Danish cookie guidelines explained

What are the rules for using cookies in Denmark? And how do you collect valid consent for using them? Here's everything you need to know about the Danish cookie guidelines.
Table of Contents

The 9 requirements to comply
with the Danish cookie guidelines:

Danish cookie guidelines – what are the rules?

The Danish rules on cookies are some of the strictest in the world.

And there are actually two different laws in play if you have a website that uses cookies. 

Here are the rules you should be aware of.

  • Cookiebekendtgørelsen (the Danish cookie law)
  • The General Data Protection Regulation (GDPR)

But why two laws? Let me explain.

Cookiebekendtgørelsen (Danish Cookie Law)

Cookiebekendtgørelsen (BEK no. 1148 of 09/12/2011) is the national Danish adaptation of the European ePrivacy Directive from 2002.

  • Cookiekendtgørelsen applies when you use cookies on your website.

The Danish Cookie Law state that if you use cookies on your site that store, collect or gain access to information on your visitor’s computer/tablet/phone, you have to obtain the visitor’s consent. 

In other words:

If you use cookies,
you must collect an informed consent.

That is why you are required to use a cookie banner on your website.

*Cookiebekendtgørelsen is administered by the Danish Business Authority (Erhvervsstyrelsen).

But the game changes, when we talk about tracking cookies. 

If the cookies you use are classified as tracking cookies, i.e., they collect personal information about your visitors which is processed either by you or third parties (e.g., Google, Facebook, Amazon, Hotjar etc.), the rules for consent fall under the GDPR.

The General Data Protection Regulation (GDPR)

The GDPR is all about data processing and how you must handle personal information. 

Although the GDPR talks very little about cookies, it concerns the data most cookies collect, especially tracking cookies (and any other tracking technology, i.e., fingerprinting). 

When using cookies that collect your users’ personal information for further processing, you are required to collect valid consent in accordance with the GDPR. 

If you use tracking cookies,
the rules for consent in the GDPR apply

According to the GDPR valid consent is: 

  • Freely given: Your visitor has to be able to accept or decline consent to cookies.
  • Specific: Consent has to be granular. You may only ask for consent to one specific purpose at a time.
  • Informed: You must inform your visitors about which cookies you use; what data they collect; for what purpose; by whom; and for how long time they are stored.
  • Unambiguous: Your visitor must actively give consent by clicking a box/button in your cookie consent pop-up.

The guidelines for using (tracking) cookies and collecting valid consent under the GDPR is administered by the Danish Data Protection Authority (Datatilsynet).

How do you collect valid consent to cookies in Denmark?

In order to comply with the Danish cookie guidelines and the GDPR when using cookies on your site, make sure you follow the 7 quick steps mentioned in the top (click here to revisit the list).

Here’s how you do it: 

  • Ask your users for consent for using cookies. You can do that with a cookie pop-up.
  • Respect their choice (if they decline). You can do that with a ‘decline all’ button next to the ‘accept’ button.
  • Provide users with an easy way to withdraw or change consent. You can do that with a simple link to reopen the pop-up.
  • Make it easy for your users to find information about your cookies and your data collection. Guide them to your cookie policy with a link in your cookie consent pop-up.
  • Make consent granular (specific). You can do that with cookie controls in your cookie pop-up so users can accept or decline cookies by purpose (marketing, stats, functional).
  • Store your users’ consent for 5 years. Your Consent Management Platform will do that for you. If it’s a good one.

Collecting valid consent to cookies can be done with a professional Consent Management Platform.

It provides you with a cookie consent pop-up that could look something like this: 

Example of Cookie Information's GDPR compliant cookie consent pop-up. The pop-up informs the users of cookies, provides granular (specific) consent and a 'Decline' button next to the 'Accept' button as required by the Danish Data Protection Authority.

Following these simple rules using a proven Consent Management Platform will ensure that your website complies with both the Danish Cookiebekendtgørelse and the GDPR. 

FAQ on cookies and consent in Denmark

[Q] – We are not using cookies on our website!

[A] – Most websites use cookies. These are either technically necessary cookies used for making the website work (e.g., remember language preferences, login settings, shopping cart cookies), or cookies set through your website by some of the services you use like for example Google Analytics, Facebook, Instagram, LinkedIn, Hotjar etc.

Our website is not collecting – or processing – any personal data!

 Maybe not, but third-party services like Google Analytics, Facebook, Hotjar, Amazon are! If you use any third-party service which set cookies through your website, you are the Data Controller (according to the GDPR), so collecting valid consent using these cookies is your responsibility.

Can we use Google Analytics without consent?

No. Google Analytics is using multiple cookies that collect your visitors’ personal information which is used to provide you with insights into audience, acquisition and behaviour. That’s made possible with persistent cookies that track the user across your website. If you use Google Analytics, you should definitely collect valid GDPR consent to cookies.  

What are technically necessary cookies?

Technically necessary cookies are essential for your visitors to browse your website and use its features. That could be login features and shopping cart cookies (so the information is not lost when the visitor clicks away from a specific page). Technically necessary cookies are not Google Analytics. Unfortunately.

How do I know if my website is GDPR cookie compliant?

You have it checked. By a Consent Management Platform provider – like Cookie Information – which can easily and quickly assess whether your website uses cookies that are not collected consent for. Get a free compliance check here with Cookie Information. No strings attached.