Search
Linkedin-in Facebook-f

The Danish Business Authority will not prioritize the supervision of statistics cookies

On 15 October, the Danish Business Authority announced that they will not prioritize the supervision of websites' collection of simple statistics in the future. This affects your ability to collect statistics without consent. The statement from the Danish Business Authority can hardly be interpreted in any other way than that you can collect statistics without consent - as long as a number of conditions are met.
Lasse Grubbe</trp-post-container
Lasse Grubbe</trp-post-container
Partner & Senior Marketing Consultant

The current cookie rules

According to the current cookie rules, you must obtain consent before you can collect statistics about visitors to your website. Rules that have raised concerns for many Danish companies because a large number of visitors say no to cookies, causing companies to lose important and valuable visitor data.

The problem is not helped by the fact that authorities in other countries interpret the cookie rules more leniently, and that many companies do not follow the rules and thus gain a competitive advantage. But now there is good news from the Danish Business Authority.

What does the Danish Business Authority say?

The Danish Business Authority said in a press release on October 15, 2021that they will not prioritize the supervision of websites' collection of simple statistics in the future. The press release states, among other things, that:

In the current negotiations of a new ePrivacy Regulation, it is proposed that simple statistics cookies for traffic measurement will be exempted from the consent requirement. [...] The Danish Business Authority has therefore decided not to prioritize the supervision of statistics cookies if cookies and similar technologies collect statistics for the website owner's own use, for example in the form of traffic measurement that does not build a user profile of the visitor or where data is passed on to a third party.

The current negotiations referred to by the Danish Business Authority are based on, among other things a note from a working group under the EU, which in 2012 was tasked with preparing recommendations for a revision of the EU ePrivacy Directives. The recommendations state the following about statistical cookies:

However, the Working Party considers that first party analytics cookies are not likely to create a privacy risk when they are strictly limited to first party aggregated statistical purposes and when they are used by websites that already provide clear information about these cookies in their privacy policy as well as adequate privacy safeguards. Such safeguards are expected to include a user friendly mechanism to opt-out from any data collection and comprehensive anonymization mechanisms that are applied to other collected identifiable information such as IP addresses.

The new ePrivacy Regulation was originally due to come into force on May 25, 2018 at the same time as GDPR, but it has not yet been adopted. This is partly due to the fact that member states have not been able to agree on the rules and, of course, COVID-19 has taken some of the political focus away from a number of areas.

In a written response to the trade magazine Journalisten The Danish Business Authority elaborates that:

Danish media and website owners in Denmark in general are still subject to the rules in the Cookie Executive Order and GDPR. However, in a supervisory case, the Danish Business Authority will not relate to simple statistical cookies, and this could affect how Danish media and other website owners can conduct traffic measurements.

In other words, it is still a legal requirement to obtain consent before using statistics cookies. But the statement from the Danish Business Authority can hardly be interpreted in any other way than that they are now turning a blind eye and tacitly allowing the collection of statistics without consent - as long as a number of conditions (see below) are met.

Of course, as a public authority, the Danish Business Authority cannot directly state that Danish companies do not have to comply with parts of the Cookie Executive Order. The statement that they "will not prioritize supervision" is probably the closest statement of position they can make.

Statistics collection without consent

The changed practice from the Danish Business Authority does not apply to all statistics cookies, but only simple statistics cookies for your own use. The relaxation also requires that you not building a user profile of the visitorand that you does not disclose data to a third party. Of course, it is also a requirement that you comply with current GDPR legislation.

The statement from the Danish Business Authority is brief and leaves much to free interpretation. Here is our interpretation of the situation if you want to collect visitor statistics without consent:

You need to comply with GDPR legislation

The GDPR deals with the processing of personal data (i.e. any information about an identified person) by companies. Collecting statistics without consent assumes that you are not collecting personal data. In the context of statistics, this is typically the case:

  • IP addresses
  • Personal data in URLs

If you use Google Analytics 4, IP addresses are anonymized automatically. If you're using an older version of Google Analytics, you need to enable IP address anonymization yourself (see guide) - this rarely has major data implications, other than making geolocation of visitors at the city level more difficult.

Personal data in URLs can occur, for example, if you allow your visitors to create an account and the username is included in the URL (e.g. website.dk/account/username). It can also occur if you use personal data, such as email addresses, as parameters in your URLs in connection with campaigns.

You may only use simple statistics cookies

The Danish Business Authority writes that the relaxation only applies to "simple statistics cookies" without further explanation. A search for "simple statistics cookies" on Google only yields three results, all three of which are quotes from the Danish Business Authority's press release.

Our assessment is that common cookies from common statistical systems such as Google Analytics and Adobe Analytics fall under the category "simple statistical cookies". Examples of statistical systems that are unlikely to fall into this category are:

  • Hotjar - visualizes your users' movements and actions on your website.
  • Facebook Pixel - enables audience building on Facebook and more.
  • LinkedIn Insights - enables building audiences on LinkedIn and more.
  • Lead feeder - shows which specific companies are visiting your website.

Of course, the above is only speculation and we cannot know for sure what the Danish Business Authority means by the term "simple static cookies".

You may not disclose data to third parties

Collecting statistics without consent requires that you do not disclose data to third parties. You can use a third-party tool such as Google Analytics to collect the data, but as the data controller you cannot pass the data on to Google.

You can prevent data sharing to Google by changing your data sharing settings in Google Analytics (see guideThe settings allow you to exclude Google from accessing the data, for example for technical support purposes.

