In May 2025, the Danish Data Protection Agency and the Danish Agency for Digitization published an updated joint Cookie Guide - and this should make both companies and authorities stop and double-check their compliance.
The guidance clarifies the requirements for consent and processing of personal data when technologies such as cookies, pixels and fingerprinting are used - both in browsers, apps and across devices.
The requirements are neither new nor optional - but they have become much clearer:
1. Review your cookie policy and consent technology:
Are users informed? Are purposes and third parties clearly stated? Do you have documentation of consent?
2. Map the technologies on your solution
Many cookies are set indirectly - via plug-ins, scripts and analytics tools. You should know what is stored, when and why.
3. Assess roles and responsibilities
Do you have a clear division of roles with suppliers? Are appropriate agreements in place, e.g. joint data responsibility?
At CO:PLAY, we offer legal and technical reviews of your cookie and consent solutions. We focus on documentation, disclosure and legal basis for processing - so you're not alone if the supervisory authority comes knocking.
Contact Reza Ahmadian for a no-obligation cookie review by phone 6090 1722 or email ra@coplay.law
Read more about our GDPR and data protection advice here: