DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

🇫🇮 European Union

Cookie consent in Suomi

Consent and privacy law in Suomi

In short
Finland enforces the GDPR through the Office of the Data Protection Ombudsman, while the communications regulator Traficom oversees cookies under the Electronic Communications Services Act. Finnish guidance clarified that consent is required for non-essential cookies and that reliance on browser settings is not enough. Traficom issued practical guidance stressing that rejecting must be as easy as accepting and that the X to close a banner does not equal consent. Finland is officially bilingual, so notices are often provided in Finnish and Swedish. Controllers should keep consent records and describe the purpose of each tracker clearly.
Authority
Tietosuojavaltuutetun toimisto (Office of the Data Protection Ombudsman)
Status

GDPR applies since 25 May 2018, with the Finnish Data Protection Act

Primary law
GDPR
Languages

fi, sv

Who must comply

Any organization that offers goods or services to people in the EU or monitors their behavior, wherever the organization is based.

Penalties

Up to 20 million euros or 4 percent of global annual turnover, whichever is higher

Key obligations

  • Obtain prior, opt-in consent before non-essential cookies
  • Make refusing as easy as accepting
  • Keep records that prove consent
  • Honor withdrawal at any time
  • Respect data subject rights (access, erasure, portability)

Local guidance

  • Follow Traficom guidance for cookies under the Electronic Communications Services Act
  • Do not rely on browser settings as consent
  • Consider Finnish and Swedish language notices
  • Ensure rejecting is as easy as accepting

How ConsentX helps

  • Prior-script blocking for true opt-in
  • Equal-weight Allow and Reject controls
  • Tamper-evident consent receipts and evidence
  • One-click withdrawal trigger
  • Built-in DSAR workflow with 30-day SLA
Get started free
yoursite.com
🇫🇮 Finland

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with Finland using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under Finland.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that Finland requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a Finland audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Who oversees cookies in Finland?+

The communications regulator Traficom oversees cookie rules under the Electronic Communications Services Act, while the Data Protection Ombudsman enforces the GDPR more broadly.

Should Finnish cookie banners be bilingual?+

Finland is officially bilingual, so notices are commonly provided in both Finnish and Swedish depending on the audience being served.

Governing law

🇪🇺 GDPR

Other countries in European Union

🇩🇪 Deutschland🇫🇷 France🇪🇸 España🇮🇹 Italia🇳🇱 Nederland🇧🇪 België / Belgique🇵🇱 Polska🇵🇹 Portugal🇸🇪 Sverige🇦🇹 Österreich🇮🇪 Éire / Ireland🇩🇰 Danmark