AEPD (Spain) - EXP202309359
From GDPRhub
| AEPD - EXP202309359 | |
|---|---|
 | |
| Authority: | AEPD (Spain) |
| Jurisdiction: | Spain |
| Relevant Law: | Ley 34/2002, de 11 de julio, de servicios de la sociedad de la información y de comercio electrónico |
| Type: | Complaint |
| Outcome: | Upheld |
| Started: | 18.12.2023 |
| Decided: | |
| Published: | 22.03.2024 |
| Fine: | 5,000 EUR |
| Parties: | Motorsport Network España |
| National Case Number/Name: | EXP202309359 |
| European Case Law Identifier: | n/a |
| Appeal: | Unknown |
| Original Language(s): | Spanish |
| Original Source: | AEPD (in ES) |
| Initial Contributor: | lm |
The DPA found that a ‘pay or okay’ cookie banner violated the Spanish e-Privacy Law and imposed a €5,000 fine.
English Summary
Facts
On 22 May 2023, a data subject filed a complaint with the AEPD against Motorsport Network España (the controller). The complaint alleged that the controller’s webpage used a ‘pay or okay’ scheme in its cookie banner, requiring data subjects to either consent to cookies and use the page or free, or to subscribe for a fee in order to reject any cookies.
In its investigation, the AEPD noted that upon entering the webpage for the first time, the controller utilised non-technical cookies, which require consent under the ePrivacy Directive, without the prior consent of the user.
After the cookies were already applied, the controller prompted data subjects with a cookie banner that provided two options in its first layers. First, the user could accept the cookies and use the webpage for free. In this case, the webpage continued to use the same cookies that it had utilised prior to the consent being prompted or given. Second, the user could select a box marked ‘Demonstrate the Options’, which brought users to a second banner that showed all cookie use marked as ‘off’ except for analytics cookies, which were marked as ‘on’. Additional details about each type of cookie could be obtained, but only in English. If a data subject wished to reject all of the cookies by clicking the ‘Confirm my preferences’ button (without manually adjusting any of the settings, including the default ‘on’ setting for analytics cookies), the webpage would continue using the cookies that it utilised prior to requesting consent. A new pop-up would then appear prompting data subjects to either become subscribers for a monthly fee and access the webpage without advertising, or to accept all of the cookies.
The AEPD also considered the options for users to withdraw consent. The controller provided such options in a ‘Manage Preferences’ link at the bottom of the webpage. Therein, data subjects could access the cookie control panel and manually switch each cookie from ‘on’ to ‘off’. Nonetheless, when they hit confirm preferences, they were faced with the same option to either accept all cookies or to begin a paid subscription.
On 18 December 2023, the AEPD initiated sanctioning proceedings against the controller.
Holding
The AEPD found that the controller’s use of non-technical cookies without consent, the inability to reject consent in a granular manner and the impossibility of withdrawing consent violated Article 22(2) LSSI. These practices did not enable the data subject to give adequate consent and thus could not provide a legal basis for using cookies pursuant to the national law.
The AEPD considered this a slight infraction pursuant to Article 38(4) LSSI and imposed a €5,000 fine.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Spanish original. Please refer to the Spanish original for more details.
1/14
Procedure No.: EXP202309359 (PS/00507/2023)
RESOLUTION OF THE SANCTIONING PROCEDURE
BACKGROUND
FIRST: On 05/22/23, Mr. A.A.A. (hereinafter, the complaining party) filed
claim before the Spanish Data Protection Agency. The claim is
directed against the entity MOTORSPORT NETWORK ESPAÑA, S.L. with CIF.:
B87730164, owner of the website: https://es.motorsport.com (hereinafter, the part
claimed), for the alleged violation of Law 34/2002, of July 11, on Services
of the Information Society and Electronic Commerce (LSSI).
The grounds on which the claim was based were that this company uses a form
illegal cookie consent on its website where it requires you to accept the
cookies to access the content for free or to subscribe for payment if
You do not want cookies to be installed.
SECOND: On 07/07/23, in accordance with the provisions of article 65.4
of Organic Law 3/2018, of December 5, on Protection of Personal Data and
Guarantee of Digital Rights (LOPDGDD), this Agency reported said
claim to the claimed party, so that it could proceed with its analysis and report, in the
period of one month, over what was stated in the statement of claim.
