17 Apr '25
Cookies remain a key focus area for the Dutch Data Protection Authority ("Dutch DPA"), which oversees privacy regulations in the Netherlands. Early last year, the Dutch DPA already announced that it would start checking more frequently whether websites comply with cookie rules. At the same time, the Dutch DPA published examples of what, according to the regulator, are good and bad cookie banners.
The next question, then, is whether enforcement will follow. We can now answer that question with a resounding “yes”. Last summer, it was announced that Dutch drugstore Kruidvat was fined 600,000 euros because the cookie banner on Kruidvat.nl did not comply with the rules. According to the Dutch DPA, Kruidvat placed tracking cookies without website visitors' consent. Last year, Dutch electronics store Coolblue also received a fine of 40,000 euros because it, according to the Dutch DPA, did not properly regulate consent and used pre-ticked boxes.
A few months ago, the regulator launched a public campaign to make people aware of cookies and their impact. Late last month, the Dutch DPA submitted a proposal to the minister to take on the entire supervision of cookies. And last week, the Dutch DPA announced that cookie banners will be monitored systematically in the coming years. It says the Dutch DPA will do this by constantly and automatically scanning the cookie banners of 10,000 websites. This week, it became clear that 50 organisations will receive a letter from the Dutch DPA telling them to adjust their cookie banner or stop tracking website visitors. If these are not complied with within 3 months, the Dutch DPA would launch an investigation and the likelihood of a fine would be high. In total, the privacy regulator plans to warn 500 organisations each year.
In practice, we encounter non-compliant cookie banners more often than compliant ones. The following things often go wrong:
Our privacy team often advises on cookies and has experience with warnings from the Dutch DPA. Please feel free to contact us at privacy@ploum.nl if your organisation has received a letter from the Dutch DPA. We are available to you.
15 Apr 25
03 Apr 25
31 Mar 25
28 Mar 25
20 Mar 25
20 Mar 25
12 Mar 25
06 Mar 25
27 Feb 25
26 Feb 25
24 Feb 25
Met uw inschrijving blijft u op de hoogte van de laatste juridische ontwikkelingen op dit gebied. Vul hieronder uw gegevens in om per e-mail op te hoogte te blijven.
Stay up to date with the latest legal developments in your sector. Fill in your personal details below to receive invitations to events and legal updates that matches your interest.
Follow what you find interesting
Receive recommendations based on your interests
{phrase:advantage_3}
{phrase:advantage_4}
We ask for your first name and last name so we can use this information when you register for a Ploum event or a Ploum academy.
A password will automatically be created for you. As soon as your account has been created you will receive this password in a welcome e-mail. You can use it to log in immediately. If you wish, you can also change this password yourself via the password forgotten function.