# [Understanding Danish DPA cookie consent guidelines](https://www.cookiebot.com/en/danish-cookie-consent-guidelines/)
**If you offer goods and services to Danish users or track their website activity using cookies, you need their explicit consent to do so. But what does explicit consent mean, and how can you obtain it? We look at Danish cookie guidelines and how you can collect compliant consent.**
· [Sign up](https://admin.cookiebot.com/signup) · [Scan your website for free with Cookiebot CMP today](https://admin.cookiebot.com/signup)

According to Danish cookie laws, websites and apps must obtain explicit consent from users if they use cookies to collect, store, or process their personal data.

These regulations are shaped by the EU’s [General Data Protection Regulation (GDPR)](https://www.cookiebot.com/en/gdpr/) and the ePrivacy Directive (known as the “[EU cookie law](https://www.cookiebot.com/en/cookie-law/)”).

## What are the Danish cookie laws?

The GDPR is a cornerstone in data protection within the European Union (EU). Although it doesn’t specifically regulate the use of cookies, it's important in Danish cookie law for three reasons:

- It regulates the handling of personal data, which can include data obtained through cookies
- It includes the legal bases for processing user data, which includes consent
- It lays down a clear definition of “consent”

The [Danish Data Protection Act](https://www.datatilsynet.dk/media/7753/danish-data-protection-act.pdf) (Act No. 502 of 23 May 2018) supplements the GDPR in Denmark.

## Who do the Danish cookie laws apply to?

Danish cookie laws apply to any company, organization or individual, regardless of their location, that collects and processes data from visitors of websites and apps located in Denmark if they:

- offer goods and services to Danish users, even if no payment is required from the user
- monitor online behavior of Danish users located in Denmark

They also apply to the processing of personal data done by companies, organizations or persons established in Denmark.

The [data controller](https://www.datatilsynet.dk/english/fundamental-concepts-/data-controller-and-processor-), or the entity that determines why and how personal data will be processed, must ensure that personal data processing complies with the GDPR's provisions.

---
## Legal bases for processing data

You must always have a legal basis under Danish law to process users’ data. According to the ePrivacy Directive, the legal basis for processing data through [tracking cookies](https://www.cookiebot.com/en/tracking-cookies/) is prior informed consent, unless they are purely functional cookies.

In its [quick guide on the use of cookies](https://www.datatilsynet.dk/Media/E/7/Quickguide.pdf) issued in February 2021, Danish DPA acknowledges that there could be other legal grounds to process personal data under the GDPR (Article 6.1). It emphasizes the importance of conducting a specific assessment to determine the appropriate legal basis and recommends that obtaining consent is the most practical approach.

When it comes to minors, the Danish Data Protection Act (as amended in January 2024) stipulates different consent requirements. Processing the data of children under 15 years old is lawful only if consent is authorized by a parent or guardian.

## Danish cookie law and consent

Consent is a central concept in Danish cookie law, and the Danish DPA in February 2020 specifically incorporated the GDPR definition of consent in its [guidelines](https://www.datatilsynet.dk/Media/F/8/Behandling%20af%20personoplysninger%20om%20hjemmesidebes%C3%B8gende.pdf) on the processing of personal data of website visitors. The GDPR requires that consent must be a freely given, specific, informed and unambiguous indication that the person giving consent agrees to the processing of their personal data.

These guidelines further stipulate that you must obtain consent before you set cookies and process user data, except for cookies that are necessary for a website to function.

### General Data Protection Regulation (GDPR)

The GDPR requires that consent must be a freely given, specific, informed and unambiguous indication that the person giving consent agrees to the processing of their personal data.

### ePrivacy Directive

The ePrivacy Directive regulates how websites and apps can use cookies to collect and process data from EU users. The EU cookie law is implemented in Danish cookie law in the [Cookiebekendtgørelsen](https://www.retsinformation.dk/eli/lta/2011/1148) (BEK No. 1148 of 09/12/2011) or “Cookie Order”.

