{"id":5698,"date":"2024-11-29T00:00:00","date_gmt":"2024-11-28T23:00:00","guid":{"rendered":"https:\/\/lawwwing.com\/90-000-euros-por-instalar-cookies-sin-previo-consentimiento\/"},"modified":"2025-02-06T14:55:51","modified_gmt":"2025-02-06T14:55:51","slug":"90-000-euros-por-instalar-cookies-sin-previo-consentimiento","status":"publish","type":"post","link":"https:\/\/lawwwing.com\/en\/90-000-euros-por-instalar-cookies-sin-previo-consentimiento\/","title":{"rendered":"90.000\u20ac fines for installing cookies without consent"},"content":{"rendered":"\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>In <strong>2025<\/strong>, fines are still being issued for failing to comply with cookie policies and user privacy on websites. In this post, we take a look at one of these penalties.<\/p>\n\n\n\n<p>In the summer of 2024, the <strong>Spanish Data Protection Agency (AEPD)<\/strong> imposed a <strong>\u20ac90,000 fine<\/strong> on the owner of three domains after identifying multiple breaches in cookie management across three websites. While this ruling was issued several months ago, it serves as an important precedent for understanding what is strictly prohibited regarding cookie implementation. This article provides an overview of the key <strong>technical considerations<\/strong> that must be observed when managing cookies on a website.<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Regulatory violations identified<\/h3>\n\n\n\n<p>A complaint was filed against the entity for <strong>installing third-party cookies without user consent<\/strong> and for <strong>lacking transparency in its cookie policy<\/strong>, in violation of Law 34\/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI).<\/p>\n\n\n\n<p>The AEPD\u2019s investigation examined three websites operated by the same provider and identified compliance failures across all of them. These failures primarily related to the absence of proper consent mechanisms and the lack of clear and comprehensive information regarding the cookies being installed.<\/p>\n\n\n\n<p>On one of the websites, the <strong>AEPD<\/strong> found that upon a user\u2019s first visit\u2014<strong>before providing any explicit consent<\/strong>\u2014the site was already installing <strong>various first-party and third-party cookies<\/strong>. While some of these cookies were <strong>technical<\/strong>, others\u2014whose purpose was <strong>not clearly stated<\/strong> in the company\u2019s cookie policy\u2014<strong>tracked users and collected personal data<\/strong>. This practice directly contravenes Article 22.2 of the LSSI, which requires prior and explicit user consent before deploying any cookies that are not strictly necessary for service provision.<\/p>\n\n\n\n<p>For the second website, a more in-depth technical review revealed that <strong>even when users selected the \"Reject All\" option<\/strong> on the <strong>cookie banner<\/strong>, the site <strong>continued to install third-party cookies<\/strong>. These cookies originated from \u201cmagsrv.com\u201d, a domain classified as an <strong>adware distributor<\/strong>, meaning they <strong>remained active and collected user data<\/strong> for advertising purposes despite the user\u2019s explicit rejection.<\/p>\n\n\n\n<p>On the third website, the cookie banner and policy failed to provide adequate disclosure of third-party cookies. As in the other cases, third-party tracking cookies were implemented without obtaining explicit user consent. Moreover, these cookies remained active on the user\u2019s device even after consent was withdrawn, indicating that the mechanism for revoking consent was ineffective.<\/p>\n\n\n\n<p>According to the LSSI, any form of data processing via cookies requires the explicit consent of the user. In this case, the website operator clearly infringed upon users\u2019 rights to control their personal data. Consequently, the entity was charged with failing to uphold transparency obligations and neglecting proper consent management, with aggravating factors due to intentional misconduct and repeated non-compliance.<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Key takeaways from the ruling<\/h3>\n\n\n\n<p>This case highlights several essential compliance lessons:When a user visits a website for the first time, non-essential cookies must not be installed on their device without prior consent. Websites can be checked for fraudulent cookie installation by <strong>right-clicking and inspecting the page elements<\/strong>.