The Danish Business Authority has recently announced that it will take a closer look at health websites and the 100 most visited websites in Denmark for the purpose of assessing whether the websites comply with the Danish Cookie Order.
The Danish Business Authority supervises websites and apps etc. to ensure they comply with the Danish Cookie Order, which, in fact, applies not only to cookies but also to other similar technologies. The Danish Business Authority has recently announced that it will take a closer look at health websites and the 100 most visited websites in Denmark.
As a general rule, website owners are permitted to collect data via cookies and similar technologies only if prior consent has been obtained. However, the storing of essential cookies is not subject to such prior consent. In addition, the Danish Business Authority has just stated that, in future, it will not give priority to supervising organisations' collection of simple statistics data based on visitors' behaviour.
This should probably be seen in the context of the forthcoming ePrivacy Regulation, which allows the collection of simple statistics data without consent in certain cases. The ePrivacy Regulation has not yet been passed, however.
In addition, the collection of data via, for example, marketing cookies and certain statistical cookies will also constitute the processing of personal data according to the practice of the Danish Data Protection Authority (that is, the DMI decision and the guidelines of processing personal data related to website visitors).
In practice, both the Cookie Order and the GDPR impose strict requirements equally on the design of the consent (pop-up windows), the consent text, the duty to provide information and the associated policies. So, if only for that reason, healthcare companies should carefully consider the risk involved with collecting health data in this regard.