{"id":13639,"date":"2024-02-12T15:17:02","date_gmt":"2024-02-12T14:17:02","guid":{"rendered":"https:\/\/www.cookiebot.com\/en\/?p=13639"},"modified":"2026-03-12T09:16:09","modified_gmt":"2026-03-12T08:16:09","slug":"danish-cookie-consent-guidelines","status":"publish","type":"post","link":"https:\/\/www.cookiebot.com\/en\/danish-cookie-consent-guidelines\/","title":{"rendered":"Understanding Danish DPA cookie consent guidelines"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"h-what-are-the-danish-cookie-laws\">What are the Danish cookie laws?<\/h2>\n\n\n\n<p>According to Danish cookie laws, websites and apps must obtain explicit consent from users if they use cookies to collect, store, or process their personal data.<\/p>\n\n\n\n<p>These regulations are shaped by the EU\u2019s <a href=\"\/en\/gdpr\/\">General Data Protection Regulation (GDPR)<\/a> and the ePrivacy Directive (known as the \u201c<a href=\"\/en\/cookie-law\/\">EU cookie law<\/a>\u201d).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-general-data-protection-regulation-gdpr\"><strong>General Data Protection Regulation (GDPR)<\/strong><\/h3>\n\n\n\n<p>The GDPR is a cornerstone in data protection within the European Union (EU). Although it doesn\u2019t specifically regulate the use of cookies, it's important in Danish cookie law for three reasons:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>It regulates the handling of personal data, which can include data obtained through cookies<\/li>\n\n\n\n<li>It includes the legal bases for processing user data, which includes consent<\/li>\n\n\n\n<li>It lays down a clear definition of \u201cconsent\u201d<\/li>\n<\/ul>\n\n\n\n<p>The <a href=\"https:\/\/www.datatilsynet.dk\/media\/7753\/danish-data-protection-act.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Danish Data Protection Act<\/a> (Act No. 502 of 23 May 2018) supplements the GDPR in Denmark.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-eprivacy-directive\"><strong>ePrivacy Directive<\/strong><\/h3>\n\n\n\n<p>The ePrivacy Directive regulates how websites and apps can use cookies to collect and process data from EU users. The EU cookie law is implemented in Danish cookie law in the <a href=\"https:\/\/www.retsinformation.dk\/eli\/lta\/2011\/1148\" target=\"_blank\" rel=\"noreferrer noopener\">Cookiebekendtg\u00f8relsen<\/a> (BEK No. 1148 of 09\/12\/2011) or \u201cCookie Order\u201d.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-who-do-the-danish-cookie-laws-apply-to\">Who do the Danish cookie laws apply to?<\/h2>\n\n\n\n<p>Danish cookie laws apply to any company, organization or individual, regardless of their location, that collects and processes data from visitors of websites and apps located in Denmark if they:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>offer goods and services to Danish users, even if no payment is required from the user<\/li>\n\n\n\n<li>monitor online behavior of Danish users located in Denmark<\/li>\n<\/ul>\n\n\n\n<p>They also apply to the processing of personal data done by companies, organizations or persons established in Denmark.<\/p>\n\n\n\n<p>The <a href=\"https:\/\/www.datatilsynet.dk\/english\/fundamental-concepts-\/data-controller-and-processor-\" target=\"_blank\" rel=\"noreferrer noopener\">data controller<\/a>, or the entity that determines why and how personal data will be processed, must ensure that personal data processing complies with the GDPR's provisions.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-legal-bases-for-processing-data\"><strong>Legal bases for processing data<\/strong><\/h2>\n\n\n\n<p>You must always have a legal basis under Danish law to process users\u2019 data. According to the ePrivacy Directive, the legal basis for processing data through<a href=\"\/en\/tracking-cookies\/\"> tracking cookies<\/a> is prior informed consent, unless they are purely functional cookies.<\/p>\n\n\n\n<p>In its <a href=\"https:\/\/www.datatilsynet.dk\/Media\/E\/7\/Quickguide.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">quick guide on the use of cookies<\/a> issued in February 2021, Danish DPA acknowledges that there could be other legal grounds to process personal data under the GDPR (Article 6.1). It emphasizes the importance of conducting a specific assessment to determine the appropriate legal basis and recommends that obtaining consent is the most practical approach.<\/p>\n\n\n\n<p>When it comes to minors, the Danish Data Protection Act (as amended in January 2024) stipulates different consent requirements. Processing the data of children under 15 years old is lawful only if consent is authorized by a parent or guardian.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-danish-cookie-law-and-consent\"><strong>Danish cookie law and consent<\/strong><\/h2>\n\n\n\n<p>Consent is a central concept in Danish cookie law, and the Danish DPA in February 2020 specifically incorporated the GDPR definition of consent in its<a href=\"https:\/\/www.datatilsynet.dk\/Media\/F\/8\/Behandling%20af%20personoplysninger%20om%20hjemmesidebes%C3%B8gende.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"> guidelines<\/a> on the processing of personal data of website visitors. The GDPR requires that consent must be a freely given, specific, informed and unambiguous indication that the person giving consent agrees to the processing of their personal data.<\/p>\n\n\n\n<p>These guidelines further stipulate that you must obtain consent before you set cookies and process user data, except for cookies that are necessary for a website to function.