Privacy laws meant that kids' Christmas wishes could not be hung on trees.
CNN  — 

A German town managed to revive a children’s Christmas tradition after European data protection laws very nearly scrapped it.

In previous years up to 4,000 wishes to Father Christmas were placed on a tree at a Christmas market in the southern town of Roth, according to German newspaper Die Welt.

The city council would then attempt to fulfill those wishes, which included the names and addresses of the children who wrote them.

Previous requests granted included trips to the fire station, books and visits to the mayor. The festive event was seen as a major highlight for local kids.

protection woes

But the popular activity had to stop in 2016 because of Germany’s data privacy legislation, Die Welt reports.

Roth found a workaround – putting the wishes in a locked box – but that was made redundant in May when the European Union’s General Data Protection Regulation (GDPR) came into force.

That legislation states that parents of minors have to provide consent to the use of their kids’ data. Organizations that fail to comply face big financial penalties.

Providing proof of this was deemed too onerous by the council and the city decided against festive wish lists for 2018.

“The yearly trips to the fire brigade unit and the mayor were especially popular with children” Melanie Hanker, who works on events and public relations in the town’s administration, told Die Welt last week. “Without the wishing lists, both these events will not take place this year,” she added. Hanker refused CNN’s request for an interview.

Consent needed

Local radio station Antenne Bayern found a solution.

It created a wish list, which included a parental consent disclaimer, which can be printed from their website and put in the wishing box at the Christmas market, which opens on Thursday.

“This way, the wishes can be submitted and collected from Father Christmas also this year,” the city said in a statement on Tuesday.

In an era of huge cyberattacks and data leaks, the EU says GDPR is a necessary force to protect consumers.

The new rules unifies a patchwork of different laws into one piece of legislation, placing much tougher rules for companies that hold or use data on people inside the EU while giving customers more control over their data.

Facebook, Google, Twitter and many other companies have changed their privacy settings to comply.