The article is kind of misleading.
After reading the original FAZ article (I am german and a site owner) I learned that because Weichert is the head of the Independent Centre for Privacy Protection of the northern German state of Schleswig-Holstein, he only has the competence to threat site owners within "Schleswig-Holstein" (Population: 2,8mio).
With only a few exceptions, privacy and data protection is handled on the state (or Länder) level in Germany. (One exception to this is the federal government and its data protection.)
He would have to convince his fifteen colleagues to make this a Germany-wide thing. Handling this on the federal level is not even possible in Germany, the federal data protection appointee has nothing to say about such matters.
But the TMG as well as the BDSG are federal laws and after reading his paper I would agree with his view of them.
It would only take someone to go to their local data protection supervisor (Datenschutzbeauftragten) and complain about being tracked by the facebook like button on a site hosted in germany, the data protection supervisor would have to issue a fine (if he agrees with that interpretation of the law) and it would go to court, since the owner of the website would naturally dispute it.
Those data protection appointees (and the people who are working for them) are the enforcement arm of the data protection laws.
The laws are not (only) enforced by the police but by specialized offices – just like tax law (with the tax office and tax investigators) or food law (with food inspectors).
This is like the police (which is organized in a similar way) in Bavaria deciding to enforce a federal law in a certain way. Whatever the police in Bavaria decides to do doesn’t have to have any consequences for the police in other states. (Suffice it to say, the police in other states isn’t going to be very happy when they hear about the Bavarian police interpreting a law in an odd way.)
It’s the courts that have to decide in the end what is correct and incorrect enforcement.
