehensive information.

This regulation applies regardless of whether this is personal or non-personal data.

There are two exceptions to the provisions of this article:

  1. when the sole purpose of the storage or access is to carry out the transmission of a message over a public telecommunications network, or

  2. the storage or access is strictly necessary to enable the provider of a telemedia service to provide a telemedia service explicitly requested by the user.

In a nutshell: This means that the storage of or access to personal and non-personal data in the end user's terminal equipment is only permitted if these processes are technically necessary or the user has given his/her consent. If companies disregard this, penalties will be imposed.


Any company or person who intentionally or negligently stores or accesses information in violation of Article 25 (1) shall be guilty of an administrative offense. This administrative offense is subject to a fine of up to €300,000. In addition, an injunction is possible.

APOCRAT is at your side 

You now know that data for marketing, optimization and statistics may only be collected after obtaining consent from your end users. The consent is probably the only effective way to still be able to use your biggest asset - data - in the future. APOCRAT helps you to obtain the mandatory consent, enforce it on your devices and document all processes for data protection authorities. In doing so, we standardize and automate the complicated process of consent management on smart home devices for you and give you the opportunity to collect data in a legally compliant way that creates trust and satisfies your customers. We would be happy to provide you with consultation in this regard. Learn more about APOCRAT and our solution here.

Partner & Sales Manager: Alexander Jürgens
Mobile: +43 676 4025255