€39,000 fines for four companies breaking Cookie Law

€39,000 fines for four companies breaking Cookie Law

June 2020 the Spanish Data Protection Authority (AEPD) fined four companies for unlawful use of cookies on their websites.

All company websites used cookies but according to the AEPD failed to inform rightfully about cookies and collect their users’ consent to cookies.

First fine – USED COOKIES WITHOUT USER CONSENT

The Innova Resort S.L. is fined €3.000 for storing analytics and advertising cookies without requesting their users’ consent.

Cookies were stored onto the visitors’ computers without the user carrying out any action. Furthermore, users were instructed to use browser settings to control and delete cookies.

Fine number 2 – NO WAY GIVEN TO SITE USERS TO CONTROL COOKIES

The Garantiza Automoción S.L. has also been fined €3.000 for not presenting users with a cookie banner or cookie pop-up.

Thereby, the website did not provide users with the opportunity to be informed about cookies or to make any choices regarding the cookies which were stored on their computers.

Although the website made a link to a cookie policy available, the mechanism did not give users the possibility to manage their data choices.

Fine number 3 – SETTING UN-NECESSARY COOKIES WITHOUT CONSENT

The AEPD has fined Petrolis Independents S.L. €3.000 for not letting users choose between which cookies to accept and which to reject.

Technically speaking, their cookie policy did not include a mechanism which enabled the control of cookie consents in a granular way.

Furthermore, the cookie policy did not mention that unnecessary cookies were set when the user entered the website without having carried out any action.

And finally – BY USING THE SITE YOU ACCEPT OUR COOKIE POLICY

AEPD fines Twitter €30.000 for their use of cookies.

According to the AEPD, Twitter’s cookie banner states that, by using Twitter, the user accepts the cookie policy.

Twitter provides no further link in the banner on how to reject the use of cookies. Nor are there any information in the pop-up on how to manage or configure data processing options on the Twitter Platform.

Again, cookies are stored on the users’ computers as they enter the site before they have accepted or rejected cookies.

Therefore, AEPD holds that Twitter has violated Spanish Data Protection laws. The AEPD has required Twitter to take appropriate actions within one month.

See our post on: What is classed as a GDPR data breach?

Ensure your website is GDPR and ePrivacy compliant

Create a FREE CookieScan account today and start managing your cookie consent.

Get Started