<\/p>\n\n\n\n<p><a href=\"\/en\/gdpr-cookies\/\">GDPR cookie consent<\/a> must meet a number of strict requirements before it is valid. The DPA\u2019s guidelines on processing of personal data, quick guide and<a href=\"https:\/\/www.datatilsynet.dk\/Media\/0\/C\/Samtykke%20(3).pdf\" target=\"_blank\" rel=\"noreferrer noopener\"> guidelines on consent<\/a> (issued in May 2021) together outline specific criteria that must be met to obtain valid consent as per the GDPR\u2019s definition.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-freely-given\">Freely given<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Accepting or rejecting cookies should both be equally easy on the first layer<\/li>\n\n\n\n<li><a href=\"\/en\/cookie-banner\/\">Cookie banner<\/a> design and language should not influence a user to accept cookies<\/li>\n\n\n\n<li>If a user has given consent, they must be able to withdraw it as easily as they gave it<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-specific\">Specific<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You must obtain separate consent from users for each category of purposes, each with its own checkbox<\/li>\n\n\n\n<li>Granular consent doesn\u2019t have to be provided for every single cookie, but it should be offered for different categories of cookies, e.g. a user should be able to allow cookies for statistical purposes while rejecting advertising cookies<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-informed\">Informed<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Users should have access to clear, understandable information about the purpose of cookies<\/li>\n\n\n\n<li>You must provide transparent access to which parties have set cookies and what information is being transmitted through them, which can be done through a<a href=\"\/en\/cookie-policy\/\"> cookie policy<\/a><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-unambiguous-indication\">Unambiguous indication<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Consent for cookies needs to be an active action by the user, such as ticking a box or clicking a button to ensure that the user's choice is explicit and deliberate<\/li>\n\n\n\n<li>Pre-checked consent boxes, which a user must uncheck to reject consent, is not valid consent<\/li>\n\n\n\n<li>Users scrolling or swiping through a website or app is not valid consent as it may be difficult to distinguish from other user activity and is not an unambiguous indication that the user is accepting cookies<\/li>\n<\/ul>\n\n\n\n<p>These detailed consent requirements are designed to safeguard user autonomy and privacy, ensuring that consent is an informed choice.<\/p>\n\n\n\n<p>In its guidelines on consent, the Danish DPA also has stipulated that you must be able to demonstrate that the data subject has consented to the processing of their data.<\/p>\n\n\n<div class=\"cta-block cta-block--size-s cta-block--only-buttons cb-ctx--blue\">\n        <div class=\"cta-block__glass\">\n        <div class=\"cta-block__inner\">\n            <div class=\"cta-block__left-column\">\n                                                                    <div class=\"cta-block__description like-text-md\">\n                        <h4>Collect GDPR-compliant cookie consent<br \/>\n<\/h4>\n<p>Start your 14-day free trial of Cookiebot CMP today<\/p>\n                    <\/div>\n                                                                                                                                                        <\/div>\n                            <div class=\"cta-block__right-column\">\n                                                                <div class=\"cta-block__buttons\">\n                                                    <div class=\"cta-block__buttons__button-wp\">\n                                <a id=\"313b06cb-26f6-4b2e-95ef-239179ec7846\" class=\"cb-button cb-button-size-l cb-button-contained  no-default-link-decoration cb-button-icon-right cta-block__buttons__button\" href=\"https:\/\/admin.cookiebot.com\/signup\" target=\"_blank\">\n<span>Sign up<\/span><\/a>\n                                                            <\/div>\n                                                                        <\/div>\n                                                        <\/div>\n                    <\/div>\n    <\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Cookie wall guidelines from the Danish DPA<\/strong><\/h2>\n\n\n\n<p>A<a href=\"https:\/\/www.cookiebot.com\/en\/cookie-walls\/\"> cookie wall<\/a> is a method by which a company requires visitors to give consent for their data to be processed before accessing a website. In February 2023, the Danish DPA established criteria for implementing cookie walls that comply with data protection rules.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If you use a cookie wall, you <strong>must provide<\/strong> <strong>a reasonable alternative<\/strong> for users who do not consent to data processing. The content or service provided must be similar, regardless of the user's choice.<\/li>\n\n\n\n<li>If the alternative to consent is payment, the <strong>cost must be reasonable<\/strong>, offering a genuine choice between payment and consent.<\/li>\n\n\n\n<li>All the purposes for which you're seeking consent should be <strong>limited to what is necessary<\/strong> for the service offered. Separate consent might be needed for purposes not integral to the paid alternative.