See my comment. My hypothesis is: ignorance and apathy that results in incompetence.

Using GA4 is just the normal thing right?

Look in a room full of marketing experts and they will say yes or shrug.

Look in a room full of tech people and you'll see all security experts and security adjacent people screaming HELL NO or simply giving a nuanced answer that ultimately comes down to "no". Some will do funny little dances, some probably even just praying to a sun or rain god because they just lost it at that comment. I know I would.

To answer: no GA4 is not just the normal thing. There is no normal. It's the dominant thing and it invades privacy like hell and the whole thing needs to be thought about in a different way. I'd advice almost everyone to stop smoking that Google crack pipe and roll your own or find an analytics friendly vendor.

Yea I got a bit rhetorical there, apologies for being a bit fed up with this situation.

> Stichting 113 has temporarily disabled all measurement and analysis tools.

It seems that it is only temporary.

> “We realize that visitors must be able to trust that their privacy is protected and regret that concerns have arisen regarding this.”

They also regret that "concerns have arisen". No other regrets have been mentioned.

> What I am not understanding is the case of why, why would dutch government or website do this, is it out of honest mistake/(incompetence?) or malice. There are so many competent & great dutch engineers and engineers in general, I refuse to believe that they couldn't find anyone ethical enough to take extra care regarding GDPR and sensitivity of the data in general.

Ask 100 random developers to setup a website, and to make sure the website owner should be able to see how many people visit the website, and probably 90 of those developers will default to setting up Google Analytics, just by "instinct".

People generally just continue with whatever they've learned, not revisiting the default choices they make, and it's been ingrained over decades that "Google Analytics is the best way to optimize your sales funnel" or whatever the marketers drink nowadays, so it'll take some time for these folks to revisit their decisions.

> What I am not understanding is the case of why, why would dutch government or website do this, is it out of honest mistake/(incompetence?) or malice.

When it comes to companies' wrongdoing, I'm starting to not care whether it's incompetence or malice anymore. When money and/or lives are at stake, incompetence is shaped like malice. We need to have a new word for this kind of "deliberate stupidity" and punish it just like we punish intent to do wrong.

I think it's more incompetence than malice. It's just such a standard thing for engineers to throw analytics tracking in every website/product they build. Although I am surprised not one person realised this might be a bad idea given the sensitive nature of the site.

> Though, not at places that have such a strong social mission as this one.

That's the shameful thing really. Yeah it's pretty common to have (GDPR violating) cookies and 'share all analytics' settings on by default with "privacy is very important to us" statements on the website. As "one of those guys" I see this all the time. For a commercial business it's just eye rolling, but these kinds of social good companies really should be held to a higher standard. With that standard just being "privacy by design please".

The websites' feedback form gave me a "try again in !minutes" error so frankly I think the dev team is malicious by incompetence. It's a very pretty site though, so at least there's that.