Does Telecommunicatiewet + GDPR require cookie consent banners?

Yes. Under Telecommunicatiewet + GDPR, websites must display a cookie consent banner that includes: concise purpose summary, accept all button, reject all button or link, manage preferences button, and more. The banner must be shown before any non-essential cookies are set.

Is Telecommunicatiewet + GDPR opt-in or opt-out for cookies?

Telecommunicatiewet + GDPR follows an opt-in consent model. This means websites must obtain explicit user consent BEFORE placing any non-essential cookies or tracking technologies.

How long does cookie consent last under Telecommunicatiewet + GDPR?

Under Telecommunicatiewet + GDPR, cookie consent is valid for 6 months. After this period, websites must request consent again from users.

What records must I keep for Telecommunicatiewet + GDPR cookie consent?

Telecommunicatiewet + GDPR requires maintaining consent records that include: timestamp iso, user choices by purpose, policy version, jurisdiction detected, consent ui version, and additional fields. Records must be retained for at least 18 months.

What Are the Telecommunicatiewet + GDPR Cookie Consent Requirements?

Q: What is Telecommunicatiewet + GDPR and how does it affect cookie consent?

Netherlands (Telecommunicatiewet + GDPR) is a privacy regulation applicable in Netherlands. The Dutch Telecommunications Act (Telecommunicatiewet) Art. 11.7a implements the EU ePrivacy Directive. Consent required before placing non-essential cookies. GDPR applies in parallel for personal data processing. Enforced by Autoriteit Persoonsgegevens (Dutch DPA) and ACM. It requires websites to obtain explicit user consent before placing non-essential cookies (opt-in model).

Everything you need to know about Telecommunicatiewet + GDPR cookie consent compliance in 2026. Complete guide covering opt-in consent requirements, cookie banner elements, consent records, and technical implementation for Netherlands.

Opt-in Translation Required Children's Privacy Rules Cookie Walls Prohibited

Summary

This guide provides comprehensive technical implementation requirements for Netherlands (Telecommunicatiewet + GDPR). The Dutch Telecommunications Act (Telecommunicatiewet) Art. 11.7a implements the EU ePrivacy Directive. Consent required before placing non-essential cookies. GDPR applies in parallel for personal data processing. Enforced by Autoriteit Persoonsgegevens (Dutch DPA) and ACM.

This jurisdiction requires an opt-in consent model (prior consent), meaning websites must obtain explicit user consent before placing non-essential cookies or similar tracking technologies. Users must actively accept cookies through clear consent mechanisms.

Additional requirements for this jurisdiction include: providing consent banners and privacy information in all required languages, and special protections and consent mechanisms for children's personal data.

Website owners and operators subject to these regulations must implement compliant cookie consent banners, maintain proper consent records, and ensure their tracking technologies respect user privacy choices. This guide outlines all technical requirements needed to achieve compliance.

Key Requirements Overview

Consent Model

Opt-in (Prior Consent)

Consent Lifespan

6 months

Default State

Off (Non-Essential Cookies)

Cookie Walls

Prohibited

Technical Requirements

Prior consent for non-essential cookies

Purpose granularity required

Equal prominence for accept/reject buttons

No pre-checked boxes allowed

Dark patterns prohibited

Proof of consent required

Local storage covered by regulation

Implementation Guidance

Cookie walls are prohibited under Dutch DPA guidance. Analytical cookies for visitor counting with limited privacy impact are exempt from consent. Reject button must have equal prominence to accept button. Pre-ticked boxes and implied consent (e.g. 'by continuing to browse') are not valid. The Dutch DPA actively monitors ~10,000 websites annually and enforces with fines up to €600,000.

Special Protections

Children's Privacy

Parental consent required for children under 16 (GDPR Art. 8; Netherlands has not lowered the age threshold).

Sensitive Data

Explicit consent required for special categories of personal data under GDPR Art. 9.

Record Keeping Requirements

Required Consent Record Fields

For each consent action, you must maintain records containing:

Timestamp ISO
User Choices By Purpose
Policy Version
Jurisdiction Detected
Consent UI Version
Ip Country At Consent

Retention Period: 18 months minimum

Re-consent Trigger: Major Policy Change Or New Purpose

CookieChimp handles all of this automatically. Our platform maintains comprehensive consent records including all required fields, timestamps, consent strings, IP addresses, user agents, and more. Records are securely stored and easily exportable for compliance audits. Learn more about our consent management

Exempt Cookie Types

The following types of cookies are typically exempt from consent requirements:

Strictly Necessary

Security Fraud Prevention

Load Balancing

Analytics Limited Privacy Impact

Legal References & Resources

Official legal documents and regulatory guidance for this jurisdiction:

Telecommunicatiewet Art. 11.7a

https://wetten.overheid.nl/BWBR0009950/

Autoriteit Persoonsgegevens – Cookies Guidance

https://www.autoriteitpersoonsgegevens.nl/en/themes/internet-and-smart-devices/cookies

GDPR (EU 2016/679)

https://eur-lex.europa.eu/eli/reg/2016/679/oj

ePrivacy Directive Art. 5(3)

https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:32002L0058

Frequently Asked Questions About Telecommunicatiewet + GDPR Cookie Consent

Legal Disclaimer: For engineering implementation guidance only. Not legal advice. This guide provides technical implementation guidance only and should not be considered legal advice. Privacy laws are complex and frequently updated. We recommend consulting with qualified legal counsel to ensure full compliance with applicable regulations.

Found an issue or have feedback on this page?