Following an investigation by the Spanish Data Protection Authority (AEPD) into complaints made against a publishing company Scriptorium Ediciones Limitadas, S.L., AEPD settled with the publisher in the form of a public resolution regarding the publisher’s failure to comply with the Spanish cookies law.
The publisher’s website was found to use a variety of cookies but not display an appropriate cookies statement in accordance with law 34/2002 of Information Society and Electronic Commerce Services Act (the Act).
Whilst the statement on the website did indicate that cookies were used to “improve a user’s browsing experience” there was no transparency about the other uses that cookies were being put to in terms of monitoring, tracking and analytics.
Whilst the publisher was found to be in breach of the law, no fine was issued by AEPD because of the publisher’s prompt collaboration with AEPD and its undertaking to implement appropriate changes to the website cookie statement.
Although Data Protection Regulators have been relatively slow to enforce the cookies law there is every need to ensure that websites contain transparent cookie notices and appropriate consent mechanisms otherwise personal data collected without compliance with the cookies law is processed unlawfully.