Privacy Regulations in Slovenia

The GDPR sets the global standard for data protection, requiring explicit opt-in consent before processing personal data of EU/EEA residents. For websites, non-essential cookies must be blocked until visitors actively consent. Pre-ticked boxes and implied consent are invalid.

Article 5(3) of the ePrivacy Directive is the primary EU legal basis requiring cookie consent. It mandates prior informed consent before storing or accessing any information on a user's device, with narrow exceptions only for transmission necessity and explicitly requested services.

Slovenia was the last EU member state to adopt GDPR implementing legislation, with ZVOP-2 entering into force on January 26, 2023. ZEKom-2 implements the ePrivacy Directive. The national maximum fine of EUR 40,000 is the lowest in the EU, though GDPR-level fines can now be imposed through ZVOP-2.