### Freely given

- Accepting or rejecting cookies should both be equally easy on the first layer
- [Cookie banner](https://www.cookiebot.com/en/cookie-banner/) design and language should not influence a user to accept cookies
- If a user has given consent, they must be able to withdraw it as easily as they gave it

### Specific

- You must obtain separate consent from users for each category of purposes, each with its own checkbox
- Granular consent doesn’t have to be provided for every single cookie, but it should be offered for different categories of cookies, e.g. a user should be able to allow cookies for statistical purposes while rejecting advertising cookies

### Informed

- Users should have access to clear, understandable information about the purpose of cookies
- You must provide transparent access to which parties have set cookies and what information is being transmitted through them, which can be done through a [cookie policy](https://www.cookiebot.com/en/cookie-policy/)

### Unambiguous indication

- Consent for cookies needs to be an active action by the user, such as ticking a box or clicking a button to ensure that the user's choice is explicit and deliberate
- Pre-checked consent boxes, which a user must uncheck to reject consent, is not valid consent
- Users scrolling or swiping through a website or app is not valid consent as it may be difficult to distinguish from other user activity and is not an unambiguous indication that the user is accepting cookies

---
## Cookie wall guidelines from the Danish DPA

A [cookie wall](https://www.cookiebot.com/en/cookie-walls/) is a method by which a company requires visitors to give consent for their data to be processed before accessing a website. In February 2023, the Danish DPA established criteria for implementing cookie walls that comply with data protection rules.

- If you use a cookie wall, you **must provide** **a reasonable alternative** for users who do not consent to data processing. The content or service provided must be similar, regardless of the user's choice.
- If the alternative to consent is payment, the **cost must be reasonable**, offering a genuine choice between payment and consent.
- All the purposes for which you're seeking consent should be **limited to what is necessary** for the service offered. Separate consent might be needed for purposes not integral to the paid alternative.
- When visitors have paid, you can **process personal data necessary for providing the service**. However, processing data for purposes beyond what is required for the service is not allowed unless you obtain additional consent.

## Important rulings regarding cookies and personal data in Denmark

The Danish DPA has, in recent years, made a number of decisions on the use of cookies to collect personal data from Danish users. In considering violations of Danish cookie guidelines, the DPA looked at the following issues:

- A government institution was deploying cookies and processing personal data for advertising purposes before obtaining user consent. The DPA held that the institute and Google (as the ads were from Google’s ad platform) were joint controllers, but the institute was responsible for gathering consent.
- A loan broker’s website had placed a number of cookies on the complainant’s browser before the complainant had given consent. The DPA also found that the cookie consent solution didn’t give any information about withdrawing consent, and it did not meet the requirements for valid consent.
- An online marketplace’s use of cookie walls was mostly lawful, as it provided a paid access alternative to consent. However, the DPA noted that it had not shown that the processing of personal data for statistical purposes was required in the alternative to payment.
- In a similar case, a media group website’s consent procedure was found to be inadequate as the paid service alternative was not equivalent to the consent-based access and didn’t provide visitors with a free choice. The media group had also not shown that processing of personal data for statistical purposes was required in the alternative to payment.
- A gardening equipment company was using cookies to collect and pass on data to Google and Meta without a legal basis. As per Danish procedure, the DPA reported the company to the police and recommended a minimum fine of no less than DKK 200,000.

## Requirements to comply with Danish cookie guidelines

Danish cookie guidelines require you to share clear information with users about the types of cookies used and their purposes. The minimum requirements, as per the DPA’s consent guidelines, are:

- the identity of the data controller
- the purpose of the intended processing
- what data is being processed
- the right to withdraw consent at any time

This information should be easily accessible and understandable, allowing users to make informed decisions. It can be shared in the cookie consent banner, with more detailed information shared in the cookie policy, to provide transparency about your data collection practices.

For consent to be valid under Danish cookie laws, it must comply with the GDPR’s requirements of opt-in consent. This means you must obtain [cookie consent](https://www.cookiebot.com/en/cookie-consent/) through active and explicit user actions, such as clicking a button or checking a box.

Additionally, you must obtain specific consent for different categories of cookies, such as statistics cookies or marketing cookies, enabling users to make more tailored choices. Importantly, the process should avoid nudging users towards giving consent through either design or language presented; the consent mechanism must have a neutral presentation of choices where accepting or rejecting cookies is equally straightforward.

## Is your website compliant with Danish cookie laws?

Implementing a [consent management platform (CMP)](https://www.cookiebot.com/en/cookie-consent-solution/) like Cookiebot CMP can help you achieve compliance and build user trust.

