On 11 June 2026, the Belastingdienst switched off Adobe Analytics after behavioural data from its websites was sent to Adobe without consent. The Autoriteit Persoonsgegevens was informed, a datalek notification was filed, and similar tools are now being reviewed.
Why this matters
Analytics is more than a dashboard. It is a live data flow with consent, contracts, records, and breach duties. When the cookie statement and the live site drift apart, trouble starts. Fixing it takes staff time, vendor access changes, and cash planning.
Example
A small online retailer wants better figures before a sales push. One web agency adds a tag manager, an analytics tool, and a marketing pixel. Months later, the payment supplier adds a script. Meanwhile, the privacy statement still mentions basic website statistics. The owner must check consent, supplier access, and who can add the next tag. That same drift can appear on booking pages, client portals, payroll uploads, tax files, and login areas.
XTROVERSO tips
- Give the website one owner. Assign one person who knows which scripts run on the public site, checkout, portal, booking flow, and recruitment page. That person should be able to question the agency, marketing team, and software suppliers.
- Scan the live site. Run a fresh cookie and tracker scan. Compare it with the cookie statement, privacy statement, consent banner, and vendor list. Record every tool, purpose, supplier, and recipient.
- Check what runs before consent. Look at analytics, pixels, heatmaps, chat tools, embedded media, booking widgets, and payment scripts. If consent is needed, the tool should not run early.
- Clean the tag manager. Remove old campaign tags, unused tools, and former agency access. Keep a change log. A small stack is easier to explain than a crowded dashboard.
- Treat sensitive journeys with extra care. Use stricter review around login pages, payment flows, client documents, payroll files, tax records, applications, and uploads. Analytics near these journeys can carry more risk.
- Keep an evidence file. Store scans, settings, consent categories, processor terms, decisions, and review dates in one place. Do this before pressure arrives.
Want a practical check of your website analytics, cookies, and vendor file?
The data, sourcing, and analysis behind this article were conducted by Paolo Maria Pavan. AI was not used to identify sources, build the factual basis, or produce the analytical judgment contained here. AI was used only as a drafting aid. The final English text was personally reviewed, edited, and approved by Paolo Maria Pavan before publication.
References
- Rijksoverheid - Kamerbrief Digitale autonomie bij de Belastingdienst
- Rijksoverheid - Digitale autonomie prioriteit voor Belastingdienst
- Wettenbank - Telecommunicatiewet artikel 11.7a
- Rijksoverheid - Mag een website ongevraagd cookies plaatsen?
- Belastingdienst - Cookieverklaring belastingdienst.nl
- Belastingdienst - Cookiebeleid werken.belastingdienst.nl
- Rijksoverheid - Handleiding Algemene verordening gegevensbescherming


