Norway: Data Protection Authority published guidelines on tracking tools

On 12 June 2025, the Norwegian Data Protection Authority published guidance on the use of tracking tools such as pixels and cookies on websites and in apps. The guidance advises organisations on complying with data protection regulations when employing these tools, particularly concerning the processing of personal data, including special categories. Organisations should identify the tracking tools used and consider inferences drawn about users, especially regarding sensitive information. For services targeting children or processing sensitive data, ceasing the use of tools that share data with third parties is strongly recommended due to compliance challenges. Valid consent is generally required and must be voluntary, allowing users to opt out while retaining service access. Clear information about tracking tools must be provided before and after consent, for example, in a privacy statement. Organisations should remove tools they cannot control and are responsible for those they use. Non-compliance, such as failing to obtain informed consent or explain tool functions, risks orders or sanctions, including fees, from the authority. The guidance includes examples from the authority's website audits.