The transfer was carried out in accordance with the rules established in Law 39/2015, of 1
October, of the Common Administrative Procedure of Public Administrations
(LPACAP) and according to the certificate of the Electronic Notifications and Address Service
Electronic, was sent to the claimed party on 07/07/23 through the
electronic notifications, “NOTIFIC@”, being expired due to expiration, upon exceeding
the deadline established for the appearance, 07/18/23.
Although the transfer was validly carried out by electronic means, it was considered
Once the procedure was carried out in accordance with the provisions of article 41.5 of the LPACAP, the
a copy by postal mail, dated 07/18/23, to the address indicated in the Registry
Mercantil Central, as corporate address: ***ADDRESS.1, being returned to its destination
on 08/03/23, with the message “unknown”, as stated in the acknowledgment of receipt that
work in the file.
THIRD: On 08/22/23, in accordance with article 65 of the LOPDGDD,
The claim presented by the complaining party was admitted for processing.
FOURTH: On 11/13/23, the Inspection Subdirectorate of the Spanish Agency
of Data Protection carried out the following diligence, regarding the “Policy of Data
Cookies” of the website in question:
a).- About the cookies used before the user provides the
consent:
When entering the website https://es.motorsport.com/ for the first time, after having
cleared the computer's browser cache and installed cookies, and after having
C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 2/14
forced the browser to download the latest version of the web page hosted on the
remote server, it is verified how it uses the following cookies without the
prior consent of the user:
- Cookies of a technical nature:
cookies Domain Description
INGRESSCO Records which server cluster is
OKIE bh.context serving the visitor. This is used in
web.com context with load balancing, for
Optimize user experience.
This cookie is associated with sites that
they use Google Tag Manager to upload
_dc_gtm_UA- . other scripts and codes in one
5127509-1 motorsper page. When used, it can
t.com be considered strictly necessary and
which, without it, other scripts may not
work correctly.
Cookie generated by applications based
in the PHP language. This is a
general identifier used to
maintain session variables
PHPSESSID en.motors user. It is usually a number
randomly generated port.com, the way
used may be site specific, but
A good example is maintaining the state of
login of a user between
pages.
__cf_bm .script.ac Used to distinguish between humans and
robot.
This cookie is set by the solution
cookie compliance
Optanon. OneTrust. Stores information about
Motor consent by categories of cookies used by the site and
to
t.com if visitors have given or withdrawn their
consent for the use of each
category.
C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 3/14
- Performance cookies: They allow you to quantify the number of visits and sources of
traffic to be able to evaluate the performance of the site and serve to know what
pages are the most visited and how visitors navigate the
place:
cookies Domain Description
Located on a site that uses the
time analysis platform
_chartbeat2
.motorsport.com real Chartbeat. Is used for
distinguish between new visitors
and recurring.
- Cookies detected from Google Analytics:
cookies Domain Description
_gid .motorsport.com This cookie is set by
Google Analytics. Store and
updates a single value for
each page visited and
used to count and perform
a follow-up of the
pages viewed.
_ga .motorsport.com This cookie is associated
with Google Analytics, and
used to distinguish users
unique by assigning a number
randomly generated
as identifier
customer. It is included in each
site page request
and is used to calculate the
visitor data, sessions
and reporting campaigns
site analytics.
_ga_ .motorsport.com Google Analytics uses this
PVMXPYS8TW cookie to preserve the
session status.
C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 4/14
- Targeting or advertising cookies: specifically designed to collect
information on viewing the pages visited and being able to send
advertising based on relevant topics that interest the user:
cookies Domain Description
demdexMore .demdex.net This cookie allows Adobe
Audience Manger to perform
basic functions like
visitor identification,
ID synchronization,
segmentation, modeling,
reporting, etc.
dpmMore .dpm.demdex.net Adobe Audience Manager uses
this cookie to register
information about the
ID synchronization.
_fbp .motorsport.com Used by Meta to offer
a series of products
advertising, such as offers on
real time advertisers
external.
chaos .rubiconproject.com This cookie performs information
about how the end user
use the website and any
advertising that the end user
have seen before visiting said
website.
uuid2 .adnxs.com This cookie allows advertising
directed through the platform
AppNexus – Collect data
anonymous about views of
ads, IP addresses, visits
to pages and more.