<\/li>\n\n\n\n<li>When visitors have paid, you can <strong>process personal data necessary for providing the service<\/strong>. However, processing data for purposes beyond what is required for the service is not allowed unless you obtain additional consent.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-important-rulings-regarding-cookies-and-personal-data-in-denmark\">Important rulings regarding cookies and personal data in Denmark<\/h2>\n\n\n\n<p>The Danish DPA has, in recent years, made a number of decisions on the use of cookies to collect personal data from Danish users. In considering violations of Danish cookie guidelines, the DPA looked at the following issues:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A government institution was deploying cookies and processing personal data for advertising purposes before obtaining user consent. The DPA held that the institute and Google (as the ads were from Google\u2019s ad platform) were joint controllers, but the institute was responsible for gathering consent.<\/li>\n\n\n\n<li>A loan broker\u2019s website had placed a number of cookies on the complainant\u2019s browser before the complainant had given consent. \u00a0The DPA also found that the cookie consent solution didn\u2019t give any information about withdrawing consent, and it did not meet the requirements for valid consent.<\/li>\n\n\n\n<li>An online marketplace\u2019s use of cookie walls was mostly lawful, as it provided a paid access alternative to consent. However, the DPA noted that it had not shown that the processing of personal data for statistical purposes was required in the alternative to payment.<\/li>\n\n\n\n<li>In a similar case, a media group website\u2019s consent procedure was found to be inadequate as the paid service alternative was not equivalent to the consent-based access and didn\u2019t provide visitors with a free choice. The media group had also not shown that processing of personal data for statistical purposes was required in the alternative to payment.<\/li>\n\n\n\n<li>A gardening equipment company was using cookies to collect and pass on data to Google and Meta without a legal basis. As per Danish procedure, the DPA reported the company to the police and recommended a minimum fine of no less than DKK 200,000.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-requirements-to-comply-with-danish-cookie-guidelines\">Requirements to comply with Danish cookie guidelines<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-inform-users-about-cookies\">Inform users about cookies<\/h3>\n\n\n\n<p>Danish cookie guidelines require you to share clear information with users about the types of cookies used and their purposes. The minimum requirements, as per the DPA\u2019s consent guidelines, are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>the identity of the data controller<\/li>\n\n\n\n<li>the purpose of the intended processing<\/li>\n\n\n\n<li>what data is being processed<\/li>\n\n\n\n<li>the right to withdraw consent at any time<\/li>\n<\/ul>\n\n\n\n<p>This information should be easily accessible and understandable, allowing users to make informed decisions. It can be shared in the cookie consent banner, with more detailed information shared in the cookie policy, to provide transparency about your data collection practices.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-obtain-valid-consent\">Obtain valid consent<\/h3>\n\n\n\n<p>For consent to be valid under Danish cookie laws, it must comply with the GDPR\u2019s requirements of opt-in consent. This means you must obtain<a href=\"https:\/\/www.cookiebot.com\/en\/cookie-consent\/\"> cookie consent<\/a> through active and explicit user actions, such as clicking a button or checking a box.<\/p>\n\n\n\n<p>Additionally, you must obtain specific consent for different categories of cookies, such as statistics cookies or marketing cookies, enabling users to make more tailored choices. Importantly, the process should avoid nudging users towards giving consent through either design or language presented; the consent mechanism must have a neutral presentation of choices where accepting or rejecting cookies is equally straightforward.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-design-compliant-cookie-banners\">Design compliant cookie banners<\/h3>\n\n\n\n<p>Cookie consent banners should implement the requirements of the Danish cookie guidelines to enable compliance with the GDPR, ePrivacy Directive and local cookie laws,<\/p>\n\n\n\n<p>Your cookie banner must offer users clear options to accept, reject, or customize their cookie preferences, without using pre-checked boxes or manipulative design patterns. It should provide information as per the consent guidelines\u2019 minimum requirements, in language that\u2019s easy to understand.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-use-compliant-cookie-walls\">Use compliant cookie walls<\/h3>\n\n\n\n<p>The Danish DPA permits the use of cookie walls if they comply with the conditions laid out in its cookie wall guidelines. If your website must use cookie walls, ensure that it complies with these conditions and that all users, regardless of whether they choose to accept cookies or not, receive similar content or service.<\/p>\n\n\n\n<p>If you choose a fee as the alternative to consent, ensure that it is a reasonable amount to give users a real choice. Don\u2019t process any data from paid users that you don\u2019t need to provide the service without their explicit consent for these cookies.