What we learned after scanning 143 large Dutch company homepages for privacy compliance
Privacy compliance is a critical responsibility for any organization, especially for the most visited and trusted companies. At Nixon Digital, we specialize in helping companies identify and address privacy risks through our tools and expertise. As part of our efforts, we conducted market research using Nixon Lite to assess the state of privacy compliance across major organizations in the Netherlands.
What is Nixon Lite?
Nixon Lite is our free tool that allows organizations to scan a single webpage or URL to identify privacy compliance risks. The tool generates a detailed report that flags issues like high-risk trackers, consent misconfigurations, and third-party domain overload. This one-time scan provides a snapshot of how well a website meets privacy regulations like GDPR.
For this research, we scanned the homepages of 143 of the largest companies in the Netherlands. These companies represent some of the most trusted and frequently visited organizations in the country. The results revealed two key findings that highlight widespread privacy challenges, even among market leaders.
Finding 1: 42.7% of homepages load high-risk trackers before consent
Our research found that 61 of the 143 websites scanned loaded high-risk trackers before user consent was given. These trackers included popular tools like Google Analytics, LinkedIn Ads, and Facebook Pixel, which collect user data as soon as a visitor lands on the page, even if they have not agreed to tracking.
Why this matters
High-risk trackers that load before consent directly violate GDPR requirements and other privacy regulations. These rules require that users provide clear and informed consent before their data is collected or processed.
Allowing trackers to operate without consent creates significant risks for companies, including potential fines, reputational damage, and loss of user trust. The fact that nearly half of the websites scanned failed this basic compliance requirement underscores the importance of proactive monitoring.
Finding 2: 18 companies failed to implement Google Consent Mode V2
Google Consent Mode V2 is an important tool for ensuring compliance when using Google services like Analytics and Ads. It allows websites to respect user consent preferences by adjusting how Google services behave based on whether consent is granted.
However, our research showed that 18 companies (12.6%) of the 143 scanned had not implemented Google Consent Mode V2. This means that user preferences for these services were left unaligned with privacy standards, creating a compliance gap.
Why this matters
These companies are not just ordinary websites. They represent some of the most visited, trusted, and influential organizations in the Netherlands. Without Google Consent Mode V2, these companies risk exposing user data unnecessarily and falling short of GDPR requirements.
For organizations that rely heavily on Google services, failing to implement Consent Mode V2 can have serious consequences. This tool is not just a technical feature: it is a necessary step for demonstrating respect for user privacy and regulatory compliance.
What these findings mean for organizations
Our research highlights a common theme: privacy compliance cannot be a one-time task. It requires continuous monitoring, regular updates, and proactive management to address the risks posed by high-risk trackers, unaligned user preferences, and misconfigured CMPs.
- High-risk trackers: These were present on nearly half of the websites scanned, exposing user data before consent.
- Google Consent Mode V2: Many organizations fail to implement this essential tool, leaving gaps in their privacy management.
- CMP misconfigurations: Even organizations with advanced consent tools are not immune to errors.
These findings serve as a reminder that even the largest and most trusted organizations need to take privacy compliance seriously.
How Nixon can help
At Nixon Digital, we offer solutions that help organizations identify and resolve privacy compliance issues at every stage:
- Nixon Lite is a free tool that provides a detailed, one-time scan of a single webpage or URL. It highlights high-risk trackers, misconfigurations, and other privacy risks, giving organizations an easy way to identify problems.
- The Nixon Platform takes compliance to the next level. It connects to all your websites and pages, runs regular scans, and provides real-time notifications when an issue arises. It also offers actionable insights and helps you assign tasks to the right teams to ensure problems are resolved quickly.
For organizations managing multiple websites, the Nixon Platform simplifies privacy compliance and helps you stay ahead of regulatory requirements.
Managing multiple websites? Book a demo to see how the Nixon Platform can help you streamline privacy compliance.
Frequently Asked Questions
What was the purpose of analyzing the top 150 Dutch websites for AVG compliance?
The analysis aimed to evaluate how well major Dutch websites adhere to AVG privacy rules, particularly regarding cookie consent, data processing transparency, and user rights. By examining the most-visited websites, the study highlights common compliance gaps, identifies best practices, and provides benchmarks for other organizations. These insights help businesses understand where the Dutch digital landscape stands on AVG enforcement and how they can improve their own compliance efforts.
What were the main AVG violations found among these Dutch websites?
The study revealed frequent issues, including setting non-essential cookies before consent, unclear privacy policies, and a lack of equal options for accepting or rejecting cookies. Some websites also failed to provide clear explanations of data usage or lacked easy access to consent management tools. These violations show that despite awareness of AVG rules, many organizations still struggle with implementing full compliance in practice.
How did Dutch websites perform compared to AVG requirements?
While some leading Dutch websites demonstrated strong compliance with transparent policies and effective consent tools, a significant number fell short of AVG’s strict standards. Many sites prioritized user experience over privacy requirements, resulting in pre-consent tracking or insufficient consent choices. The findings suggest a mixed performance overall, with room for improvement in areas like consent granularity, cookie categorization, and real-time privacy preference updates.
What can businesses learn from this AVG compliance study?
Businesses can use the study’s findings as a checklist to assess their own compliance. Key lessons include the importance of implementing clear consent banners, avoiding pre-consent tracking, and making privacy policies easy to understand. Organizations should also conduct regular compliance audits, monitor regulatory updates, and train staff on privacy obligations. Learning from industry trends can help businesses avoid fines and build stronger trust with users.
How can Dutch websites improve their AVG compliance?
To enhance AVG compliance, websites should ensure that all non-essential cookies are blocked until explicit user consent is obtained. Consent banners should offer clear, equal options for acceptance and rejection, along with transparent explanations of each cookie’s purpose. Regular audits, updates to privacy policies, and integration with Consent Management Platforms (CMPs) can further strengthen compliance. Taking these steps not only reduces legal risks but also improves user trust and engagement.