C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 5/14
- Functionality cookies: allow the website to remember elections
what you do (such as your username, your language, or the area you are in)
find), and offer better, more personalized features.
cookies Domain Description
_cb_svref .motorsport.com This is a cookie owned by
Microsoft MSN used
to measure website usage
for statistical analysis
internal.
- Cookies whose purpose could not be identified:
cookies Domain Description
adblfree .motorsport.com
opt_out .postrelease.com Third party
ms_touch .motorsport.com
.motorsport.com sessions
30daysExpires
_cb .motorsport.com
ktcid .kargo.com Third party
pageviewSession .motorsport.com
C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 6/14
cookies Domain Description
FPLC .motorsport.com
_pbjs_userid_consent_dat .motorsport.com
to
_pc_PianoABtestv2 .motorsport.com
__browsiSessionID .motorsport.com
ucountry.motorsport.com
Sessions7days.motorsport.com
abtestv2 .motorsport.com
Sessions7daysExpires .motorsport.com
ntvSession .motorsport.com
FPID .motorsport.com
C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 7/14
cookies Domain Description
CONSUMABLEID .serverbid.com Third Party
KCCHMore .ads.pubmatic.com Third Party
HAPLB8G .go.sonobi.com Third party
_pc_20ABtestv2 .motorsport.com
Sessions30days.motorsport.com
__browsiUID .motorsport.com
audit .rubiconproject.com Third party
b).- About the cookie information banner existing in the first layer
(Homepage):
When entering the website for the first time, an information banner about cookies appears
with the following message:
We care about your privacy.
We and our 464 partners store or access information
of the device, such as unique identifiers in cookies to process data
personal. You can accept or manage your preferences by clicking below,
including the right to object based on your legitimate interest or, in any
moment, through the privacy policy page. Your preferences are
They will notify our partners and will not affect browsing data.
C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 8/14
We and our partners process data to provide:
Use precise geographic location data. actively analyze the
device characteristics for identification. Understanding the public through
of statistics or through the combination of data from different
sources. Store or access device information. measure the
content performance. Use of limited data for the purpose of selecting the
content. Development and improvement of services. Limited data usage with
objective of selecting advertising. Using profiles for content selection
personalized. Create profiles for personalized advertising. Measure the performance of
advertising. Use profiles to select personalized advertising. Create
profiles to personalize content.
<<List of Suppliers>>
<<Show the Purposes>><<I accept>>
If you choose to accept all cookies by clicking on the <<Accept>> option, you will
check how the website continues to use the cookies detected at the beginning of the
visit, before giving consent.
If you click on the <<Show Purposes>> option, the website displays a panel of
control where cookie groups are pre-marked “OFF”,
except the group of cookies with the title “Analytics” which are pre-marked in
“ON” option.
If the information of this group of cookies is displayed by clicking on (+) in the title of the
“Analytics” group, information about the purpose of these cookies appears in the language
English, (whose translation is):
“The collection of information about your use of the content, and its combination
with previously collected information, is used to measure, understand and
inform about your use of the service. This does not include Personalization,
collecting information about your use of this service to personalize
subsequently the content and/or advertising to you in other contexts, it is
That is, on other services, such as websites or applications, over time.
If you want to see the list of providers, click on Your privacy and View the
consent of the provider.
If you wish to reject all cookies, clicking on the option <Confirm my
preferences> without moving any cursor of the cookie groups, from the position
“OFF” to the “ON” position and moved the cursor of the “Analytics” cookie group of the
position “ON” to the “OFF” position, it is checked how the website continues using the
cookies detected at the beginning of navigation.
Once the preferences are confirmed, (without having given consent for the
use of cookies) the website displays a new information banner:
Become a member and access the website without advertising or accept cookies
C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 9/14
We report from the Formula 1 and MotoGP paddocks because, like you, we love
our sport.
To do our job, our website uses cookies. Among other things, this
Optimize your sleep experience and adjust ads to your interests. Without
However, we want to give you the opportunity to enjoy our website without ads.
You have two options: 1. Become a member for a small monthly fee, without
cookies, but with a better website experience and more benefits-/2.
Accept cookies and enjoy our content for free.
<<BECOME A MEMBER>> <<ALLOW COOKIES>>
<<Are you already a member? Connect here>>
In this new banner it is verified that there are only two possibilities if
you want to continue browsing the website, or you previously accept all cookies
by clicking on the <<Allow Cookies>> option or you must become a member for a fee
monthly, where, according to the information provided, they assure that they will not install
cookies.
c).- About the information provided in the second layer (Privacy Policy).
Cookies):
If you access the “Cookie Policy” through the link at the bottom
from the main page, the website redirects the user to a new page,
https://es.motorsport.com/info/cookie-policy/ where information is provided about:
what are cookies; What is the purpose of the information collected through cookies, what
type of cookies exist and how cookies can be managed through the
browsers installed on the terminal equipment.
d).- Regarding the possibility of modifying the consent once given in
relationship with cookies.
If the user has given initial consent for the website to use cookies that
are not technical or necessary and you want to modify said consent, there is the
possibility of accessing the cookie control panel through the link <<Manage
Preferences>> existing at the bottom of the web page you are visiting, to
through which the cookie control panel appears, where the groups of
Cookies are now marked “ON.”
If you wish to withdraw consent, you must move the cursors of the groups of
cookies from the “ON” position to the “OFF” position and click on <<Confirm my
preferences>>. However, if this process is carried out, the website displays the
information banner where it only allows the option to “accept all the
cookies” or “become a member of the club” by paying a monthly fee.
FIFTH: On 12/18/23, the Director of the Spanish Agency for the Protection of
Data agreed to initiate sanctioning proceedings against the entity, MOTORSPORT
NETWORK ESPAÑA, S.L. with CIF.: B87730164, owner of the website:
https://es.motorsport.com/, in accordance with the provisions of articles 63 and 64 of the
C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 10/14
Law 39/2015, of October 1, on the Common Administrative Procedure of the
Public Administrations (LPACAP), for the alleged violation of article 22.2 of the
LSSI, classified as “mild” in article 38.4.g) of the aforementioned standard, regarding the
“Cookie Policy” of said page.
In the opening agreement it was determined that the sanction that could apply,
taking into account the evidence existing at that time and without prejudice to what may result
of the instruction would amount to a total of 5,000 euros (five thousand euros).
The notification of the agreement to open the file was carried out in accordance with the
standards established in Law 39/2015, of October 1, on the Procedure
Common Administrative Administration of Public Administrations (LPACAP). According to Certificate
of the Correos y Telégrafos State Company, S.A., the document initiating
file sent to the corporate address, ***ADDRESS.1, was returned to its destination on
08/03/23, with the message “unknown”, as stated in the acknowledgment of receipt that
work in the file., according to the Central Commercial Registry, it was returned to its origin by
“unknown” on 01/10/24.
On 01/16/24, notification of the initiation agreement was made through an announcement in
the single Edictal Board of the Official State Gazette, in accordance with article 44 of
the LPACAP. In said announcement the claimed party is informed about the possibility of
obtain a copy of the opening agreement.
SIXTH: The aforementioned initiation agreement has been notified in accordance with the rules established in
the LPACAP and after the period granted for the formulation of allegations has elapsed, it has been
verified that no allegation has been received from the party claimed in this
Agency.
Article 64.2.f) of the LPACAP - provision of which the claimed party was informed
in the agreement to open the procedure - establishes that if no
allegations within the stipulated period regarding the content of the initiation agreement, when
This contains a precise statement about the imputed responsibility,
may be considered a proposal for a resolution. In the present case, the agreement
beginning of the sanctioning file determined the facts in which the
imputation, the violation of the LSSI attributed to the defendant and the sanction that could be
impose Therefore, taking into consideration that the claimed party has not
made allegations to the agreement to initiate the file and in response to what
established in article 64.2.f) of the LPACAP, the aforementioned initiation agreement is
considered in the present case proposed resolution.