Cookiebot CMP can enable you to obtain explicit consent that complies with Danish cookie guidelines and data privacy laws. With Cookiebot CMP, you can:

- present users with an opt-in cookie banner that requires active action for setting cookies
- provide users with the option to withdraw consent as easily as they provided it
- enable users to give specific consent for different categories of cookies, fulfilling the legal requirements for granular consent
- use our [cookie checker](https://www.cookiebot.com/en/cookie-checker/) to scan your website for cookies and provide detailed information in your cookie policy
- document consent as required by the DPA’s guidelines on consent

Cookiebot CMP also supports [Google Tag Manager](https://www.cookiebot.com/en/google-tag-manager/). With this integration, Cookiebot CMP automatically controls all cookies on your website so that they don’t collect any user data before users give consent.

---
## How Cookiebot CMP can help your business comply with Danish cookie guidelines

With Cookiebot CMP, you can obtain explicit consent that complies with Danish cookie guidelines and data privacy laws.

## Frequently asked questions

What are Danish GDPR laws? 

The General Data Protection Regulation (GDPR) is a European Union regulation and applies in Denmark. It is applicable to all entities that process data from users in the territory of Denmark, regardless of where the entity is located. The GDPR is supplemented in Denmark by the Danish Data Protection Act. The GDPR and Data Protection Act together regulate the processing of personal data of users who are located in Denmark.

## Stay informed

Join our growing community of data privacy enthusiasts now. Subscribe to the Cookiebot™ newsletter and get all the latest updates right in your inbox.

## Download the CMP integration for your preferred CMS

## Usercentrics Cookiebot WordPress Plugin

## Usercentrics for Wix

---

## Product
[Cookiebot™ Consent Solution](https://www.cookiebot.com/en/cookie-consent-solution/) · [Usercentrics for Wix](https://www.cookiebot.com/en/cookiebot-for-wix-by-usercentrics-app/) · [WordPress Plugin](https://www.cookiebot.com/en/new-wp-cookie-plugin/) · [Pricing](https://www.cookiebot.com/en/pricing/)

## Regulations
[DMA (EU)](https://www.cookiebot.com/en/digital-markets-act-dma/) · [GDPR (EU)](https://www.cookiebot.com/en/gdpr/) · [CCPA (California)](https://www.cookiebot.com/en/what-is-ccpa/) · [VCDPA (Virginia)](https://www.cookiebot.com/en/virginia-vcdpa/) · [LGPD (Brazil)](https://www.cookiebot.com/en/lgpd/) · [TCF v2.3 (IAB)](https://www.cookiebot.com/en/tcf/) · [Google Consent Mode](https://www.cookiebot.com/en/cookiebot-cmp-google-consent-mode/) · [Microsoft UET Consent Mode](https://www.cookiebot.com/en/microsoft-consent-mode-cmp/)

## Partners
[Become an affiliate](https://www.cookiebot.com/en/affiliates/) · [Become a partner](https://www.cookiebot.com/en/resellers/) · [Find a partner](https://www.cookiebot.com/en/cookiebot-reseller/)

## Resources
[Blog](https://www.cookiebot.com/en/blog/) · [Digital Markets Act Hub](https://www.cookiebot.com/en/digital-markets-act-dma-resources/) · [Google Consent Mode Hub](https://www.cookiebot.com/en/google-consent-mode-resources/) · [Google Consent Mode V2 Certification](https://courses.usercentrics.com/course/google-consent-mode-v2) · [Google Consent Audit Fixes](https://www.cookiebot.com/en/google-consent-audit-fixes/) · [Developer documentation](https://www.cookiebot.com/en/developer/) · [Cookiebot vs CookieYes](https://www.cookiebot.com/en/cookiebot-best-cookieyes-alternative/) · [Cookiebot vs OneTrust](https://www.cookiebot.com/en/onetrust-alternative/) · [Cookie Banner Cost Calculator](https://www.cookiebot.com/en/cookie-banner-pricing-calculator/)

## Company
[About us](https://www.cookiebot.com/en/about/) · [Careers](https://usercentrics.com/career/) · [Support](https://support.cookiebot.com/hc/en-us/)

---
[Privacy Policy](https://www.cookiebot.com/en/privacy-policy/) · [Terms of Service](https://www.cookiebot.com/en/terms-of-service/) · [Cookie Declaration](https://www.cookiebot.com/en/cookie-declaration/) · [Data Processing Agreement](https://www.cookiebot.com/en/data-processing-agreement/)

©2026 Cookiebot™ by [Usercentrics](https://usercentrics.com/)