Today I filed a complaint against ING Bank because their website is violating the GDPR.

Their cookie settings should protect my privacy by default. Tracking and marketing cookies should be opt-in. But that’s not what they implemented. They enable all tracking by default and I actively have to opt out of tracking or I will get tracked.

People, you guys are a BANK. Aren’t you making enough money already? WHY? Why do you think you need marketing cookies?? I don’t want you guys to share all my website activity with Google and Facebook by default. It is WRONG. To add insult to injury, they print the highly misleading text telling their customers that the website ‘works best’ when you allow them to track you and share your details with Google et al. Really ING??

Filed a complaint with the dutch Personal Information Authority (Autoriteit Persoonsgegevens). It includes this screenshot:

If you see Dutch websites doing this, do the same please! Complain and make them change it.