In view of everything that has been done, by the Spanish Data Protection Agency
In this procedure, the following are considered proven facts:
PROVEN FACTS
Unique: In the verification carried out and completed by this Agency on 11/13/23, in the
website https://es.motorsport.com/, the following deficiencies could be verified in its
"Cookies policy":
C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 11/14
- It was found that cookies were used that were not of a technical or
necessary without the user's consent:
o Performance cookies: _chartbeat2
o Google Analytics Cookies (performance): _gid; _ga;
_ga_PVMXPYS8TW.
o Targeting or advertising cookies: demdexMás; dpmMore; _fbp;
chaos; uuid2;
o Functionality cookies: _cb_svref;
o Cookies whose purpose could not be identified: adblfree; opt_out
(.postrelease.com.- third party); ms_touch; _cb; ktcid; (.kargo.com
third party); FPLC; _pbjs_userid_consent_data;
_pc_PianoABtestv2; __browsiSessionID; ucountry; abtestv2;
ntvSession; FPID; CONSUMABLEID (.serverbid.com.- third party);
KCCHMás (.ads.pubmatic.com.- third party); HAPLB8G
(.go.sonobi.com.- third party); _pc_20ABtestv2; __browsiUID;
Audit (.rubiconproject.com.- third party)
- It was verified that there is no possibility for the user to reject the
use of cookies that are not of a technical nature since in the case of
all cookies are rejected in the control panel, the website returns to
display a new banner where there is only the possibility of accepting
all cookies or, where applicable, register on the website in exchange for a fee
monthly and where it is insured, according to the information provided in said
banner, that cookies will not be installed.
- The impossibility of withdrawing consent once given was confirmed.
FOUNDATIONS OF LAW
Yo
Competence.
In accordance with the provisions of article 43.1 of the LSSI and the provisions of the
articles 47, 48.1, 64.2 and 68.1 of the LOPDGDD, is competent to initiate and resolve
this procedure the Director of the Spanish Data Protection Agency.
Likewise, article 63.2 of the LOPDGDD determines that: "The procedures
processed by the Spanish Data Protection Agency will be governed by the provisions
in Regulation (EU) 2016/679, in this organic law, by the provisions
regulations dictated in its development and, insofar as they do not contradict them, with a
subsidiary, by the general rules on administrative procedures."
The fourth additional provision "Procedure in relation to powers
attributed to the Spanish Data Protection Agency by other laws" establishes
that: "The provisions of Title VIII and its implementing regulations will apply to
C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 12/14
the procedures that the Spanish Data Protection Agency would have to
process in the exercise of the powers attributed to it by other laws."
II
Classification of the offense committed
The deficiencies detected, regarding the cookie policy, on the website
https://es.motorsport.com, that is, the use of cookies that are not of a nature
technique without the user's consent; the impossibility of rejecting them or being able
manage them in a granular way and the impossibility of withdrawing consent once
provided, they represent the commission of the violation of article 22.2 of the LSSI, since
establishes:
“Service providers may use storage devices and
data recovery on recipients' terminal equipment, provided
that they have given their consent after they have been
provided clear and complete information on its use, in particular on
the purposes of data processing, in accordance with the provisions of the LO
15/1999, of December 13, on the protection of personal data.
Where technically possible and effective, the consent of the recipient
to accept the processing of the data may be facilitated through the use of the
appropriate settings of the browser or other applications.
The above will not prevent possible storage or access of a technical nature
for the sole purpose of carrying out the transmission of a communication over a network of
electronic communications or, to the extent strictly necessary
necessary, for the provision of an information society service
expressly requested by the recipient.”
III
Sanction
This Infraction is classified as “minor” in article 38.4 g) of the aforementioned Law, which
considers as such: “Use data storage and recovery devices
when the information has not been provided or the consent of the
recipient of the service in the terms required by article 22.2.”, and may be
sanctioned with a fine of up to €30,000, in accordance with article 39 of the aforementioned
LSSI.
The LSSI, in its article 40, establishes the “graduation of the amount of sanctions”,
taking into account the following criteria:
a) The existence of intentionality.
b) Period of time during which the infraction has been committed.
c) Recidivism due to the commission of infractions of the same nature, when
so it has been declared by final resolution.
d) The nature and amount of the damages caused.
e) The benefits obtained from the infringement.
f) Billing volume affected by the infraction committed.
