Political parties violating privacy law with tracking cookies

Various political parties violate the privacy law by placing tracking cookies without permission, NOS found after researching the 17 political parties with a chance of parliamentary seats on the Peilingwijzer poll. The BBB, FvD, SGP, and Volt committed the most evident violations of the cookie and privacy law, according to the broadcaster.

These four parties place marketing cookies on visitors to their websites even before the window pops up asking for permission to place cookies. Since 2012, placing these types of tracking cookies has only been allowed with the user’s consent.

“These parties violate the rules by loading advertising systems that are intended to reach people at a later stage,” cookie expert Rob van Eijk told NOS. That means a party can later lure visitors back to their site with personalized advertisements, for example, on YouTube or a news site.

The Dutch Data Protection Authority (AP) sent a letter to all parties at the start of the election campaign to alert them to the cookie and privacy rules. “And then there are still four parties where the NOS finds tracking cookies, which shocks us,” a spokesperson said. “Using tracking cookies without someone’s permission is absolutely not allowed. We want clarification from these political parties.”

The BBB, FvD, and Volt told NOS that it was a mistake and that they weren’t deliberately violating privacy law. The SGP could not be reached for comment. “We are going to find out what went wrong,” BBB secretary Henk Vermeer told the broadcaster.

An FvD spokesperson said: “We have spent a lot of time making our website GDPR compliant. We are not aware of this error.” The FvD will fix the problem.

Volt, which placed Google tracking cookies on its webshop, has taken the front page offline while it fixes the problem. “We are already in the process of making the sites completely cookie-free.”

Multiple other parties load information from sites like Twitter, LinkedIn, and YouTube, allowing those sites also to place cookies with users. D66, NSC, ChristenUnie, CDA, 50Plus, and DENK all load external cookies this way. D66 and CDA told NOS they would solve the problem quickly.

“In 2023, it is clear that this is not appropriate. If you want to do it properly, you should only do it if people have permitted it,” cookie expert Van Eijk said. These external cookies allow “companies such as Google and Twitter to monitor surfing behavior on those websites. That is sensitive information because it concerns political preference.”

Thirteen of the 17 political parties surveyed also use Google Analytics, which is under fire for privacy concerns. Bij1 is the most careful - the party doesn’t even place cookies to count visitors, which is allowed without permission.

For this story, NOS examined the websites of the 17 political parties with a seat in the Peilingwijzer poll. For GroenLinks-PvdA, the broadcaster also checked the individual sites of GroenLinks and the PvdA.