AEPD (Spain) - PS/00118/2021: Difference between revisions
(→Facts) |
m (Ar moved page AEPD (Spain) - PS-00118-2021 to AEPD (Spain) - PS/00118/2021) |
Latest revision as of 12:58, 13 December 2023
AEPD (Spain) - PS-00118-2021 | |
---|---|
Authority: | AEPD (Spain) |
Jurisdiction: | Spain |
Relevant Law: | Article 22.2 of the Act on Information Society Services and Electronic Commerce |
Type: | Complaint |
Outcome: | Upheld |
Started: | |
Decided: | 07.06.2021 |
Published: | 16.06.2021 |
Fine: | 1200 EUR |
Parties: | Radio Popular S.A. |
National Case Number/Name: | PS-00118-2021 |
European Case Law Identifier: | n/a |
Appeal: | Not appealed |
Original Language(s): | Spanish |
Original Source: | AEPD (in ES) |
Initial Contributor: | n/a |
The Spanish DPA (AEPD) fined a radio station €2000 (reduced to €1200) for failing to provide a link to its cookie policy in their cookie banner and for installing cookies that are not strictly necessary on user devices without obtaining prior consent.
English Summary
Facts
A data subject filed a complaint against a radio company stating that "when accessing their website (www.cope.es), it is impossible to reject cookies". When the website loaded, a banner informing users that cookies were being used on the site and containing a link to the configuration panel was displayed. However, no link to the actual cookie policy was provided, and the user could not access the cookie policy before accepting the cookies.
Furthermore, non-strictly necessary cookies for the functioning of the website were installed on the user's device before consent was obtained, such as:
- _cb: analytical cookie that stores the unique identifier for chartbeat tracking (tool for real-time website metrics analysis) (1 year active)
- _chartbeat2: analytical cookie used to store statistics on the number of visits per year (30 days active)
- _ga: analytical cookie used to distinguish between users of the website (2 years active)
- _cb_svref: analytical cookies used to store the origin of the visitors (active during session)
- _cb_ls: analytical cookie used for the analysis and control of active users' navigation (1 year active)
- web_gid: analytical cookie used to distinguish users (active 24 hours)
Holding
The Spanish DPA (AEPD) found that the controller was installing unnecessary cookies before asking for the consent of the user, what violated Article 22(2) of the Act on Information Society Services and Electronic Commerce (implementing the e-Privacy Directive). The controller should have sought the consent of the users before installing such cookies.
Additionally, the controller also violated the same Article by not providing enough information about the processing of such cookies, as the users could not directly access the cookie policy. The cookie banner should have included a direct link to such policy, or it should have been available in the second layer. The user should have been able to access the information before providing consent.
The AEPD held that therefore the controller had violated Article 22(2) of the Act on Information Society Services and Electronic Commerce and fined the controller €2000, that were reduced by 40% to €1200 due to timely payment and admission of guilt.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Spanish original. Please refer to the Spanish original for more details.
1/11 Procedure No.: PS / 00118/2021 RESOLUTION R / 00436/2021 OF TERMINATION OF THE PROCEDURE FOR PAYMENT VOLUNTARY In the sanctioning procedure PS / 00118/2021, instructed by the Spanish Agency for Data Protection to RADIO POPULAR S.A., considering the complaint presented by A.A.A., and based on the following, BACKGROUND FIRST: On May 10, 2021, the Director of the Spanish Agency for Data Protection agreed to initiate a sanctioning procedure against RADIO POPULAR S.A. (hereinafter, the claimed), through the Agreement that is transcribed: << Procedure No.: PS / 00118/2021 935-240719 AGREEMENT TO START THE SANCTIONING PROCEDURE Of the actions carried out by the Spanish Agency for Data Protection before the entity, RADIO POPULAR S.A. with CIF .: A28281368, owner of the website, https://www.cope.es/, (hereinafter, “the claimed entity”), by virtue of the claim filed by D.A.A.A. (hereinafter, "the claimant"), for alleged violation of data protection regulations, and taking into account the following: FACTS FIRST: On 10/19/20, the claimant sent this Agency a written statement of claim, stating, among others, the following: "When accessing the web it is impossible reject cookies ”. SECOND: On 12/04/20, this Agency sent a request informative to the claimed entity, in accordance with the provisions of article 65.4 of Organic Law 3/2018, of December 5, on the protection of personal data and guarantee of digital rights, (hereinafter "LOPDGDD"). THIRD: On 01/13/21, the claimed entity submitted a written statement of answer in this Agency, in which, among others, it indicated the following: "What, COPE, following the recommendations of the" Cookies Guide ", whose update was published on July 28, has implemented a vendor CMP Quancast, as of August 3, and has followed the recommendations of IAB EUROPE in accordance with TFC 2.0, showing its adequate commitment and diligence with regarding compliance with data protection regulations. Likewise, COPE has carried out an exhaustive analysis of all the cookies in operation and has