The 9 requirements to comply
with the Danish cookie guidelines:
Danish cookie guidelines – what are the rules?
The Danish rules on cookies are some of the strictest in the world.
Here are the rules you should be aware of.
- Cookiebekendtgørelsen (the Danish cookie law)
- The General Data Protection Regulation (GDPR)
But why two laws? Let me explain.
Cookiebekendtgørelsen (Danish Cookie Law)
Cookiebekendtgørelsen (BEK no. 1148 of 09/12/2011) is the national Danish adaptation of the European ePrivacy Directive from 2002.
In other words:
you must collect an informed consent.
That is why you are required to use a cookie banner on your website.
*Cookiebekendtgørelsen is administered by the Danish Business Authority (Erhvervsstyrelsen).
But the game changes, when we talk about tracking cookies.
If the cookies you use are classified as tracking cookies, i.e., they collect personal information about your visitors which is processed either by you or third parties (e.g., Google, Facebook, Amazon, Hotjar etc.), the rules for consent fall under the GDPR.
The General Data Protection Regulation (GDPR)
The GDPR is all about data processing and how you must handle personal information.
Although the GDPR talks very little about cookies, it concerns the data most cookies collect, especially tracking cookies (and any other tracking technology, i.e., fingerprinting).
When using cookies that collect your users’ personal information for further processing, you are required to collect valid consent in accordance with the GDPR.
If you use tracking cookies,
the rules for consent in the GDPR apply
According to the GDPR valid consent is:
- Freely given: Your visitor has to be able to accept or decline consent to cookies.
- Specific: Consent has to be granular. You may only ask for consent to one specific purpose at a time.
- Informed: You must inform your visitors about which cookies you use; what data they collect; for what purpose; by whom; and for how long time they are stored.
- Unambiguous: Your visitor must actively give consent by clicking a box/button in your cookie consent pop-up.
The guidelines for using (tracking) cookies and collecting valid consent under the GDPR is administered by the Danish Data Protection Authority (Datatilsynet).
How do you collect valid consent to cookies in Denmark?
In order to comply with the Danish cookie guidelines and the GDPR when using cookies on your site, make sure you follow the 7 quick steps mentioned in the top (click here to revisit the list).
Here’s how you do it:
- Ask your users for consent for using cookies. You can do that with a cookie pop-up.
- Respect their choice (if they decline). You can do that with a ‘decline all’ button next to the ‘accept’ button.
- Provide users with an easy way to withdraw or change consent. You can do that with a simple link to reopen the pop-up.
- Make consent granular (specific). You can do that with cookie controls in your cookie pop-up so users can accept or decline cookies by purpose (marketing, stats, functional).
- Store your users’ consent for 5 years. Your Consent Management Platform will do that for you. If it’s a good one.
Collecting valid consent to cookies can be done with a professional Consent Management Platform.
It provides you with a cookie consent pop-up that could look something like this:
Following these simple rules using a proven Consent Management Platform will ensure that your website complies with both the Danish Cookiebekendtgørelse and the GDPR.
FAQ on cookies and consent in Denmark
[Q] – We are not using cookies on our website!
Our website is not collecting – or processing – any personal data!
Maybe not, but third-party services like Google Analytics, Facebook, Hotjar, Amazon are! If you use any third-party service which set cookies through your website, you are the Data Controller (according to the GDPR), so collecting valid consent using these cookies is your responsibility.
Can we use Google Analytics without consent?
No. Google Analytics is using multiple cookies that collect your visitors’ personal information which is used to provide you with insights into audience, acquisition and behaviour. That’s made possible with persistent cookies that track the user across your website. If you use Google Analytics, you should definitely collect valid GDPR consent to cookies.
What are technically necessary cookies?
Technically necessary cookies are essential for your visitors to browse your website and use its features. That could be login features and shopping cart cookies (so the information is not lost when the visitor clicks away from a specific page). Technically necessary cookies are not Google Analytics. Unfortunately.
How do I know if my website is GDPR cookie compliant?