[nwellnhof]

> Note: I am not a lawyer.

> We’ll be focusing our efforts on the ePrivacy Directive,

The author doesn't seem to know that an EU Directive is not binding law. They're mostly irrelevant. It only matters how member states implement Directives. Some states like Germany didn't change any laws at all regarding the EPD.

EU Regulations like the GDPR are different.

[jph00]

The author clearly states they are aware of this and links to an analysis of the implemented laws:

“Note that this is a directive, not a regulation, meaning it is up to the individual EU countries to implement the directive into law. We’ll arbitrarily ignore this distinction, and I will only be considering the wording of the directive itself in this article.

If you’re interested, the guys over at Matomo have done the hard work of looking at the implemented laws. Worth a read!”

[t0mas88]

He links to an overview of national implementations: https://matomo.org/faq/general/eprivacy-directive-national-i...

[hnbad]

The ePD is intended to be replaced by the ePR but the ePD has already been implemented in several countries so it's a good abstraction of those implementations if you don't want to look at the specifics of each one individually.

> Some states like Germany didn't change any laws at all regarding the EPD.

This is false. Germany implemented the ePD[0] by replacing the TKG with the TDDDG in 2021. You may have missed this as it wasn't a big news story and German law still awkwardly refers to "telecommunications" when also talking about the Internet.

> EU Regulations like the GDPR are different.

Yes, that's why the ePR will largely replace the implementations of the ePD by acting as directly binding law for all EU member countries rather than requiring individual implementations.

[0]: https://www.bfdi.bund.de/DE/Fachthemen/Inhalte/Telemedien/eP...

> Nachdem der deutsche Gesetzgeber zuletzt mit einer Novelle des Telekommunikationsgesetzes (TKG) und dem Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz) zum 1. Dezember 2021 noch die europäischen Vorgaben aus der E-Privacy-Richtlinie in deutsches Recht umsetzte, wird die künftige E-Privacy-Verordnung unmittelbar in den Mitgliedstaaten gelten.

Emphasis added. Highlighted part approximately translates to "the ePrivacy guideline was implemented in German law".

[nwellnhof]

> Germany implemented the ePD[0] by replacing the TKG with the TDDDG in 2021.

At that point, the GDPR was already in force. The GDPR is mostly a superset of the ePD, so I don't think the TDDDG lead to substantial changes.

[hnbad]

That's again false. It is also nonsense.

The original ePD was issued in 2002 and implemented by Germany in an update to the TKG in 2004 (and in an update to the UWG if you want to be pedantic). This precedes the GDPR by 12 years.

The GDPR is not a superset of the ePD. The GDPR did however lead to the recasting of the ePD in directive 2018/1972/EU (to clarify some ambiguities/conflicts created by the GDPR), which is what in turn led to the creation of the TTDSG which implemented the recast ePD and replaced parts of the TKG and TMG. The TTDSG in turn was renamed to the TDDDG when the DDG replaced the TMG due to the EU Digital Services Act.

So my statement that the TDDDG implemented the ePD was not entirely correct as the full story is a bit more complicated: the ePD was implemented in the TKG in 2004, the TTDSG implemented the recast ePD in 2021, the TTDSG was renamed to TDDDG in 2024. Also the TKG itself still exists, however parts of it were moved into the TTDSG/TDDDG.

But saying that the ePD did not lead to any changes in German law is wrong for both the original ePD and the recast ePD. Saying that the GDPR is a superset of the ePD is also wrong because if this were true, the ePD could have simply been replaced instead of having to be recast. And saying that the TDDDG didn't lead to substantial changes is only technical correct when referring to the renaming of the TTDSG to the TDDDG (which, again, was due to the EU DSA, not the EU GDPR nor ePD) but is, again, wrong when referring to the underlying TTDSG.

Here's a fairly comprehensible German language article about some of the changes in the TTDSG:

https://cms.law/de/deu/publication/das-neue-ttdsg-ist-in-kra...

Of course "substantial changes" is subjective but that's different from what you originally claimed about Germany "not changing laws at all", which I've hopefully demonstrated isn't true by any means.

[nwellnhof]

Aren't these details are mostly irrelevant? Can you name one additional requirement introduced with TTDSG or TDDDG which wasn't covered by the GDPR already?