On August 6th, 2020, the Spanish authorities imposed a €3000 penalty on GROW BEATS SL, a company specializing in the sale of headphones and earphones, for non-compliance with the principles related to the deposit of cookies.

The Spanish authority found a lack of information regarding the deposit of cookies on the company’s website.

This decision of the Spanish authority allows us to identify the following essential points for a policy of cookies compliant with GDPR :

  • The purpose of the deposit of cookies must be specified or accessible via the cookie pop-up.
  • The characteristics of the cookies deposited and their lifespan must be indicated in the cookie settings screen.
  • For third party cookies (identity of the third parties depositing the cookies and types of cookies), a complete information must be provided.
  • The Internet user must be able to refuse all cookies as easily as to accept them.

The cookie does seem to be one of key subjects of the next months. If we look beyond the amount of the fine, this is the first decision sanctioning the lack of information relating to cookies. It could soon pave the way for other decisions, particularly in France.

https://www.dataguidance.com/news/spain-aepd-fines-grow-beats-€3000-unlawful-cookie-practices