Blog

Spanish DPA in multiple cookie fines

Spain: AEPD issues four fines for unlawful use of cookies and cookie banners. Here’s what you can do to comply with data protection regulations and prevent fines.

What do Innova Resort, Garantiza Automoción, Petrolis Independents and Twitter have in common?

Well, in June they were all fined by the Spanish Data Protection Authority (AEPD) for unlawful use of cookies on their websites.

All company websites used cookies but according to the AEPD failed to inform rightfully about them and collect their users’ consent.

The Innova Resort S.L. is fined €3.000 for storing analytics and advertising cookies without requesting their user’s consent.

Cookies were stored onto the visitors’ computers without the user carrying out any action. Furthermore, users were instructed to use browser settings to control and delete cookies.

How to solve the issue?

  • Collect your visitors’ consent to cookies.
  • Block cookies until you get consent.
  • Make sure your users can manage cookies directly in your cookie pop-up.

The Garantiza Automoción S.L. has also been fined €3.000 for not presenting users with a cookie banner or cookie pop-up.

Thereby, the website did not provide users with the opportunity to be informed about cookies or to make any choices regarding the cookies which were stored on their computers.

Although the website made a link to a cookie policy available, the mechanism did not give users the possibility to manage their data choices.

How to solve the issue?

  • Get a solid cookie pop-up to inform your users of cookies.
  • Let them know what data you collect and who has access to the data.
  • Provide users with the possibility to manage their own personal data – it pays off in goodwill.

The AEPD has fined Petrolis Independents S.L. €3.000 for not letting users choose between which cookies to accept and which to reject.

Technically speaking, their cookie policy did not include a mechanism which enabled the control of cookie consents in a granular way.

Furthermore, the cookie policy did not mention that unnecessary cookies were set when the user entered the website without having carried out any action.

How to solve the issue?

  • Provide users with options for accepting or rejecting cookies by purpose (e.g. statistic or marketing).
  • Inform your users about cookies in a cookie banner. Be transparent about the data you collect.

#4 – No options to reject cookies

The AEPD fined Twitter €30.000 for their use of cookies.

According to the AEPD, Twitter’s cookie banner states that, by using Twitter, the user accepts the cookie policy.

Twitter provides no further link in the banner on how to reject the use of cookies. Nor is there any information in the pop-up on how to manage or configure data processing options on the Twitter Platform.

Again, cookies are stored on the users’ computers as they enter the site before they have accepted or rejected cookies.

Therefore, the AEPD holds that Twitter has violated Spanish Data Protection laws. The AEPD has required Twitter to take appropriate actions within one month.

How to solve the issue?

  • Provide users with an option to reject cookies if they want.
  • Block cookies until you have obtained consent to cookies.
  • Provide access to your site/content also when users reject cookies – cookie walls are unlawful.
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on email
Email
We have already helped more than 2,500 clients

Start your free trial

No credit card needed

client_logos

Not Sure Yet?

Get a free compliance check to see if you need a consent solution.