Germany, known as one of the most data privacy-obsessed countries in Europe, is trying out a different approach to cookie consent. On 1 April 2025, a new consent regulation, the Consent Management Ordinance (or EinwV), took effect, which aimed to make cookie consent more user friendly while preserving data privacy. No easy feat, given the often confusing challenges of GDPR.
The new regulation basically enables single-click cookie consent. Any web user will know the necessary but nevertheless relentless irritation of the cookie consent banner popping up time and again, despite having granted consent before. With Germany’s new approach, users will only need to give consent once, reducing the numbers of clicks users need to make in order to accept or reject cookies and ultimately get to the content they want.
The regulation, as part of Germany’s Telecommunications Digital Services Data Protection Act, tries to balance the need for user-friendly compliance in a more streamlined format, citing user “cookie consent fatigue”. The regulation will supposedly give users more control over their consent while adding convenience into the mix. The regulation stipulates that choices about cookies will remain valid until they are actively revoked, and the recognized consent management service being used can remind users of their existing settings after one year (at the earliest).
But this is a sticking point: What is a “recognized consent management service”? The regulation makes way for technical solutions that will purportedly centralize consent across websites and devices. These “solutions” are, according to the regulation, “recognized consent management services” – but what makes them recognized? While existing data privacy and protection frameworks provide guidance here, and most cookie consent solutions that businesses use today will be perfectly adequate, the new regulation may add new confusion to the equation.
Is one-click the right pick?
Not everyone agrees that the one-click, set-and-forget approach to cookie consent is truly the pathway to giving users more control of their digital choices.
One problem is the lack of a technical definition of what a “consent management service” is within this revised context. The German government will vet such services in order to make them “recognized” – but what are the criteria? The absence of standardization and potential cost of complying with this additional (but likely redundant) layer of certification specifications, many argue, makes the application of this regulation impractical at best and destined to fail at worst.
Another problem is that consumers who do not opt in to cookies may be at an unfair disadvantage in that they can be asked for consent repeatedly while those who do opt in will be the only ones to enjoy the permanence of their selection. Consumer rights groups have raised objections to this disparity. At the same time.
What does the new German regulation mean for you?
For businesses with an existing consent tech stack or consent management solution, this regulation changes very little on the face of it. However, the aforementioned certification requirement imposed by the German authorities to become “recognized” as a consent management solution is a step you’d want to verify that your chosen consent management platform has taken if you are doing business in Germany.
It remains important to use a consent management platform and respect the rights of users. But, for those users, it’s fair to say that, if the regulation were to work successfully, it could enhance user experience in the long run and reduce the frustration associated with repeatedly responding to cookie banner overload.
It’s easy to be compliant with CookieHub
Sign up today and create a custom cookie banner for your website
- 30 day free trial
- No credit card required