Privacy Regulations in Romania

The GDPR sets the global standard for data protection, requiring explicit opt-in consent before processing personal data of EU/EEA residents. For websites, non-essential cookies must be blocked until visitors actively consent. Pre-ticked boxes and implied consent are invalid.

Article 5(3) of the ePrivacy Directive is the primary EU legal basis requiring cookie consent. It mandates prior informed consent before storing or accessing any information on a user's device, with narrow exceptions only for transmission necessity and explicitly requested services.

Romania has historically been one of the more permissive EU countries on cookies, but ANSPDCP tightened enforcement in 2025-2026 with multiple fines for installing non-essential cookies without consent. Browser settings were previously considered potentially sufficient but this interpretation is no longer viable.