DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

🇪🇪 European Union

Cookie consent in Eesti

Consent and privacy law in Eesti

In short
Estonia enforces the GDPR through the AKI, the Data Protection Inspectorate, supported by the national Personal Data Protection Act. As a highly digital state with widespread e-government, Estonia places strong emphasis on transparency and on the X-Road data exchange infrastructure that logs access to citizen data. Cookie rules derive from the Electronic Communications Act and require consent for non-essential cookies. Estonian guidance requires opt-in consent, clear information in Estonian, and an easy reject path. The AKI treats online identifiers as personal data and expects controllers to keep evidence of consent and to describe each tracking purpose.
Authority
Andmekaitse Inspektsioon (AKI)
Status

GDPR applies since 25 May 2018, with the national Personal Data Protection Act

Primary law
GDPR
Languages

et

Who must comply

Any organization that offers goods or services to people in the EU or monitors their behavior, wherever the organization is based.

Penalties

Up to 20 million euros or 4 percent of global annual turnover, whichever is higher

Key obligations

  • Obtain prior, opt-in consent before non-essential cookies
  • Make refusing as easy as accepting
  • Keep records that prove consent
  • Honor withdrawal at any time
  • Respect data subject rights (access, erasure, portability)

Local guidance

  • Obtain opt-in consent under the Electronic Communications Act
  • Provide notices in Estonian
  • Emphasise transparency given Estonia's digital government
  • Keep evidence of consent

How ConsentX helps

  • Prior-script blocking for true opt-in
  • Equal-weight Allow and Reject controls
  • Tamper-evident consent receipts and evidence
  • One-click withdrawal trigger
  • Built-in DSAR workflow with 30-day SLA
Get started free
yoursite.com
🇪🇪 Estonia

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with Estonia using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under Estonia.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that Estonia requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a Estonia audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Which authority enforces data protection in Estonia?+

The Data Protection Inspectorate, the AKI, enforces the GDPR and the national Personal Data Protection Act in Estonia.

Is Estonia strict on transparency?+

Estonia is a highly digital state and places strong emphasis on transparency and access logging, partly through its X-Road infrastructure that records access to citizen data.

Governing law

🇪🇺 GDPR

Other countries in European Union

🇩🇪 Deutschland🇫🇷 France🇪🇸 España🇮🇹 Italia🇳🇱 Nederland🇧🇪 België / Belgique🇵🇱 Polska🇵🇹 Portugal🇸🇪 Sverige🇦🇹 Österreich🇮🇪 Éire / Ireland🇩🇰 Danmark