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-have-a-cookie-policy-or-privacy-notice\">Have a cookie policy or privacy notice<\/h3>\n\n\n\n<p>Your website should contain an easily accessible cookie policy, either as a separate document or as part of a privacy policy, that provides detailed information about your cookie usage. Include information about any third-party cookies, including who is setting the cookies, for what purposes, and what personal data they collect.<\/p>\n\n\n\n<p>Your cookie policy must also inform users about how they can change or withdraw their consent preferences.<\/p>\n\n\n\n<p>The DPA\u2019s quick guide requires you to inform users in the cookie policy if you\u2019re using a legal basis other than consent for processing personal data.<\/p>\n\n\n<div class=\"cta-block cta-block--size-s cta-block--only-buttons cb-ctx--blue\">\n        <div class=\"cta-block__glass\">\n        <div class=\"cta-block__inner\">\n            <div class=\"cta-block__left-column\">\n                                                    <h2 class=\"cta-block__title no-default-margin like-h4\">\n                        Is your website compliant with Danish cookie laws?                    <\/h2>\n                                                    <div class=\"cta-block__description like-text-md\">\n                        <p>Scan your website for free with Cookiebot CMP today<\/p>\n                    <\/div>\n                                                                                                                                                        <\/div>\n                            <div class=\"cta-block__right-column\">\n                                                                <div class=\"cta-block__buttons\">\n                                                    <div class=\"cta-block__buttons__button-wp\">\n                                <a id=\"f5eec9cd-3031-4989-a863-b6d24cab7526\" class=\"cb-button cb-button-size-l cb-button-contained  no-default-link-decoration cb-button-icon-right cta-block__buttons__button\" href=\"https:\/\/admin.cookiebot.com\/signup\" target=\"_blank\">\n<span>Sign up<\/span><\/a>\n                                                            <\/div>\n                                                                        <\/div>\n                                                        <\/div>\n                    <\/div>\n    <\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-cookiebot-cmp-can-help-your-business-comply-with-danish-cookie-guidelines\">How Cookiebot CMP can help your business comply with Danish cookie guidelines<\/h2>\n\n\n\n<p>If your website processes data from Danish visitors, you must comply with EU regulations and Danish cookie guidelines or face penalties under the GDPR. Implementing a <a href=\"\/en\/cookie-consent-solution\/\">consent management platform (CMP)<\/a> like Cookiebot CMP can help you achieve compliance and build user trust.<\/p>\n\n\n\n<p>Cookiebot CMP can enable you to obtain explicit consent that complies with Danish cookie guidelines and data privacy laws. With Cookiebot CMP, you can:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>present users with an opt-in cookie banner that requires active action for setting cookies<\/li>\n\n\n\n<li>provide users with the option to withdraw consent as easily as they provided it<\/li>\n\n\n\n<li>enable users to give specific consent for different categories of cookies, fulfilling the legal requirements for granular consent<\/li>\n\n\n\n<li>use our <a href=\"\/en\/cookie-checker\/\" target=\"_blank\" rel=\"noreferrer noopener\">cookie checker<\/a> to scan your website for cookies and provide detailed information in your cookie policy<\/li>\n\n\n\n<li>document consent as required by the DPA\u2019s guidelines on consent<\/li>\n<\/ul>\n\n\n\n<p>Cookiebot CMP also supports <a href=\"\/en\/google-tag-manager\/\">Google Tag Manager<\/a>. With this integration, Cookiebot CMP automatically controls all cookies on your website so that they don\u2019t collect any user data before users give consent.<\/p>\n\n\n\n\n","protected":false},"excerpt":{"rendered":"<p>What are the Danish cookie laws? According to Danish cookie laws, websites and apps must obtain explicit consent from users if they use cookies to collect, store, or process their personal data. These regulations are shaped by the EU\u2019s General Data Protection Regulation (GDPR) and the ePrivacy Directive (known as the \u201cEU cookie law\u201d). General [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":13643,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"editor_notices":[],"footnotes":""},"categories":[1],"tags":[],"class_list":["post-13639","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"acf":[],"thumbnail_status":false,"thumbnail_url":"https:\/\/www.cookiebot.com\/en\/wp-content\/uploads\/sites\/7\/2024\/02\/danish_cookie_laws.png","_links":{"self":[{"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/posts\/13639","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/comments?post=13639"}],"version-history":[{"count":0,"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/posts\/13639\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/media\/13643"}],"wp:attachment":[{"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/media?parent=13639"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/categories?post=13639"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/tags?post=13639"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}