You should also avoid linking Google Analytics with Google marketing tools such as Google Ads. This will ensure that all statistics data can only be accessed through your Google Analytics account.

Do not build user profiles of visitors

Collecting statistics without consent assumes that you are not building user profiles of visitors. When the Danish Business Authority talks about "building user profiles", they most likely mean tracking that provides information about gender, age group and interests. This is a type of data that is typically used for marketing purposes.

Google Analytics allows for demographic and interest tracking. This type of tracking collects information about the age and gender of your visitors as well as the interests they express in their online travel and purchasing activities. You can turn this tracking off - if you have previously manually enabled it - through your account settings (see guide).

What's next?

Like the Danish Business Authority, we cannot directly encourage you to break the rules of the cookie executive order. However, if you comply with the conditions mentioned in the previous section, the risk of collecting statistics without consent - and thus breaking the rules - is minimized or perhaps completely non-existent.

If we take the Danish Business Authority's word for it - that in a "supervisory case they will not relate to simple statistics cookies" - breaking the rules will not have any negative consequences. The only consequence will be positive: you will have access to more accurate data and you will be better able to use data in Google Analytics as an accurate basis for decision-making when evaluating your digital presence and the impact of your digital marketing efforts.

In time, the statement from the Danish Business Authority will probably be elaborated and concretized, so we will all be a little bit wiser about what they actually mean. And one day - when the EU Commission has reached an agreement - there will be new and better ePrivacy legislation from the EU.

Update on October 30, 2021

The Danish Business Authority has in A new press release clarified their previous statement. In the press release they write, among other things, that:

Statistical cookies, e.g. offered by free analytics tools, where these third parties are also given access to use the collected data, will continue to be prioritized in the agency's supervision. The rules of the General Data Protection Regulation and the Data Protection Act thus continue to apply to the extent that personal data about website visitors is collected and processed.

The new statement doesn't bring anything new to the table, but simply emphasizes that if you want to collect statistics without consent, you must comply with the prerequisites mentioned earlier in this post.

Lasse Grubbe</trp-post-container
Lasse Grubbe</trp-post-container
Partner & Senior Marketing Consultant
See author
GET MORE KNOWLEDGE

Related guides

UTM
The purpose of a UTM code is that you can use Google Analytics to track how many people have clicked on the link to which you have added a UTM code. A UTM code can also provide a more accurate insight into where your website traffic is coming from.
Data collection
Touch points
Touch points can be translated to touch points in Danish. Touch points refer to significant points in the buying process where the company is in 'touch' with the customer. Analyzing touchpoints can help companies optimize the customer experience before, during and after a purchase.
Data collection
ROAS (Return On Ad Spend)
ROAS is an acronym for Return on Ad Spend, which is used as a measurement tool to assess the success of ads. ROAS is a familiar concept to most people who advertise with Google Ads. However, there is a lot of confusion surrounding the calculation of ROAS, which you can learn more about in this text.
Data collection
Rank tracker
Rank trackers allow you to monitor the effort you put into SEO. A rank tracker can help you keep track of rankings in Google based on the pages you want to rank high on specific keywords. In addition, a rank tracker allows you to explore the performance of your competitors.
Data collection
Market share
Market share is the percentage of total sales in an industry generated by a specific company. The market leader in an industry is the company with the largest market share. Learn more about what market share is and how you can increase your market share in this article.
Data collection
LTV (Life Time Value)
LTV is an abbreviation for Life Time Value (of a customer). Calculating LTV gives you insight into the profitability of your company's individual customer. Learn more about what you can use it for and how to calculate it in this post.
Data collection
Leads
Leads is a widely used word in the world of sales and marketing. The overall meaning of the word lead is; a potential customer. In this article, you'll learn what a lead is and how you can generate great leads for your business.
Data collection
KPI (Key Performance Indicator)
KPI stands for "Key Performance Indicator" and is a metric used to give an indication of how a company, department, group or individual is performing in relation to set objectives. KPIs can also be used to incentivize and motivate performance.
Data collection
Conversion rate
Your conversion rate is the percentage of visitors to your website who complete a desired goal (a conversion) out of the total number of visitors. A high conversion rate is a sign of successful marketing: it means people want what you offer and it's easy for them to get it.
Data collection
Google Tag Manager
Google Tag Manager makes it easier for you to manage tags on your website and get more useful and accurate data out of your tags (e.g. regarding visitors). Read below to learn more about Google Tag Manager.
Data collection

Get in touch with us

We understand that choosing an agency can be a big decision. But hand on heart - if we were you, we would have chosen us. Our customers call us Denmark's most honest and attentive agency - and with us you'll find specialists who master strategy and digital marketing. Maybe we're the right agency for you too? Contact us & find out.

Contact us
Estimate project
Newsletters
Stay up to date with the latest inbound marketing news.
Sign up for our newsletter
Specialties
Knowledge and insight
InboundCPH
Contact us
  • Rosenvængets Allé 11, st.
  • 2100 Copenhagen Ø, Denmark
InboundCPH A/S - CVR: 39607255
Info & registration
We have received your request

Thank you for your inquiry . We appreciate the opportunity to discuss your project. You'll hear from us within 1-2 business days

See you soon

Step 1 / 3

    Step 1 / 3 - Select project type

    Get a dialog about your project

    Send us an inquiry to discuss how we can help you with your project and your goals.

    SEOGoogle AdsSocial mediaMarketing automationAI implementationData & InsightsOthers