Slovakia's Shift to Opt-In Cookie Consent
Slovakia overhauled its cookie rules on 1 February 2022 when Act No. 452/2021 Coll. on Electronic Communications replaced the older Act No. 351/2011. The change brought Slovakia into line with the strict opt-in consent model already adopted by most EU member states under the ePrivacy Directive.
Under the previous regime, browser settings could count as valid consent for cookies. That provision has been explicitly removed. Only an unambiguous confirmatory action by the user - such as clicking an "Accept" button - now qualifies as consent. Pre-ticked checkboxes and continued browsing do not meet the standard.
This matters for every website that targets Slovak visitors, not just sites hosted in Slovakia.
Who Enforces Cookie Rules in Slovakia?
Two separate authorities share responsibility for cookie compliance in Slovakia. The Office for the Regulation of Electronic Communications and Postal Services (Regulacny urad) enforces the cookie-specific provisions of Act 452/2021, including consent banner requirements and technical cookie rules.
The Urad na ochranu osobnych udajov (UOOU) - Slovakia's data protection authority based in Bratislava - handles the GDPR side of cookie compliance. When cookies process personal data (as most analytics and marketing cookies do), the UOOU can step in with its own enforcement powers. The UOOU employs roughly 40 staff and had an increased budget of approximately EUR 2.9 million in 2024.
In 2024, the UOOU issued 38 final fine decisions totalling around EUR 84,000, with an average fine of about EUR 2,226. While these figures are modest compared to authorities in France or Germany, the penalties available under Act 452/2021 for cookie-specific violations are considerably higher.
Penalties for Cookie Violations
Act 452/2021 introduced significant fines for breaching cookie provisions. The Regulacny urad can impose penalties ranging from EUR 200 up to 10% of the offending entity's turnover for the preceding accounting period. Where turnover cannot be determined, the maximum fine is EUR 300,000.
Separately, GDPR-related breaches involving personal data collected through cookies can attract fines of up to EUR 20 million or 4% of global annual turnover under the standard GDPR penalty framework.
| Violation Type | Enforcing Authority | Maximum Fine |
|---|---|---|
| Cookie consent breach (Act 452/2021) | Regulacny urad | 10% of annual turnover or EUR 300,000 |
| GDPR personal data breach via cookies | UOOU | EUR 20 million or 4% global turnover |
| Failure to provide cookie information | Regulacny urad | 10% of annual turnover or EUR 300,000 |
| Non-compliant consent banner design | Regulacny urad / UOOU | Combined enforcement possible |
UOOU Cookie Banner Guidelines
On 9 November 2022, the UOOU published its first detailed guidance on cookie banner design. The guidelines were later updated and set out specific requirements that go beyond what many other EU data protection authorities have stipulated.
The consent banner must include an option to accept all cookies and an equally prominent option to reject all cookies. Pre-checked options for individual cookie categories are not permitted. Crucially, the UOOU requires that button colours on the consent banner are uniform - the "Accept" button must not be visually more prominent than the "Reject" button. This directly targets dark patterns in cookie banners that nudge users towards acceptance.
The UOOU also advises against using the phrase "I Understand" as a consent button label when non-essential cookies are involved. Instead, the authority recommends clear, unambiguous wording such as "I Agree" or "Accept" so that users know they are making a genuine choice.
An alternative banner design is permitted: the first layer may omit an "Accept All" button entirely, provided it displays a "Reject All" button alongside an "Edit Settings" option where users can then selectively enable cookie categories.
What Consent Must Look Like Under Slovak Law
Consent for cookies in Slovakia must satisfy five criteria drawn from both Act 452/2021 and the GDPR.
Freely given - the option to grant or refuse consent must be displayed equally, without pressure or interface tricks that favour acceptance. Active - only an unambiguous confirmatory action counts; browser settings no longer qualify. Informed - users must receive details about cookie purposes, storage duration, and any third-party sharing before they consent.
Specific - consent must be granular, meaning separate consent for each processing purpose such as analytics, marketing, and personalisation. Demonstrable - the website operator bears the burden of proving that valid consent was obtained, though the Act does not prescribe a specific format for consent records.
Only strictly necessary cookies - those required for the transmission of a communication or for providing a service explicitly requested by the user - are exempt from the consent requirement. Session cookies like PHPSESSID and language preference cookies like pll_language typically fall into this category. Analytics cookies such as _ga and advertising cookies such as _fbp always require prior consent.
How Slovak Rules Compare to Neighbouring Countries
Slovakia's approach sits comfortably within the Central European pattern. The Czech Republic amended its own Electronic Communications Act effective 1 January 2022 - just one month before Slovakia - also switching to opt-in consent. Poland has required opt-in consent since its 2018 Telecommunications Law amendments, while Hungary follows a similar GDPR-aligned approach under the NAIH.
Austria, which shares a border and significant web traffic with Slovakia, adopted opt-in requirements following the Planet49 ruling from the Court of Justice of the EU. For websites serving visitors across this region, a single consent management approach that defaults to the strictest standard is the most practical strategy.
| Country | Opt-In Required Since | Enforcing DPA |
|---|---|---|
| Slovakia | 1 February 2022 | Regulacny urad / UOOU |
| Czech Republic | 1 January 2022 | UOOU (Czech) |
| Poland | 2018 | UODO |
| Hungary | GDPR-aligned (2018) | NAIH |
| Austria | Post-Planet49 (2019) | DSB |
Compliance Checklist for Slovak Cookie Rules
Verify that your website meets the following requirements before serving visitors in Slovakia.
Display a cookie banner on first visit that blocks non-essential cookies until consent is granted
Provide equal "Accept All" and "Reject All" buttons with uniform styling and colours
Do not pre-tick any cookie category checkboxes
Offer granular control over cookie categories (analytics, marketing, functional)
Provide clear information about each cookie category, purpose, duration, and third-party recipients
Allow users to withdraw consent as easily as they gave it
Store proof of consent with timestamps
Run a cookie scan regularly to detect new or changed cookies
Ensure your site remains fully functional if a visitor rejects non-essential cookies
Configure Google Consent Mode v2 so that tags respect the consent state
Frequently Asked Questions
Does Slovakia require cookie consent?
Yes. Since 1 February 2022, Act No. 452/2021 on Electronic Communications requires prior opt-in consent for all non-essential cookies. Only strictly necessary cookies are exempt.
Who enforces cookie rules in Slovakia?
The Office for the Regulation of Electronic Communications and Postal Services enforces cookie-specific rules under Act 452/2021, while the UOOU enforces GDPR provisions related to personal data processing through cookies.
What is the maximum fine for cookie violations in Slovakia?
Fines for cookie consent violations can reach up to 10% of annual turnover under Act 452/2021, or EUR 300,000 where turnover cannot be determined. GDPR fines of up to EUR 20 million or 4% of global turnover may also apply.
Can browser settings count as cookie consent in Slovakia?
No. Act 452/2021 explicitly removed the provision that allowed browser settings to serve as consent. Only an active, unambiguous confirmatory action by the user is valid.
Do the reject and accept buttons need to look the same in Slovakia?
Yes. The UOOU guidelines require that all buttons on the consent banner share the same colours and styling. The accept option must not be more visually prominent than the reject option.
Does the Slovak cookie law apply to foreign websites?
If your website targets Slovak users or processes data of individuals in Slovakia, you must comply with both Act 452/2021 and the GDPR regardless of where your business is based.
Take Control of Your Cookie Compliance
If you are not sure which cookies your site sets, start with a free scan. Kukie.io detects, categorises, and helps you manage every cookie - so your visitors get a clear choice, and you stay on the right side of the law.
