This – according the Spanish Data Protection Authority – is a violation to Article 22.2 of the Law on Information Society Services and Electronic Commerce (LSSI).
Consent to cookies is implicit in the Vueling cookie consent banner leaving users with no real choice on cookies and data privacy.
Moreover, third-party cookies are collecting the user’s personal data even before the user accepts cookies.
Why did Vueling get fined for using cookies?
When entering the Vueling website, you first see is a classic cookie consent pop-up.
Every single cookie on Vueling.com is already set in the user’s browser and has begun tracking before the user accepts cookies and/or continues browsing the site.
In other words, the user is forced to give consent (to get rid of the banner) and does not have the possibility to decline tracking cookies.
AEPD specifies that Vueling does not provide users with any access to a Consent Management Platform or cookie configuration tool for refusing cookies, and thereby cannot claim to collect valid consent.
Thereby, Vueling is in violation with article 22.2 of the LSSI.
“Service providers may use data storage and retrieval devices on terminal equipment of the recipients, provided that they have given their consent after they have been provided with clear and complete information about their use, in particular, about the purposes of data processing.”
Spanish Airline Vueling receives a €30.000 cookie fine which – if paid voluntarily – can be reduced by 20% (to €24.000), and if paid within a granted period would be reduced further to €18.000.
How can your website avoid same fine?
EU and national Data Protection Authorities are on the move to secure EU citizens’ online privacy.
For now, French, German and English cookie requirements have been updated to clarify the rules set forth in the ePrivacy (cookie law) and the General Data Protection Regulation (GDPR).
When operating a website (private or company), you are responsible for the collection of consents to cookies and other tracking technologies.
This also applies for third-party cookies like Google Analytics, Facebook Pixel, YouTube etc.).
Here’s a short checklist to check if your website is compliant.