German DPAs Publish Guidelines on the Use of Personal Data for Advertising
Time 2 Minute Read
Categories: European Union, International, Marketing, Online Privacy

On November 23, 2012, a German data protection working group on advertising and address trading published guidelines (in German) on the collection, processing and use of personal data for advertising purposes (the “Guidelines”). The working group was established by the committee of German data protection authorities (“DPAs”) and is chaired by the Bavarian DPA.

The Guidelines focus on certain sub-sections of Section 28 of the German Federal Data Protection Act and provide details on how those provisions apply in practice. Among other issues, Section 28 addresses how data subjects consent to advertising, as well as how personal data may be processed in the absence of consent. Some of the topics addressed in the Guidelines include:

  • restrictions for address lists and whether data sets can be combined;
  • data usage periods;
  • specific rules for business-to-business advertising;
  • the duty to identify the data controller that first collected the personal data;
  • the prohibition on advertising by using address data gathered via third parties;
  • consent mechanisms (oral, written, electronic), double opt-in process and joint consents; and
  • the timeframe for implementing a data subject’s objections, and the controller’s duty to provide sufficient notice about the right to object.

The Guidelines also provide important information on how the German DPAs view certain advertising practices, and should be of particular interest not only to users of advertising by mail but also those who commission and deploy online advertising in Germany.

Tags: Advertisement, Data Controller, Data Protection Act, Data Protection Authority, Germany
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 2 Minute Read
Data Protection Authorities Globally Highlight Privacy Issues in AI Image Generation

On February 23, 2026, a Joint Statement on AI-Generated Imagery was published by 61 data protection authorities. The Joint Statement addresses concerns regarding AI systems capable of generating realistic images and videos depicting identifiable individuals without their knowledge or consent.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Virginia AG to Enforce VCDPA Provisions Restricting Minors’ Use of Social Media

On February 18, 2026, Virginia Attorney General Jay Jones announced that his office intends to fully enforce new provisions of the Virginia Consumer Data Protection Act restricting minors’ use of social media.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 6 Minute Read
NetChoice Files Suit Challenging South Carolina Age-Appropriate Code Design

On February 9, 2026, trade association NetChoice filed a lawsuit challenging South Carolina’s newly passed Age-Appropriate Code Design (“SC AACD”) on First and Fourteenth Amendment grounds. The SC AACD was signed into law on February 5, 2026, making South Carolina the fifth U.S. state to enact such a law, following California, Maryland, Nebraska and Vermont.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Kentucky Attorney General Announces First Enforcement Action Under New Privacy Law

On January 8, 2026, the Kentucky Attorney General announced the first enforcement action against a company for alleged violations of the Kentucky Consumer Data Protection Act, just eight days after the law went into effect. The enforcement action is part of a larger legislative and regulatory focus on AI-powered chatbots used by minors.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page