New regulations from the Danish Data Protection Agency can affect the way your company collects consent from cookies

27. February 2020

When you are browsing on the Internet, there is one click you have to go through before you get to the content that you are really looking for – The famous “accept button” of cookies.

But a new guide for collecting consent from cookies may change the way of how we will collect data in the future, and the look of the cookie banners.

Since December 2011, the European Parliament mandated that all countries within the EU must set up laws requiring websites to obtain informed consent before they can store or retrieve information on a visitor’s computer or web-enabled device. The Danish Business Authority made a guide in December 2011, which was updated in 2013 and has not been updated nor touched since then, until now. 

At the beginning of 2020, there has been a great discussion about the cookie law and on the basis of a major complaint to the Danish Data Protection Agency, new rules had to be made. The new rules may affect the way companies’ collects data from the visitors. You can read more about the case here.

At HTML24 we have felt it has been a bit of a grey area when it comes to cookies. It has in general been very difficult to interpret what is the right and what is the wrong way of using cookies. In addition, there has not really been any consequences of using cookies incorrectly, although there has been a lot of “the wolf is coming vibe” throughout the area. However, there are finally indications, which we will soon see of what the consequences may be, if we do not follow the rules correctly.

For example, the cookie banners from Facebook and Twitter themselves are websites that do not follow the updated rules regarding cookies.

Two important points to know about the updated cookie law

The Danish requirements for collection of valid consent for cookies are now among the toughest in Europe and will change a whole industry’s way of collecting personal data. However, the cookie law will show benefits for the users, as websites now have to focus on 2 important points in the future:

  1. Allow users to decline cookies and data collection. It must be as easy to say no as it is to give consent.
  2. You must obtain informed consent from your visitors before your cookies are stored on their computers/smartphones.

The updated cookie rules applies to all cookies, except technically necessary cookies. The reason is because technically necessary cookies do not collect your visitors’ personal information, such as shopping cart cookies and login cookies.

This means if your business uses statistics cookies and / or marketing cookies on your website, such as Google Analytics and Facebook Pixel, you will need to obtain a valid consent from your visitors, where they have the opportunity to say yes or no to statistical and / or marketing cookies. 

3 good examples of the use of cookies

Borger.dk is one of the websites that uses the technically necessary cookies. For example, if you click no to cookies, the website will remember that you have clicked “no thanks” to cookies in the past. In addition, Borger.dk is the site, which we have found where it has the most user-friendly cookie banner to say “no thanks” to statistical and  marketing cookies.

Borger.dk and DR.dk are some good examples of how websites use of cookies seems to follow the new rules.

In addition, DMI has also changed its cookie banner after some harsh criticism from the Danish Data Protection Agency. Now it has become much easier for the users to say no thanks for being commercially tracked, which is a positive sign.

7 points guide of collecting consent from cookies

The Danish Data Protection Agency has given a clear message about how the incorrect use of cookies on the websites looks, which you can see in the examples of Facebook and Twitter. In addition, at the end of February 2020, the Danish Data Protection Agency has provided a specific guide on the processing of personal data about website visitors, and the consequences of not complying with the requirements of the Cookie Act will be fined.

We at HTML24 have shortened the guide to 7 points rather than the 18 pages long guide from the Danish Data Protection Agency.

  • You must collect a voluntary consent.
  • The consent must be specific, where the company must have stated specific purposes of the data collection.
  • The consent must be informative. This means that visitors need to know who is collecting the data and why.
  • The consent must be given by an active action.
  • Your users should be able to refuse cookies.
  • Your users must be able to withdraw the consent. It must be as easy as it was to give the consent.
  • You must be able to document all of your consents.

We hope you have gained some knowledge of collecting consent from cookies. If you need assistance with a check on your cookie condition and recommendations for correcting it – please feel free to contact us either on our mail: info@html24.net or on the phone: +45 4241 6160

Published 27. February 2020
Author
Af Kevin Ta
Marketing Intern

Should we call or write to you? Fill in the fields below.