The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) has recently taken action against Dutch websites that place tracking cookies without valid user consent. Tracking cookies are small files that monitor users’ browsing behavior and are often used for targeted advertising. According to the AP, websites must offer users a clear and simple choice to refuse cookies. However, in practice, this is often not the case.
Warning letters and potential fines
The AP has announced that fifty Dutch websites will receive a warning letter this week for unlawfully placing cookies. These websites will have three months to adjust their cookie policies. If they fail to do so, they risk facing fines. The authority emphasizes that the issue concerns not only large companies but also smaller organizations. To determine which websites are in violation, the AP uses an automated system that monitors ten thousand Dutch websites. Monitoring reveals that more than half of these websites are likely violating the law.
Examples of violations
In the past, the AP has already imposed fines on companies that did not comply with cookie regulations. For instance, the drugstore chain Kruidvat received a €600,000 fine for collecting website visitors’ data without their consent. The company placed tracking cookies without informing visitors, leading to the collection of sensitive information. Electronics retailer Coolblue was also fined €40,000 for placing cookies without user consent.
Reactions and policy adjustments
Following the AP’s warnings, five organizations have adjusted their cookie policies. These adjustments followed investigations initiated after user complaints. The AP hopes these actions will serve as a warning, encouraging other websites to update their policies before receiving an official letter.
Consumer association: many websites violate cookie rules
The Dutch Consumers’ Association (Consumentenbond) conducted research into the compliance of popular Dutch websites with cookie regulations. The study revealed that 38 percent of these websites make it more difficult to refuse cookies than to accept them. This practice violates AP guidelines, which state that refusing cookies must be as easy as accepting them.
Political parties also in violation
Political parties are not exempt from scrutiny. Research by NOS showed that parties such as BBB, FVD, SGP, and Volt placed tracking cookies on their websites without obtaining user consent. These cookies were used for targeted advertising, which violates privacy legislation. The AP has expressed shock at these findings and emphasized that political parties must also comply with privacy laws.
Future steps by the AP
The AP plans to inspect five hundred Dutch websites annually for cookie policy compliance. Using automated systems, the authority aims to ensure that websites comply with the law and transparently inform users about cookie usage. Websites that fail to adjust their policies risk fines that can run into hundreds of thousands of euros.
These developments underscore the importance of transparency and compliance with privacy legislation in the digital world. Users must be able to trust that their data is not collected and used without their consent.
