New guidance tightens consent and liability requirements. Stay updated on the cookie rules here.

‍

‍

Will you be cookie compliant in 2025? New guidance tightens consent and liability requirements

‍

In May 2025, the Danish Data Protection Agency and the Danish Agency for Digitization published an updated joint Cookie Guide - and this should make both companies and authorities stop and double-check their compliance.

‍

The guidance clarifies the requirements for consent and processing of personal data when technologies such as cookies, pixels and fingerprinting are used - both in browsers, apps and across devices.

‍

‍

What does the guide say?

‍

The requirements are neither new nor optional - but they have become much clearer:

• Consent must be voluntary, informed and documentable
• Cookie walls and nudging must not deprive the user of real choice
• Consent must be given before processing - and it must be just as easy to withdraw
• Joint data liability may arise if third parties (e.g. social media or analytics tools) gain access to user data via your website

‍

‍

What should you do next?

‍

1. Review your cookie policy and consent technology:

    Are users informed? Are purposes and third parties clearly stated? Do you have documentation of consent?

2. Map the technologies on your solution

    Many cookies are set indirectly - via plug-ins, scripts and analytics tools. You should know what is stored, when and why.

3. Assess roles and responsibilities

    Do you have a clear division of roles with suppliers? Are appropriate agreements in place, e.g. joint data responsibility?

‍

‍

Get help with compliance

‍

At CO:PLAY, we offer legal and technical reviews of your cookie and consent solutions. We focus on documentation, disclosure and legal basis for processing - so you're not alone if the supervisory authority comes knocking.

Contact Reza Ahmadian for a no-obligation cookie review by phone 6090 1722 or email ra@coplay.law

‍

Read more about our GDPR and data protection advice here: