Spanish Cookie Law Fines First in EUBy: Richard Beaumont | Wednesday, February 5, 2014 | Tagged: Cookie Law Fines, Cookie Notices, Spanish DPA | Leave Comment
The first fines specifically for cookie law compliance failures have been handed out by the Spanish Data Protection Authority. They were given to two companies running a number of jewellery websites, one of which was an online store.
Your can find the details of the decision here (in Spanish, PDF).
It is not entirely surprising that Spain was the first country to impose fines – the DPA is known for handing out more fines than any other European data protection regulator. There is understood to be more cases under investigation there and some are speculating that other countries may soon follow suit.
The key elements of the requirements can be summarised as:
- Information should be sufficiently complete to enable users to understand the purpose/uses of the cookies.
- The site should take into account the likely audience of the site when explaining the uses of cookies, avoiding terminology that would be difficult for the average site visitor to understand.
- They advise also that sites should assume knowledge about the uses of cookies and how to manage them is limited.
- There must be information on how to revoke consent after it has been obtained.
- Information should distinguish between first and third party cookies, and identify the third party organisations that are setting cookies.
There are also detailed guidelines for when and how to obtain consent, but I will leave those for another post for now.