C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 13/14
g) Adherence to a code of conduct or a self-regulation system
applicable advertising regarding the infringement committed, which complies with the
provided in article 18 or in the eighth final provision and that has been
favorably informed by the competent body or bodies.
After the evidence obtained, it is considered appropriate to graduate the sanction to be imposed.
in accordance with the following aggravating criterion, established by art. 40 of the LSSI:
- The existence of intentionality (section a). Expression that must
be interpreted as equivalent to the degree of guilt according to the
Judgment of the National Court of 11/12/07 falling in Appeal no.
351/2006, corresponding to the reported entity the determination of a
system for obtaining informed consent that is appropriate to the mandate
of the LSSI.
In accordance with these criteria, it is considered appropriate to impose, for the violation of the
article 22.2 of the LSSI, regarding the cookie policy made on the website
of its ownership, a fine of 5,000 euros (five thousand euros).
Therefore, in accordance with the above, by the Director of the Agency
Spanish Data Protection,
RESOLVES:
FIRST: IMPOSE the entity MOTORSPORT NETWORK ESPAÑA, S.L. with
CIF.: B87730164, owner of the website: https://es.motorsport.com/, for the
violation of article 22.2 of the LSSI, typified in art. 38.4.g) of the aforementioned standard,
a fine of 5,000 euros (five thousand euros).
SECOND: NOTIFY the resolution to MOTORSPORT NETWORK ESPAÑA S.L.
THIRD: This resolution will be enforceable once the deadline to file the
optional resource for replacement (one month counting from the day following the
notification of this resolution) without the interested party having made use of this power.
The sanctioned person is warned that he must make effective the sanction imposed once
This resolution is executive, in accordance with the provisions of art. 98.1.b)
of Law 39/2015, of October 1, on the Common Administrative Procedure of the
Public Administrations (hereinafter LPACAP), within the voluntary payment period
established in art. 68 of the General Collection Regulations, approved by Real
Decree 939/2005, of July 29, in relation to art. 62 of Law 58/2003, of 17
December, through your entry, indicating the NIF of the sanctioned person and the number of
procedure that appears in the heading of this document, in the account
restricted IBAN No.: ES00-0000-0000-0000-0000-0000 (BIC/SWIFT Code:
CAIXESBBXXX), opened on behalf of the Spanish Data Protection Agency in
the banking entity CAIXABANK, S.A.. Otherwise, it will be
collection in executive period. Once the notification is received and once executive, if the
Execution date is between the 1st and 15th of each month, both
inclusive, the deadline to make the voluntary payment will be until the 20th of the month
next or immediately following business day, and if it is between the 16th and last day of
each month, both inclusive, the payment term will be until the 5th of the second month
following or immediate subsequent business.
C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 14/14
Against this resolution, which puts an end to the administrative procedure in accordance with art. 48.6 of the
LOPDGDD, and in accordance with the provisions of article 123 of the LPACAP, the
Interested parties may optionally file an appeal for reconsideration before the
Director of the Spanish Data Protection Agency within a period of one month to
count from the day following the notification of this resolution or directly
contentious-administrative appeal before the Contentious-administrative Chamber of the
National Court, in accordance with the provisions of article 25 and section 5 of
the fourth additional provision of Law 29/1998, of July 13, regulating the
Contentious-administrative Jurisdiction, within a period of two months from the
day following the notification of this act, as provided for in article 46.1 of the
referred Law.
Finally, it is noted that in accordance with the provisions of art. 90.3 a) of the LPACAP,
may provisionally suspend the final resolution through administrative channels if the
interested party expresses his intention to file a contentious-administrative appeal.
If this is the case, the interested party must formally communicate this fact through
writing addressed to the Spanish Data Protection Agency, presenting it through
of the Agency's Electronic Registry [https://sedeagpd.gob.es/sede-electronicaweb/],
or through any of the other registries provided for in art. 16.4 of the aforementioned Law
39/2015, of October 1. You must also transfer the documentation to the Agency
that proves the effective filing of the contentious-administrative appeal. If the
Agency was not aware of the filing of the contentious appeal.
administrative within a period of two months from the day following notification of the
This resolution would end the precautionary suspension.
Sea Spain Martí
Director of the Spanish Data Protection Agency.
C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es
