DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

🇳🇱 European Union

Cookie consent in Nederland

Consent and privacy law in Nederland

In short
The Dutch DPA, the Autoriteit Persoonsgegevens, has been notably firm on cookie walls and on banners that nudge users toward accepting. The AP has publicly stated that cookie walls which deny access unless tracking cookies are accepted are not lawful, because consent must be freely given. Cookie rules sit in the Dutch Telecommunications Act, which transposes the ePrivacy storage rule and requires prior opt-in for non-essential cookies. The AP has run enforcement sweeps on websites using deceptive banner design and expects an equally easy reject path. It also stresses that analytics set without consent generally remain unlawful unless they meet a narrow exemption.
Authority
Autoriteit Persoonsgegevens (AP)
Status

GDPR applies since 25 May 2018, with the UAVG implementing act

Primary law
GDPR
Languages

nl

Who must comply

Any organization that offers goods or services to people in the EU or monitors their behavior, wherever the organization is based.

Penalties

Up to 20 million euros or 4 percent of global annual turnover, whichever is higher

Key obligations

  • Obtain prior, opt-in consent before non-essential cookies
  • Make refusing as easy as accepting
  • Keep records that prove consent
  • Honor withdrawal at any time
  • Respect data subject rights (access, erasure, portability)

Local guidance

  • Do not use cookie walls that deny access unless tracking is accepted
  • Apply the Dutch Telecommunications Act for cookie consent
  • Make rejecting as easy as accepting and avoid dark patterns
  • Treat most analytics as requiring consent unless a narrow exemption applies

How ConsentX helps

  • Prior-script blocking for true opt-in
  • Equal-weight Allow and Reject controls
  • Tamper-evident consent receipts and evidence
  • One-click withdrawal trigger
  • Built-in DSAR workflow with 30-day SLA
Get started free
yoursite.com
🇳🇱 Netherlands

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with Netherlands using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under Netherlands.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that Netherlands requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a Netherlands audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Are cookie walls legal in the Netherlands?+

The AP considers cookie walls that block access unless tracking cookies are accepted to be unlawful, because consent obtained that way is not freely given.

Which law governs cookies in the Netherlands?+

Cookies are governed by the Dutch Telecommunications Act, which transposes the ePrivacy storage rule and requires prior opt-in consent for non-essential cookies, alongside the GDPR.

Governing law

🇪🇺 GDPR

Other countries in European Union

🇩🇪 Deutschland🇫🇷 France🇪🇸 España🇮🇹 Italia🇧🇪 België / Belgique🇵🇱 Polska🇵🇹 Portugal🇸🇪 Sverige🇦🇹 Österreich🇮🇪 Éire / Ireland🇩🇰 Danmark🇫🇮 Suomi