verified that despite having implemented the TFC 2.0 system some cookies, contrary to what the providers themselves pointed out, they continued downloading, so it has proceeded to implement additional measures that guarantee the non-use of these until, indeed, the user consents to the treatment and discharge of these. This implementation process began in July, C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 2/11 being finalized in August, thus complying with the times indicated in the Guide. That as a consequence of this claim it is again verified that the mechanism detecting that some cookies continued to download despite have the consent and transparency framework, and what is indicated by the own vendors, so we proceed to implement additional parameters to the TFC 2.0, through Javascript, blocking advertising cookies from providers such as They are: Sedtag, Facebook Connect, Insurdads, Teads and Outbrain, Google Tag Manager, etc. Attached as evidence, examples of the technical code implemented for guarantee the necessary affirmative action for the use of said cookies. (ANNEXED I). That for the implementation of the entire configuration system it has been taken into takes into account the recommendations and criteria of IAB EUROPE, a body that we have considered diligent, taking into account the close relationship with the control authorities, even participating in the preparation of the "Cookie Guide" published by this authority, as well as the integrated and recognized vendors within the IAB EUROPE transparency and consent framework itself. (ANNEX II) That in accordance with the criteria provided by the integrated vendors themselves in TFC 2.0 every effort has been made to comply with the regulations, allowing us to use certain cookies of vital importance for the survival of our environment. Thus, for example, the cookie used by Comscore, is download to the user's terminal equipment, but is nevertheless subject to the acceptance of this for the collection and processing of information. Attached is the explanatory document of the operation provided by the "vendor" in which the indicates how different parameters are granted based on their actions (1 consent, 0 no consent, null no action), capturing and treating the information only if consent is granted and therefore the cookie integrates the "parameter 1". In this way, and despite the fact that the download occurs effectively, such a device would not capture information without the consent of the Username. (ANNEX III and IV). Likewise, we have Google analytical cookies, implementing the criteria indicated for the correct adaptation and implementation in TFC 2.0, of in accordance with the following instructions which, likewise, will only be used if the user provides their effective consent. These cookies will be used with the purpose of extracting aggregate statistics that will serve us to objectively measure web traffic by checking the number of real users, in order to ensure that the statistics used by Comscore, a provider that allows us to monetize the advertising, are real and errors are not occurring whose consequences at the level business are of great importance. It has been implemented with the window variable 'gtag_enable_tcf_support'] = true. Following the instructions of https://support.google.com/analytics/answer/10022331?hl=es to comply with the IAB v2, as can be seen in annex V. In addition to those previously mentioned, our website uses an analytical cookie technique of the first part (Chartbeat), whose functions consist in determining the C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 11/3 number of users in real time (session cookie) within the web, allowing ensure security against a possible DDDOS attack, or detect possible traffic unusual, as well as the purpose of allowing us to visualize which news of those included in the website have more traffic in order to analyze the self-interest of our readers in published content. This cookie will only process information aggregate of a certain number of users that, in no case, will allow individualize or identify them. Although these cookies have the definition of "Analytics", taking into account the activity sector, are really necessary and fundamental for the use of the website, as well as for the survival of the environment, since intrinsically it is necessary to know how Users interact with the information, as has always happened in the media traditional communication. This criterion is followed in the same way by all the major media outlets. national communication using cookies of this type in a similar way, In such a way that an application contrary only to our case, would suppose a serious economic impairment, generating an unattainable inequality for our company. Being aware that the LSSICE 34/2002 applies to the Regulation General Data Protection, as it is a special rule, We understand that such data processing could be based on a clear interest legitimate in accordance with article 6.1. f) and recital 47 of the Regulation General Data Protection 679/2016, by our company, having taking into account the low relevance for the privacy of those affected, as well as the service of clear interest to the users we provide. That also the rest of the cookies, have been blocked with mechanisms additional to the implementation of TFC 2.0. not being able to guarantee, as if it happens with