https://ploum.nl/uploads/Artikelen_en_Track_Records_en_expertise/Privacy/pexels-cottonbro-studio-5474294.jpg

Dutch Data Protection Authority continues its hunt for bad cookie banners

17 Apr '25

Author(s): Lisanne Bruggeman

Cookies remain a key focus area for the Dutch Data Protection Authority ("Dutch DPA"), which oversees privacy regulations in the Netherlands. Early last year, the Dutch DPA already announced that it would start checking more frequently whether websites comply with cookie rules. At the same time, the Dutch DPA published examples of what, according to the regulator, are good and bad cookie banners.

Fines for Kruidvat and Coolblue

The next question, then, is whether enforcement will follow. We can now answer that question with a resounding “yes”. Last summer, it was announced that Dutch drugstore Kruidvat was fined 600,000 euros because the cookie banner on Kruidvat.nl did not comply with the rules. According to the Dutch DPA, Kruidvat placed tracking cookies without website visitors' consent. Last year, Dutch electronics store Coolblue also received a fine of 40,000 euros because it, according to the Dutch DPA, did not properly regulate consent and used pre-ticked boxes.

Dutch DPA continues enforcement

A few months ago, the regulator launched a public campaign to make people aware of cookies and their impact. Late last month, the Dutch DPA submitted a proposal to the minister to take on the entire supervision of cookies. And last week, the Dutch DPA announced that cookie banners will be monitored systematically in the coming years. It says the Dutch DPA will do this by constantly and automatically scanning the cookie banners of 10,000 websites. This week, it became clear that 50 organisations will receive a letter from the Dutch DPA telling them to adjust their cookie banner or stop tracking website visitors. If these are not complied with within 3 months, the Dutch DPA would launch an investigation and the likelihood of a fine would be high. In total, the privacy regulator plans to warn 500 organisations each year.

What often goes wrong?

In practice, we encounter non-compliant cookie banners more often than compliant ones. The following things often go wrong:

  • No consent is sought for the placement of tracking cookies.
  • Pre-ticked boxes are used to seek consent.
  • No clear and understandable information is given about the cookies being set.
  • No full information is given about the cookies that are set, what these cookies do, the purpose of these cookies and the retention period.
  • It is not as easy to reject cookies as it is to accept them. The "Accept" and "Reject" buttons are not placed next to each other.
  • Cookie walls are used and you can only proceed if you first accept tracking cookies.
  • Cookie banners and information are based on US regulations, such as the CCPA, rather than the European GDPR.

Received a letter from the Dutch DPA?

Our privacy team often advises on cookies and has experience with warnings from the Dutch DPA. Please feel free to contact us at privacy@ploum.nl if your organisation has received a letter from the Dutch DPA. We are available to you.

Contact

Attorney at law

Lisanne Bruggeman

Expertises:  Privacy law, IT-Law, Intellectual property rights, Contract law, Litigation,

Share this article

Stay up to date

Click on the plus and sign up for updates on this topic.

Expertise(s)

Met uw inschrijving blijft u op de hoogte van de laatste juridische ontwikkelingen op dit gebied. Vul hieronder uw gegevens in om per e-mail op te hoogte te blijven.

Personal data

 

Company details

For more information on how we use your personal information, please see our Privacy statement. You can change your preferences at any time via the 'Edit profile' link or unsubscribe via the 'Unsubscribe' link. You will find these links at the bottom of every message you receive from Ploum.

* This field is required

Interested in

Personal data

 

Company details

For more information on how we use your personal information, please see our Privacy statement. You can change your preferences at any time via the 'Edit profile' link or unsubscribe via the 'Unsubscribe' link. You will find these links at the bottom of every message you receive from Ploum.

* This field is required

Interested in

Create account

Get all your tailored information with a My Ploum account. Arranged within a minute.

I already have an account

Benefits of My Ploum

  • Follow what you find interesting
  • Get recommendations based on your interests

*This field is required

I already have an account

Benefits of My Ploum

Follow what you find interesting

Receive recommendations based on your interests

{phrase:advantage_3}

{phrase:advantage_4}


Why do we need your name?

We ask for your first name and last name so we can use this information when you register for a Ploum event or a Ploum academy.

Password

A password will automatically be created for you. As soon as your account has been created you will receive this password in a welcome e-mail. You can use it to log in immediately. If you wish, you can also change this password yourself via the password forgotten function.