Penalties for non-compliance with the cookies policy
- 20 December 2021
- Business Consultancy
From October 2020, companies that have a website must adapt their cookie policy to the requirements of Regulation (EU) 2016/679 on the Protection of Personal Data, or RGPD. One of the main new features is the obligation to obtain the data subject's express consent for the processing of their data, not without first informing them in a simple and complete manner of the circumstances of such processing.
As we have already informed you in previous articles, "cookies" are small memory files of various types and with different functionalities that are installed in users' devices. It is essential that companies obtain the user's consent to install their cookies and to do so they must draft their cookie policy, providing detailed information on which cookies are used and for what purpose. This must be done in terms that are easily understood by the user. Phrases such as "if you continue browsing, we understand that you accept our cookies policy" should disappear completely. It is essential that companies obtain the user's prior consent to install their cookies (except for technical cookies), since installing cookies for the mere fact of accessing the website is not allowed either.
It is also important that the "banner" or cookie notice links directly to the cookie policy, and that what is known as a "cookie wall" has not been configured, i.e. that we are forced to accept cookies in order to continue browsing.
We should remember that the GDPR has established a penalty regime that can lead to the imposition of fines of up to 20 million euros, and that the Spanish Data Protection Agency has already initiated almost 200 actions in this area. We highlight the fine of 30,000 euros imposed on Vueling for not requesting users' consent to install cookies, which you can consult here.