AI
Latvia’s DVI mandates equal cookie consent options for websites
Latvia’s Data State Inspectorate (DVI) published an explanation regarding cookie banners on 20 October 2023. The notice focuses on valid consent for non-essential cookies and design choices that undermine user choice, with an explicit call
2026-05-09 · 2 min
Latvia’s Data State Inspectorate DVI published an explanation regarding cookie banners on 20 October 2023. The notice focuses on valid consent for non-essential cookies and design choices that undermine user choice, with an explicit call for equal prominence of reject and accept options. The authority said controllers must provide clear, understandable information on cookie categories, purposes and data recipients in both the banner and the cookie policy. The publication urges website controllers to review their current solutions. Source: DVI Cookie Consent Guidelineshttps://www.dvi.gov.lv/en
The DVI’s examples are concrete. Requiring users to click through ‘plašāka izvēle’ more options or similar extra steps to refuse, while placing ‘nepiekrist’ reject in a less accessible position, does not provide genuine choice. Presenting only de facto acceptance options such as ‘piekrītu’, ‘aizvērt’, ‘sapratu’ or ‘turpināt’ likewise fails the valid consent test for analytics or marketing cookies. The authority reminded that consent must be voluntary, specific, informed and unambiguous.
The information layer is also in scope. Incomplete or vague disclosures on cookie categories, stated purposes and data recipients can render consent not informed, which invalidates reliance on it for non-essential processing. Functional defects are flagged too: if, after pressing ‘noraidīt’ reject, non-essential cookies still process, the choice is illusory; if links to further information are inactive or route users off-site rather than to the controller’s cookie policy, users are deprived of the detail needed to decide. Together, these patterns point to UX and implementation work, not just policy text edits.
‘Consent obtained by deception or without a refusal option is invalid,’ the DVI said in its explanation.
Who is affected: any website controller implementing analytics or marketing cookies that rely on consent to process. This spans in-house builds and third-party consent tools. Controllers that localise interfaces should review Latvian-language labels and link targets alongside the underlying script behaviour.
Operational read for product, UX and engineering teams:
- First layer symmetry: place ‘Accept’ and ‘Reject’ on the same layer with equal visual weight and one-click parity. Do not hide refusal behind ‘More options’.
- Information sufficiency: summarise cookie categories, purposes and recipients on the banner, and link to a working, on-site cookie policy that expands each item.
- Technical enforcement: block non-essential tags until consent is captured; verify that pressing ‘Reject’ halts analytics and marketing events across all pages.
- Label QA: avoid acceptance-only CTAs that close the banner without a real choice; ensure Latvian labels map to the intended actions.
- Link integrity: test all ‘learn more’ and policy links for availability and correct on-site destination.
The DVI framed the document as an explanation of frequent problems with cookie banners and user consent and urged controllers to review their solutions. No formal industry reaction had surfaced at publication. The explanation applies to current consent-dependent uses of non-essential cookies. The notice does not set a new compliance date, and the authority urges controllers to review and adjust banners and consent flows now.