Privacy regulators are not just alert. They are in motion. Fast. In recent weeks, authorities in the Netherlands and the United Kingdom have stepped up enforcement around one thing: websites that collect and share customer data without proper consent.
This is not some distant problem. It is happening now. And for many companies, the real risk is not just legal. It is reputational.
Unintentional data sharing is more common than you think
At Nixon Digital, we recently used our Privacy Audit tool to scan over 200 websites across different industries. What we found was alarming: most websites shared customer data with third parties before obtaining valid consent. In most cases, this was unintentional. But that does not make it any less risky.
Many businesses use marketing tools, conversion scripts, or content personalization features to enhance the user experience. However, these tools often introduce third parties into the data flow. That means customer data is being shared, tracked, and sometimes even monetised long before consent has been given.
And that is exactly where the problem lies.
Authorities are done waiting
Regulators are no longer sending polite warnings. They are acting.
- In the Netherlands, the Data Protection Authority (AP) issued warnings to 50 organisations using misleading cookie banners
- The UK’s ICO launched an investigation in January into the country’s top 1,000 websites
And they are not just looking at cookie banners. They are looking at what happens under the hood: what data is really being collected, by whom, and when.
Tracking is no longer visible. That is the danger.
Modern tracking methods have moved far beyond cookies. Technologies like fingerprinting collect detailed information such as:
- IP address
- Browser and device characteristics
- Type of website visited
- Even the specific product a user looked at (for example, a pair of glasses on an optician’s site)
This creates detailed user profiles, often without the user’s knowledge and consent. This is no longer about poor UX design or missing cookie banners. It is about stealth data capture, and regulators are laser-focused on stopping it.
From risk to reality: Coolblue and AS Watson faced consequences
This is no longer hypothetical. Coolblue received a fine for placing cookies without valid consent. AS Watson, parent company of Kruidvat, was also sanctioned for privacy violations. These are not minor issues. These are headline-grabbing enforcement actions.
While the financial hit is painful, the long-term brand damage is even worse. Once lost, trust is hard to win back.
How can you stay in control? Start with visibility.
We get it. You cannot manage what you cannot see. That is why we built the Privacy Audit Tool at Nixon Digital.
With this tool, you can scan your entire website to get an instant overview of your data exposure. It’s a fast and simple way to understand how your site handles cookies and trackers. Want to give it a try? You can scan up to 5 pages for free. It only takes two minutes.
- Instant results
- Easy to use
- No technical setup
Whether you are a Data Protection Officer, a compliance lead or a digital marketer, this tool helps you pinpoint where your site may be violating privacy rules, before a regulator does.
Start here: www.nixondigital.io/lite
Real action. Real data. Real consequences.
Our scan of 200+ websites confirms what regulators are seeing: There is a widespread gap between intention and execution. Companies want to protect user privacy, but many are unknowingly failing to do so.
This is your moment to take back control. Start by running a free scan with the Nixon Privacy Audit Tool and see how your website measures up.
Sources and background reading
- NRC: No reject button but cookies placed anyway? That means a fine
- Dutch DPA: 50 organisations warned for misleading banners
- ICO UK: Top 1,000 websites under investigation
- Norwegian DPA: Enforcement on fingerprinting
- AVROTROS Radar: How cookie banners should actually work
- IPWatchdog: Rise of cookie banner lawsuits in the US
- AP ruling: AS Watson decision
- AP ruling: Coolblue decision
- Nixon Digital LinkedIn: Audit insights from over 200 websites
