All company websites used cookies but according to the AEPD failed to inform rightfully about cookies and collect their users’ consent to cookies.
First fine – USED COOKIES WITHOUT USER CONSENT
The Innova Resort S.L. is fined €3.000 for storing analytics and advertising cookies without requesting their users’ consent.
Cookies were stored onto the visitors’ computers without the user carrying out any action. Furthermore, users were instructed to use browser settings to control and delete cookies.
Fine number 2 – NO WAY GIVEN TO SITE USERS TO CONTROL COOKIES
The Garantiza Automoción S.L. has also been fined €3.000 for not presenting users with a cookie banner or cookie pop-up.
Thereby, the website did not provide users with the opportunity to be informed about cookies or to make any choices regarding the cookies which were stored on their computers.
Although the website made a link to a cookie policy available, the mechanism did not give users the possibility to manage their data choices.
Fine number 3 – SETTING UN-NECESSARY COOKIES WITHOUT CONSENT
The AEPD has fined Petrolis Independents S.L. €3.000 for not letting users choose between which cookies to accept and which to reject.
Technically speaking, their cookie policy did not include a mechanism which enabled the control of cookie consents in a granular way.
Furthermore, the cookie policy did not mention that unnecessary cookies were set when the user entered the website without having carried out any action.
And finally – BY USING THE SITE YOU ACCEPT OUR COOKIE POLICY
AEPD fines Twitter €30.000 for their use of cookies.
According to the AEPD, Twitter’s cookie banner states that, by using Twitter, the user accepts the cookie policy.
Twitter provides no further link in the banner on how to reject the use of cookies. Nor are there any information in the pop-up on how to manage or configure data processing options on the Twitter Platform.
Again, cookies are stored on the users’ computers as they enter the site before they have accepted or rejected cookies.
Therefore, AEPD holds that Twitter has violated Spanish Data Protection laws. The AEPD has required Twitter to take appropriate actions within one month.
See our post on: What is classed as a GDPR data breach?