The Spanish Data Protection Authority hands Vueling Airlines large fine for using cookies on their website without their users accept. See how your website avoids the same fine.
This – according the Spanish Data Protection Authority – is a violation to Article 22.2 of the Law on Information Society Services and Electronic Commerce (LSSI). Consent to cookies is implicit in the Vueling cookie consent banner leaving users with no real choice on cookies and data privacy. Moreover, third-party cookies are collecting the user’s personal data even before the user accepts cookies.
Why did Vueling get fined for using cookies?
“At no time can the user
In other words, the user is forced to give consent (to get rid of the banner) and does not have the possibility to decline tracking cookies.
AEPD specifies that Vueling does not provide users with any access to a Consent Management Platform or cookie configuration tool for refusing cookies, and thereby cannot claim to collect valid consent.
Thereby, Vueling is in violation with article 22.2 of the LSSI.
Article 22.2 of the LSSI:
“Service providers may use data storage and retrieval devices on terminal equipment of the recipients, provided that they have given their consent after they have been provided with clear and complete information about their use, in particular, about the purposes of data processing."
Vueling is fined €30.000 which – if paid voluntarily - can be reduced by 20% (to €24.000), and if paid within a granted period would be reduced further to €18.000.
What can you do to avoid the same fine?
EU and national Data Protection Authorities are on the move to secure EU citizens’ online privacy. For now, French, German and English cookie requirements have been updated to clarify the rules set forth in the ePrivacy (cookie law) and the General Data Protection Regulation (GDPR).
When operating a website (private or company), you are responsible for the collection of consents to cookies and other tracking technologies (also for third-party cookies like Google Analytics, Facebook Pixel, YouTube etc.).
"To avoid the same fine,
start by revising your
cookie consent solution"
To avoid the same fine as Vueling, start by revising your cookie consent solution.
- Does your cookie pop-up collect – and store – your users’ consents?
- Are pre-ticked boxes un-checked for cookies (as required in the GDPR)?
- Does your cookie pop-up block cookies before consent is obtained?
Get A free assessment of your website's cookie compliance level
If you would like to test your website's cookie compliance, fill the form in the right sidebar. You can also use the link here:
Link: Test your website
Or you can book a meeting with our compliance experts:
Link: Book a meeting
Cookie Information provides websites with a Consent Management Platform to secure that companies comply with current EU data protection regulations (ePrivacy and GDPR).
If you have any questions about our solution or how you can become GDPR compliant, do not hesitate to contact us.
Book a meeting with one of our compliance experts and we can discuss how your website can comply with ePrivacy and GDPR concerning cookies.