Skip to main content

Facebook pages Dutch Government pose privacy risks and use a misleading cookie statement

Facebook does not make sufficiently clear what it does with citizens’ data on government pages. It is also unclear how the platform determines which posts users see in their news feed. This emerged Friday from research commissioned by the Dutch Ministry of Internal Affairs.


The Dutch Privacy Company assessed in a so-called Data Protection Impact Assessment (DPIA) whether there are privacy risks for citizens in data processing on government pages on Facebook. For example, the researchers looked at the risk in the use of cookies. They also looked at whether citizens are adequately informed about how Facebook processes their data.

The researchers found seven high risk and one low risk. Among other things, Facebook does not make sufficiently clear what it does with citizens’ data on government pages. Nor is it clear how the platform determines which posts visitors see in their news feed.

Government pages on Facebook pose privacy risks and use misleading cookie consent, according to Dutch ministry

Cookie Consent Manager | Take a 2 week free trial

Take a 2 week free trial for our paid plans or create a free account …

Create an accountView our plans

Facebook presents an incomplete cookie policy

Privacy Company also concludes that Facebook uses cookies in a misleading way. The platform collects data about users’ behavior, but then does not provide sufficient insight into what happens to that data. For example, the company uses it to show personalized messages and ads. There are also concerns about the transfer of personal data to third parties.

The ministry says it is in talks with Facebook parent company Meta as a result of the investigation. “If the risks are insufficiently removed, there is no other option than to stop the use of Facebook pages by the government,” writes State Secretary Alexandra van Huffelen (Digitalization).

A spokesperson for Meta commented that in the platform’s view, Facebook pages comply with the AVG, the Dutch version of the GDPR. “This report is inaccurate and does not properly reflect how our policies and tools work. Additionally, the report misinterprets important aspects of the law.” The company says it remains in talks with the government.

CookieFirst

Get consent before loading third party tracking scripts

CookieFirst aims to make ePrivacy and GDPR compliance easy and quick to implement. The CookieFirst platform offers third-party script and consent management, statistics, periodic cookie scans, automated cookie declaration, banner customization, multiple language options, and more. Avoid large fines and get consent before loading third-party tracking scripts — try CookieFirst!