Belgian business receives €15K cookie fine

Blog
Oliver Fich
Bittersweet Christmas present from the Belgian Data Protection Authority (BDPA) to a small company specialized in legal information. First Belgian fine for unlawful use of cookies. Here are 7 quick tips to avoid the same fine.
Table of Contents

Small company fined for unlawful use of cookies

On December 17, 2019, the Belgian Data Protection Authority (BDPA) handed the small Belgian company Jubel.be – who operates a website with legal information – a fine of €15.000 for unlawful use of cookies.

Interestingly, this time the BDPA did not act based on a filed complaint but carried out their investigation on its own initiative.

In its decision, the BDPA fined Jubel.be because:

  • They did not provide sufficient information about the cookies used on the website (e.g. list of cookies used; their purpose, lifespan; or a list of third parties). Furthermore, the cookie policy was only available in English, although the website targeted French and Dutch-speaking readers;
  • The website did not provide any opt-out option for certain types of cookies (including first-party cookies);
  • There was no easy way for users to withdraw consent when first given.

Belgian Data Protection Authority sets example

In a press announcement to Belgian website standaard.be, the BDPA confirms that the intent of the investigation and fine was to set an example, pointing to the exemplary role that a legal information website should play.

In the same instance, the BDPA argued that most websites in Belgium are unlikely to comply with the rules as prescribed in this case.

"Sites must be well aware that they have serious obligations. There is an information obligation for cookies, even if they come from third parties."

Dispute Chamber Data Protection Authority

What is remarkable with this fine is, that it is a small website with approx. 35.000 visitors a month who is the first to receive a fine for unlawful use of cookies in Belgium.

The BDPA sends a clear message that it is not only the big players who are targeted, but every company must comply with the GDPR for cookies.

How to avoid the same cookie fine?

7 quick tips to avoid a cookie fine

  • To collect valid consent, you need a cookie consent solution (banner) which:
  • Informs your visitors of cookies (list of cookies; their purpose; lifespan; list of third parties);
  • Provides your visitors with the option to decline cookies (opt-out);
  • Holds back cookies before consent is obtained;
  • Does not assume consent with pre-ticked boxes;
  • Gives your users the possibility to give consent to specific cookie categories (e.g. functional, statistical or marketing);
  • Provides an easy way to withdraw consent to cookies;
  • Collects and stores consents for 5 years (in case of inspection by DPA).

Unsure whether your cookie consent solution collects valid consent?

Get a free and professional assessment of your website’s cookies. You’ll have the results within four working days.

Free compliance check

Or dig deeper into topics such as: