Norway is making significant changes to its digital privacy regulations with the introduction of the new Electronic Communications Act, which came into effect on January 1, 2025. One of the most important updates in this law affects how businesses handle cookie consent and online tracking.
The new rules bring Norway’s cookie regulations in line with GDPR and the EU’s ePrivacy Directive, meaning websites must ensure explicit, informed consent from users before deploying cookies.
If your business operates a website that serves Norwegian users, it’s critical to understand how these changes impact you and what steps you need to take to remain compliant.
Key Changes to Cookie Compliance in Norway
The new law introduces stricter rules for obtaining and managing cookie consent. Here are the major changes:
1. Explicit Consent is Now Required
The new law requires users to give active, informed, and explicit consent before non-essential cookies can be placed on their device.
Previously, websites could rely on implied consent, such as continued browsing as an acceptance of cookies. This is no longer allowed.
Cookie banners must require affirmative action from users, such as clicking “Accept.”
It’s easy to be compliant with CookieHub
Sign up today and create a custom cookie banner for your website
- 30 day free trial
- No credit card required
2. Users Must Be Able to Reject Cookies Easily
Users must be provided with a clear and equally accessible option to reject cookies, not just an “Accept” button.
Many websites previously designed banners that nudged users toward acceptance. Under the new rules, this is illegal.
Now websites must include a prominent “Reject” button alongside the “Accept” button.
3. No More Pre-Ticked Boxes or Default Opt-In
Websites cannot use pre-ticked boxes or default settings that enable cookies.
Previously, some websites assumed consent by default, requiring users to opt out manually. This is now prohibited.
Cookie banners must only activate cookies after explicit user consent is given.
4. Clear and Transparent Information on Cookies
Websites must provide detailed explanations of what each type of cookie does, why it is used, and who has access to the collected data.
Many cookie policies were vague or incomplete. The new rules demand full transparency and companies must update their cookie policies and make them easily accessible.
5. Consent Must Be Easily Withdrawable
Users must be able to change their cookie preferences at any time after giving consent. Before, some websites made it difficult or impossible for users to withdraw consent once given. Websites must include an easily accessible consent management tool allowing users to adjust settings.
How to Stay Compliant: Actionable Steps
Implement a Fully Compliant Cookie Banner
- Ensure users must take explicit action (e.g., clicking “Accept”) before cookies are placed.
- Provide an equally visible “Reject” option.
- Avoid pre-ticked consent boxes.
Use a Transparent Cookie Policy
- Clearly explain why cookies are used, what data is collected, and who has access to it.
- Make the cookie policy easily accessible from the banner.
Allow Users to Change Their Preferences Anytime
- Provide a consent management tool that lets users modify or withdraw consent after their initial choice.
Log and Store Consent Records
- Keep a record of when and how users gave consent in case of audits by Norwegian authorities.
Use a Consent Management Platform (CMP) like CookieHub
- A CMP helps automate compliance by providing fully customizable and legally compliant cookie banners. Ensures all collected consent data is properly stored and managed.
Why This Matters for Businesses
Failure to comply with Norway’s new cookie regulations can result in:
- Fines and legal consequences from Norwegian authorities.
- Loss of user trust, as privacy-conscious users expect compliance.
- Risk of ad revenue loss, as non-compliant websites may face restrictions from advertising networks.
Avoid penalties and build trust with your users and stay compliant.
Are you compliant?
CookieHub automatically scans your website to detect cookies, ensuring all cookies are easily managed.