Comscore, that the information will not be processed. Despite the fact that through implementation of TFC 2.0 should now work correctly and no capture of any type of information, it is verified that cookies are downloaded, not having distinction between those users who grant consent and those who do not regarding the treatment and therefore, it is decided to implement an additional measure, of the same way it was done with the advertising cookies listed above to It is only downloaded if there is express and effective consent. Likewise, in addition to the cookies already mentioned, we have cookies techniques that allow the website to function properly whose download is It occurs regardless of the consent of the users. The functionalities of these are limited to the following uses: - Cookies loading the CMP by means of the which guarantees compliance with the regulations on cookies. - Loading and sports scoreboard interface display. - Control access to our web and guarantee its security. - Guarantee accessibility to the website. That, likewise, the cookie policy has been updated adapting the recommendations set out to what is indicated in the Cookies Guide published by this authority, being able to check in the link https://www.cope.es/pagina/politicas-de-cookies. That even in the case of a sector whose main source of income comes through the online advertising, all reasonable efforts have been made to comply with the C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 4/11 regulations and the minimum possible cookies will be treated to guarantee the correct operation of the web. Attached as ANNEX VI, a screenshoot of the cookies that are downloaded initially, in which you can see the adequacy of the themselves. Likewise, we place ourselves at the full disposal of this authority to collaborate, modify or respond to any request that it may make to improve the treatment system, since as we have indicated our intention is to comply with the regulations and guarantee the privacy of our users ”. FOURTH: On 05/04/21, this Agency carries out the following Checks on the claimed web page: 1.- When entering the web https://www.cope.es/ and, without accepting cookies or making any action on the web, it is verified that unnecessary cookies are used: _chartbeat2; _cb_svref; _cb_ls; gig_canary_ver; _gid; _cb; _ga; gig_canar; didomi_token, whose domains belong to www.cope.es 2. When entering the web, a first layer notice is displayed about the existence of cookies: "Your privacy is important to us: With your agreement, we and our partners use cookies or similar technologies. to store, access and process personal data such as your visit to this website. You can withdraw your consent or object to data processing based on legitimate interests at any time by clicking on "More information" or on our Privacy Policy on this website. We and our partners do the following data processing: Store or access information on a device, Ads and content targeting, ad and content measurement, audience information and product development, precise geographic location data and identification using device characteristics. << More information >> <<< accept and close >> ”. 3.- If you access the cookies control panel, through the link << more information >>, the web redirects to a new page where the following is provided information: “We and our partners place cookies, access and use information not responsive on your device to improve our products and personalize advertisements and other content on this website. You can accept all or part of these operations. For more information about cookies, partners and how we use your data, to review your options or these operations for each partner, visit our privacy policy. Skip to: << Accept all >> + Use precise geographic location data: Reject <-> Accept C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 5/11 + Develop and improve products: Reject <-> Accept + Use market research: Reject <-> Accept + Measure content performance: Reject <-> Accept + Measure ad performance: Reject <-> Accept + Select custom content: Reject <-> Accept + Create a profile for content personalization: Reject <-> Accept + Select personalized ads: Reject <-> Accept + Create a personalized advertising profile: Reject <-> Accept + Select basic ads: Reject <-> Accept + Store or access information on a device: Reject <-> Accept + Actively scan for identification: Reject <-> Accept If you give your consent for the above purposes, you also allow this website and its partners operate the processing of the following data: + Collate and combine offline data sources. + Guarantee security, avoid fraud and debug errors. + Receive and use for identification the characteristics of the device that is sent automatically. + Technically serve ads or content + and Link different devices << See our partners >> << Reject all >> --- << Accept all >> 4.