In the contemporary digital landscape, cookies are pivotal in optimizing online functionalities and enhancing the user experience. However, cookies cannot be deployed arbitrarily as they raise privacy concerns regarding users’ data. Many countries, including Norway, have their own cookie guidelines to ensure responsible cookie practices. This blog helps you discover Norway’s cookie consent requirements and ways to achieve compliance. 

What is the cookie law of Norway?

In Norway, the rules for the use of cookies are established by the Electronic Communications Act and Personal Data Act. These laws are supervised by the Nkom and Datatilsynet (Norwegian DPA).

Nkom, the supervisory authority for the Electronic Communications Act, has released a guide on the use of cookies in Norway. These guidelines set consent as a prerequisite for placing non-essential cookies on user devices.

Despite not being part of the European Union, Norway has a strong connection with the EU due to its EEA membership. Consequently, Norway must comply with the General Data Protection Regulation, which it does through the Personal Data Act. 

What is the scope of the Norway cookie guidelines?

The Norwegian cookie guidelines apply to any entities that offer online services to Norwegian users and use cookies or similar tracking technologies to collect information from them.

What are the Norway cookie consent requirements?

According to the Nkom guide, the following are the best consent practices:

  • Obtain specific consent from users before placing non-essential cookies on their devices. 
  • Provide easy consent revocation mechanisms.
  • Avoid using pre-checked boxes to obtain consent.

What are the exemptions to the Norway cookie guidelines?

The law does not require businesses to adhere to the above requirements in the following scenarios:

  • When it is solely used to transfer communication in the electronic communication network.
  • When it is necessary to provide an online service requested by the user.

This means consent might not be necessary for essential cookies, such as those used for logging in, tracking the shopping cart, or providing the requested service.

Can preset browser settings be used as valid cookie consent?

Many people wonder if using the default settings on their web browsers consents to having cookies stored on their devices in Norway.

Even though the Norway cookie law permits websites to rely on browser presets as consent, Nkom strongly recommends obtaining explicit user consent that aligns with the GDPR (as outlined in the Personal Data Act). This way, you make sure you’re doing everything right. 

Nkom cookie guidelines

The guide also references the notable court case of Planet 49 which invalidated consent obtained through pre-checked boxes. 

When handling personal data under the Personal Data Act or dealing with EU members, it is crucial to follow best practices. Obtain specific consent for each purpose, ensuring it is specific, informed, freely given, and unambiguous.

What are the information requirements under Norway cookie guidelines?

The general rule is that at least the following information should be provided to the users for the consent to be valid:

  • What information is processed
  • The purpose of processing
  • Who processes the information

Nkom offers additional insights in its guide and requires websites to provide the following information before obtaining cookie consent:

  • Clear and unambiguous information on the cookies used
  • What information do these cookies collect and process
  • The purpose for which this information is used
  • Who processes the information

Furthermore, Nkom also enunciates that information requirements are fulfilled only if:

  • The information is readily available to the user upon entering the website.
  • All the information, as required by law, is made available to the users.

Information is readily available if provided as a clearly visible link in the footer, a text box on the front page, or a cookie pop-up.

Checklist: Norway cookie consent requirements

  • Identify the cookies used on your website and their uses
  • Provide users with information on the cookies you use, the information these cookies collect and process, the purpose of processing, and who processes them
  • Make this information easily available to users through cookie pop-ups when visiting your website
  • Obtain valid consent (adhering to GDPR) for setting and using non-necessary cookies
  • Collect granular consent for each purpose
  • Provide convenient mechanisms to withdraw consent 
  • Implement a consent management platform like CookieYes to manage and document user consent

How can CookieYes help your business achieve cookie compliance?

The rules are clear; now it’s time to take action. Achieving cookie compliance may require multiple resources, but imagine finding everything you need in one place. By teaming up with CookieYes, you can focus on growing your business while we take care of cookie compliance. The best part? You can achieve all of this without worrying about coding because our platform integrates seamlessly.

Why CookieYes is the best solution?

  • Customizable consent notice with clear Accept/Reject buttons
  • Granular consent options
  • Convenient consent withdrawal
  • Consent logs for compliance
  • Language customization
  • Scan sites to detect and block third-party cookies until consent is given
  • Google-certified CMP and IAB TCF v2.2 compliant

FAQ on Norway cookie consent requirements

What are cookies?

Cookies are small files placed on devices connected to the internet, such as smartphones or computers, to collect and store information about the user. They perform various functions, such as saving user preferences, website functioning, advertising, and analytical purposes.

Who must comply with the Norway cookie guidelines?

All entities in Norway that operate online platforms like websites and those outside Norway targeting their products or services to Norwegians must comply with Norway cookie guidelines.

Do Norway’s cookie guidelines consider browser settings as consent?

Though Nkom relies on browser presets as consent, it also recommends businesses obtain consent in line with GDPR requirements. Therefore, if you obtain personal data through cookies or offer products or services to EU residents, you must obtain explicit consent rather than browser presets.

How do you comply with cookie consent requirements?

Achieving cookie compliance demands multiple resources and can be daunting. However, one way to make cookie compliance easy is to use cookie consent management platforms like CookieYes. CookieYes offers comprehensive features such as cookie auditing, consent tracking, granular control, customizable cookie banners, opt-out controls, and more.