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>The \"Reject All\" option must always be available, and more importantly, it must function as intended. When a user clicks \"Reject All,\" <strong>all non-essential cookies must be effectively blocked<\/strong>.<\/li>\n\n\n\n<li>Website owners must be cautious about the cookies they use. Some cookies belong to <strong>adware distributors<\/strong>, which expose users to <strong>unwanted advertising<\/strong>. Beyond <strong>privacy concerns<\/strong>, this practice violates ethical advertising standards and can damage a website\u2019s credibility.<\/li>\n\n\n\n<li>Cookie banners must provide clear access to the full \"Cookie Policy,\" ensuring that users can easily understand <strong>what data is being collected, for what purpose, and by whom<\/strong>.<\/li>\n<\/ol>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">A call to action for web developers<\/h3>\n\n\n\n<p>For web developers and digital service providers, implementing an effective and compliant cookie management system is crucial. Websites must enable users to <strong>accept or reject cookies clearly and easily<\/strong>, and <strong>non-essential cookies must be immediately blocked<\/strong> when rejected.<\/p>\n\n\n\n<p>Additionally, <strong>cookie policies must provide precise details<\/strong> on the <strong>type and purpose of each cookie<\/strong>, ensuring full <strong>transparency<\/strong> and respecting users\u2019 <strong>digital rights<\/strong>.<\/p>\n\n\n\n<p>By integrating <strong>Lawwwing<\/strong>, businesses can ensure that <strong>their clients\u2019 websites are 100% compliant<\/strong> with both European privacy laws and <strong>consumer protection regulations<\/strong> in the digital environment. Non-compliance can have serious legal and financial consequences do not take unnecessary risks.<\/p>\n\n\n\n<p> The full AEPD ruling, published in August, is available here<strong>.<\/strong><\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Why choose a trusted compliance provider like Lawwwing?<\/h3>\n\n\n\n<p>By partnering with <strong>Lawwwing<\/strong>, businesses gain access to a <strong>highly competitive<\/strong> platform for <strong>cookie banners and privacy policies<\/strong>. As a <strong>Google-certified verified provider<\/strong>, <strong>Lawwwing<\/strong> guarantees that:<\/p>\n\n\n\n<p>The cookie banner functions correctly and complies with regulations.<\/p>\n\n\n\n<p>Cookies remain blocked until explicit user consent is provided.<\/p>\n\n\n\n<p>Users can easily withdraw consent at any time through a visible and accessible mechanism.<\/p>\n\n\n\n<p>Looking for a reliable and professional compliance solution? Lawwwing is the answer.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Installing cookies without user consent is one of the most heavily penalized violations by the **AEPD**. Stay informed and protect your website.<\/p>\n","protected":false},"author":7,"featured_media":6615,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"categories":[364,334,336,337,339],"tags":[360,370,401,363,403,402],"class_list":["post-5698","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-2025-3","category-adware-en","category-cmp-en","category-euros-en","category-sin-categorizar-en","tag-2025-2","tag-aepd","tag-consentimiento-2","tag-cookies","tag-fines","tag-sancion"],"acf":[],"_links":{"self":[{"href":"https:\/\/lawwwing.com\/en\/wp-json\/wp\/v2\/posts\/5698","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lawwwing.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lawwwing.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lawwwing.com\/en\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/lawwwing.com\/en\/wp-json\/wp\/v2\/comments?post=5698"}],"version-history":[{"count":5,"href":"https:\/\/lawwwing.com\/en\/wp-json\/wp\/v2\/posts\/5698\/revisions"}],"predecessor-version":[{"id":6772,"href":"https:\/\/lawwwing.com\/en\/wp-json\/wp\/v2\/posts\/5698\/revisions\/6772"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lawwwing.com\/en\/wp-json\/wp\/v2\/media\/6615"}],"wp:attachment":[{"href":"https:\/\/lawwwing.com\/en\/wp-json\/wp\/v2\/media?parent=5698"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lawwwing.com\/en\/wp-json\/wp\/v2\/categories?post=5698"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lawwwing.com\/en\/wp-json\/wp\/v2\/tags?post=5698"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}