- If the "Cookies Policy" is accessed through the link in the part bottom of the main page, the web redirects to a new page https://www.cope.es/pagina/politicas-de-cookies, where information is provided about, what are cookies and what are they used for; what information a cookie stores; what type of cookies exist and identifies the cookies used by the website, both own and those of third parties, the purpose they have and the time they will be active. SIXTH: In view of the facts denounced, in accordance with the evidence of that is available, the Data Inspection of this Spanish Agency for the Protection of Data considers the above, does not comply with current regulations, therefore that the opening of this sanctioning procedure proceeds. FOUNDATIONS OF LAW I It is competent to initiate and resolve this Penalty Procedure, the Director of the Spanish Agency for Data Protection, in accordance with the provisions of the art. 43.1, second paragraph, of Law 34/2002, of July 11, on Services of the Information Society and Electronic Commerce (LSSI), is competent to initiate and resolve this Penalty Procedure, the Director of the Spanish Agency for Data Protection. II - On the use of unnecessary cookies prior to consent: Article 22.2 of the LSSI establishes that information must be provided to users clear and complete information on the use of storage and recovery devices. tion of data and, in particular, on the purposes of data processing. This information Information must be provided in accordance with the provisions of the GDPR. C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 6/11 Therefore, when the use of a cookie involves a treatment that enables the identification of the user, those responsible for the treatment must ensure the compliance with the requirements established by the regulations on data protection cough. However, it is necessary to point out that they are exempt from compliance with the Obligations established in article 22.2 of the LSSI those necessary cookies for the intercommunication of the terminals and the network and those that provide a service expressly requested by the user. In this sense, the GT29, in its Opinion 4/201210, interpreted that among cookies excepted would be the User's input Cookies ”(those used to re- fill out forms, or as a management of a shopping cart); Authentication cookies User identification or identification (session); user security cookies (those used to detect erroneous and repeated attempts to connect to a website); media player session cookies; session cookies to balance character ga; User interface customization cookies and some add-on cookies (plug-in) to exchange social content. These cookies would be excluded from the scope of application of article 22.2 of the LSSI, and, therefore, it would not be necessary to inform or obtain consent about your use. On the contrary, it will be necessary to inform and obtain the prior consent of the user before using any other type of cookies, both first and foremost third party, session or persistent. In the verification carried out by this Agency on the claimed website, it was possible to verify that, when entering the main page and without taking any action on the mimas or accept cookies, the following unnecessary cookies were used: - _cb (www.cope.es) Analytical cookie used to store the identifier unique visitor for chartbeat tracking, (tool for the real-time website metrics analysis) (active 1 year). - _chartbeat2 (www.cope.es). Analytical cookie used to store statistical information on the number of visits to the website, (active 30 days). - _ga (.cope.es). Analytical cookie used to distinguish users on the site web (active 2 years). - _cb_svref (www.cope.es). Analytical cookie used to store the original origin of the site visitor, (active in the session). - _cb_ls (www.cope.es). Analytical cookie used for browsing analysis and control of active users, (active 1 year). - web_gid (.cope.es). Analytical cookie used to distinguish users (active 24 hours). III - About the cookie information banner in the first layer: C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 7/11 In this banner, in addition to including generic information about cookies, you must be a clearly visible link directed to the second informational layer about the use of cookies. In the present case, the existing banner on the main page only includes a link to the cookie configuration panel, there is no link that redirects to the user to the cookie policy page. There is also no link, within the configuration panel that redirects to the cookie policy. There is only one link in this panel that redirects to the privacy policy, but if the user decides to access to it, the page returns the user to the banner of the main page. There is only the possibility of accessing the cookie policy and, therefore, the information detailed training on them, once the cookies have been accepted or rejected, to through the link at the bottom of the main page of the web << political- ca of cookies >>. IV The facts presented in the previous sections could suppose, on the part of the claimed, the commission of the infraction of article 22.2 of the LSSI, according to the which: “Service providers may use storage and retrieval devices ration of data in terminal equipment of recipients, provided that the same We have given their consent after information has been provided to them clear and complete on its use, in particular, on the purposes of the treatment of the data, in accordance with the provisions of Organic Law 15/1999, of December 13, protection of personal data. When technically possible and effective, the consent of the recipient to accept the data processing may be facilitated by using the parameters from the browser or other applications. The foregoing will not prevent possible storage or access of a technical nature to only in order to carry out the transmission of a communication over a communication network electronic devices or, to the extent strictly necessary, for the provision of an information society service expressly requested by the recipient. River". This offense is classified as "slight" in article 38.4 g), of the aforementioned Law, which considers as such: “Use data storage and recovery devices when the information had not been provided or the consent of the recipient had not been obtained. natario of the service in the terms required by article 22.2. ”, which may be sanctioned nothing with a fine of up to € 30,000, in accordance with article 39 of the aforementioned LSSI. It is considered, on the other hand, that the sanction to be imposed should be adjusted according to with the following aggravating criteria, established in art. 40 of the LSSI: - The existence of intentionality, an expression that must be interpreted as equi- value to degree of guilt according to the Judgment of the Hearing National of 11/12/07 relapse in Appeal no. 351/2006, corresponding to C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 8/11 the entity denounced the determination of a system for obtaining consent informed service that conforms to the mandate of the LSSI. Based on these criteria, it is deemed appropriate to impose on the claimed entity an initial penalty of 2,000 euros, (two thousand euros), for the violation of article 22.2 of the LSSI, regarding the cookie policy carried out on the website of its owner- dad. In accordance with the foregoing, by the Director of the Spanish Agency for Pro- Data protection, HE REMEMBERS: START: SANCTIONING PROCEDURE to the entity RADIO POPULAR S.A. with CIF .: A28281368, owner of the website, https://www.cope.es/, for the violation of the article 22.2) of the LSSI, punishable in accordance with the provisions of art. 39) and 40) of the aforementioned Law, regarding the "Cookies Policy". APPOINT: as Instructor to D. R.R.R., and Secretary, where appropriate, to Ms. S.S.S., indi- Whereas any of them may be challenged, as the case may be, in accordance with the provisions cited in articles 23 and 24 of Law 40/2015, of October 1, on the Legal Regime of the Public Sector (LRJSP). INCORPORATE: to the sanctioning file, for evidentiary purposes, the inter- put by the claimant and its documentation, the documents obtained and generated by the Subdirectorate General for Data Inspection during the investigation phase. nes, all of them part of the present administrative file. WHAT: for the purposes provided in art. 64.2 b) of Law 39/2015, of October 1, on Common Administrative Procedure of Public Administrations, the sanction that could correspond, it would be 2,000 euros (two thousand euros), without prejudice to what Sulte of the instruction of the present file. WHAT: in accordance with article 58.2 of the RGPD, the corrective measure that could to impose itself on the entity, RADIO POPULAR S.A., would consist of ORDERING IT that, all Take the necessary measures on the website of your ownership to adapt it to the current regulations regarding "Cookies Policy", modifying it in such a way that makes it impossible to use cookies that are not necessary until the user gives their consent to this, as well as the inclusion of a link to the cookie policy within the existing banner on the main page or first layer. NOTIFY: this agreement to initiate the sanctioning file to the entity RADIO POPULAR S.A. granting a hearing period of ten business days to to formulate the allegations and present the evidence it deems appropriate. If within the stipulated period it does not make allegations to this initiation agreement, the same may be considered a resolution proposal, as established in article 64.2.f) of Law 39/2015, of October 1, on the Common Administrative Procedure of the Public Administrations (hereinafter, LPACAP). C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 9/11 In accordance with the provisions of article 85 of the LPACAP, in the event that the penalty to be imposed would be a fine, you may recognize your responsibility within the zo granted for the formulation of allegations to the present initiation agreement; what will entail a reduction of 20% of the penalty to be imposed in the present procedure, equivalent in this case to 400 euros. With the application of this reduction, the sanction would be set at 1,600 euros, resolving the yield with the imposition of this sanction. In the same way, you may, at any time prior to the resolution of this procedure, carry out the voluntary payment of the proposed sanction, which will give a reduction of 20% of the amount of this, equivalent in this case to 400 euros- rivers. With the application of this reduction, the penalty would be set at 1,600 euros. ros and its payment will imply the termination of the procedure. The reduction for the voluntary payment of the penalty is cumulative to the corresponding apply for the acknowledgment of responsibility, provided that this acknowledgment of the responsibility is made manifest within the period granted to formulate allegations at the opening of the procedure. The voluntary payment of the referred amount in the preceding paragraph, it may be done at any time prior to the resolution. On In this case, if both reductions should be applied, the amount of the penalty would be established at 1,200 euros (one thousand two hundred euros). In any case, the effectiveness of either of the two mentioned reductions will be conditioned to the withdrawal or resignation of any action or resource in the administrative way. trative against the sanction. If you choose to proceed to the voluntary payment of any of the amounts indicated previously, you must make it effective by entering account No. ES00 0000 0000 0000 0000 0000 opened in the name of the Spanish Agency for the Protection of Data in Banco CAIXABANK, S.A., indicating in the concept the reference number cia of the procedure that appears in the heading of this document and the cause reduction of the amount to which it is accepted. Likewise, you must send proof of admission to the Subdirectorate General of Ins- pection to continue with the procedure in accordance with the amount entered. gives. The procedure will have a maximum duration of nine months from the date of the cha of the initiation agreement or, where appropriate, the draft initiation agreement. Elapsed that period will expire and, consequently, the file of actions; from in accordance with the provisions of article 64 of the LOPDGDD. Finally, it is pointed out that in accordance with the provisions of article 112.1 of the LPACAP, There is no administrative appeal against this act. Mar Spain Martí Director of the Spanish Agency for Data Protection. C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 10/11 >> SECOND: On June 1, 2021, the defendant has proceeded to pay the sanction in the amount of 1200 euros making use of the two planned reductions in the Initiation Agreement transcribed above, which implies the recognition of the responsibility. THIRD: The payment made, within the period granted to formulate allegations to the opening of the procedure, entails the waiver of any action or appeal in the process administrative against the sanction and the recognition of responsibility in relation to the facts to which the Initiation Agreement refers. FOUNDATIONS OF LAW I By virtue of the powers that article 58.2 of the RGPD recognizes to each authority of control, and as established in art. 47 of Organic Law 3/2018, of 5 of December, Protection of Personal Data and guarantee of digital rights (in hereinafter LOPDGDD), the Director of the Spanish Agency for Data Protection is competent to sanction the infractions that are committed against said Regulation; infractions of article 48 of Law 9/2014, of May 9, General of Telecommunications (hereinafter LGT), in accordance with the provisions of the article 84.3 of the LGT, and the offenses typified in articles 38.3 c), d) and i) and 38.4 d), g) and h) of Law 34/2002, of July 11, on services of the company of the information and electronic commerce (hereinafter LSSI), as provided in article 43.1 of said Law. II Article 85 of Law 39/2015, of October 1, on Administrative Procedure Common of Public Administrations (hereinafter, LPACAP), under the rubric "Termination of sanctioning procedures" provides the following: "1. Initiated a sanctioning procedure, if the offender acknowledges his responsibility, the procedure may be resolved with the imposition of the appropriate sanction. 2. When the sanction is solely of a pecuniary nature or it is possible to impose a pecuniary sanction and other non-pecuniary sanction but the inadmissibility of the second, the voluntary payment by the presumed responsible, in any time prior to the resolution, will imply the termination of the procedure, except in relation to the replacement of the altered situation or to the determination of the compensation for damages caused by the commission of the offense. C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 11/11 3. In both cases, when the sanction is solely of a pecuniary nature, the competent body to resolve the procedure will apply reductions of, at least, 20% on the amount of the proposed sanction, these being cumulative among themselves. The aforementioned reductions must be determined in the notice of initiation of the procedure and its effectiveness will be conditional on the withdrawal or resignation of any action or appeal in administrative proceedings against the sanction. The percentage of reduction foreseen in this section may be increased regulations. In accordance with the above, the Director of the Spanish Agency for the Protection of Data RESOLVES: FIRST: DECLARE the termination of procedure PS / 00118/2021, of in accordance with the provisions of article 85 of the LPACAP. SECOND: NOTIFY this resolution to RADIO POPULAR S.A. In accordance with the provisions of article 50 of the LOPDGDD, this Resolution will be made public once it has been notified to the interested parties. Against this resolution, which puts an end to the administrative procedure as prescribed by the art. 114.1.c) of Law 39/2015, of October 1, on Administrative Procedure Common of Public Administrations, interested parties may file an appeal administrative litigation before the Contentious-Administrative Chamber of the National High Court, in accordance with the provisions of article 25 and section 5 of the fourth additional provision of Law 29/1998, of July 13, regulating the Contentious-Administrative Jurisdiction, within a period of two months from the day following notification of this act, as provided in article 46.1 of the referred Law. 936-031219 Mar Spain Martí Director of the Spanish Agency for Data Protection C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es