AEPD (Spain) - EXP202309359

From GDPRhub
AEPD - EXP202309359
LogoES.jpg
Authority: AEPD (Spain)
Jurisdiction: Spain
Relevant Law:
Ley 34/2002, de 11 de julio, de servicios de la sociedad de la información y de comercio electrónico
Type: Complaint
Outcome: Upheld
Started: 18.12.2023
Decided:
Published: 22.03.2024
Fine: 5,000 EUR
Parties: Motorsport Network España
National Case Number/Name: EXP202309359
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): Spanish
Original Source: AEPD (in ES)
Initial Contributor: lm

The DPA found that a ‘pay or okay’ cookie banner violated the Spanish e-Privacy Law and imposed a €5,000 fine.

English Summary

Facts

On 22 May 2023, a data subject filed a complaint with the AEPD against Motorsport Network España (the controller). The complaint alleged that the controller’s webpage used a ‘pay or okay’ scheme in its cookie banner, requiring data subjects to either consent to cookies and use the page or free, or to subscribe for a fee in order to reject any cookies.

In its investigation, the AEPD noted that upon entering the webpage for the first time, the controller utilised non-technical cookies, which require consent under the ePrivacy Directive, without the prior consent of the user.

After the cookies were already applied, the controller prompted data subjects with a cookie banner that provided two options in its first layers. First, the user could accept the cookies and use the webpage for free. In this case, the webpage continued to use the same cookies that it had utilised prior to the consent being prompted or given. Second, the user could select a box marked ‘Demonstrate the Options’, which brought users to a second banner that showed all cookie use marked as ‘off’ except for analytics cookies, which were marked as ‘on’. Additional details about each type of cookie could be obtained, but only in English. If a data subject wished to reject all of the cookies by clicking the ‘Confirm my preferences’ button (without manually adjusting any of the settings, including the default ‘on’ setting for analytics cookies), the webpage would continue using the cookies that it utilised prior to requesting consent. A new pop-up would then appear prompting data subjects to either become subscribers for a monthly fee and access the webpage without advertising, or to accept all of the cookies.

The AEPD also considered the options for users to withdraw consent. The controller provided such options in a ‘Manage Preferences’ link at the bottom of the webpage. Therein, data subjects could access the cookie control panel and manually switch each cookie from ‘on’ to ‘off’. Nonetheless, when they hit confirm preferences, they were faced with the same option to either accept all cookies or to begin a paid subscription.

On 18 December 2023, the AEPD initiated sanctioning proceedings against the controller.

Holding

The AEPD found that the controller’s use of non-technical cookies without consent, the inability to reject consent in a granular manner and the impossibility of withdrawing consent violated Article 22(2) LSSI. These practices did not enable the data subject to give adequate consent and thus could not provide a legal basis for using cookies pursuant to the national law.

The AEPD considered this a slight infraction pursuant to Article 38(4) LSSI and imposed a €5,000 fine.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Spanish original. Please refer to the Spanish original for more details.

1/14








     Procedure No.: EXP202309359 (PS/00507/2023)

               RESOLUTION OF THE SANCTIONING PROCEDURE


                                   BACKGROUND

FIRST: On 05/22/23, Mr. A.A.A. (hereinafter, the complaining party) filed
claim before the Spanish Data Protection Agency. The claim is

directed against the entity MOTORSPORT NETWORK ESPAÑA, S.L. with CIF.:
B87730164, owner of the website: https://es.motorsport.com (hereinafter, the part
claimed), for the alleged violation of Law 34/2002, of July 11, on Services
of the Information Society and Electronic Commerce (LSSI).

The grounds on which the claim was based were that this company uses a form

illegal cookie consent on its website where it requires you to accept the
cookies to access the content for free or to subscribe for payment if
You do not want cookies to be installed.

SECOND: On 07/07/23, in accordance with the provisions of article 65.4

of Organic Law 3/2018, of December 5, on Protection of Personal Data and
Guarantee of Digital Rights (LOPDGDD), this Agency reported said
claim to the claimed party, so that it could proceed with its analysis and report, in the
period of one month, over what was stated in the statement of claim.


The transfer was carried out in accordance with the rules established in Law 39/2015, of 1
October, of the Common Administrative Procedure of Public Administrations
(LPACAP) and according to the certificate of the Electronic Notifications and Address Service
Electronic, was sent to the claimed party on 07/07/23 through the
electronic notifications, “NOTIFIC@”, being expired due to expiration, upon exceeding
the deadline established for the appearance, 07/18/23.


Although the transfer was validly carried out by electronic means, it was considered
Once the procedure was carried out in accordance with the provisions of article 41.5 of the LPACAP, the
a copy by postal mail, dated 07/18/23, to the address indicated in the Registry
Mercantil Central, as corporate address: ***ADDRESS.1, being returned to its destination

on 08/03/23, with the message “unknown”, as stated in the acknowledgment of receipt that
work in the file.

THIRD: On 08/22/23, in accordance with article 65 of the LOPDGDD,
The claim presented by the complaining party was admitted for processing.


FOURTH: On 11/13/23, the Inspection Subdirectorate of the Spanish Agency
of Data Protection carried out the following diligence, regarding the “Policy of Data
Cookies” of the website in question:

       a).- About the cookies used before the user provides the

consent:

When entering the website https://es.motorsport.com/ for the first time, after having
cleared the computer's browser cache and installed cookies, and after having

C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 2/14








forced the browser to download the latest version of the web page hosted on the
remote server, it is verified how it uses the following cookies without the
prior consent of the user:

    - Cookies of a technical nature:


      cookies Domain Description



   INGRESSCO Records which server cluster is
       OKIE bh.context serving the visitor. This is used in
                       web.com context with load balancing, for
                                      Optimize user experience.



                                      This cookie is associated with sites that
                                      they use Google Tag Manager to upload
   _dc_gtm_UA- . other scripts and codes in one

     5127509-1 motorsper page. When used, it can
                         t.com be considered strictly necessary and
                                      which, without it, other scripts may not
                                      work correctly.



                                      Cookie generated by applications based
                                      in the PHP language. This is a
                                      general identifier used to

                                      maintain session variables
    PHPSESSID en.motors user. It is usually a number
                       randomly generated port.com, the way
                                      used may be site specific, but
                                      A good example is maintaining the state of
                                      login of a user between

                                      pages.



      __cf_bm .script.ac Used to distinguish between humans and
                                      robot.



                                      This cookie is set by the solution
                                      cookie compliance
      Optanon. OneTrust. Stores information about
   Motor consent by categories of cookies used by the site and
         to
                         t.com if visitors have given or withdrawn their
                                      consent for the use of each
                                      category.


C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 3/14









    - Performance cookies: They allow you to quantify the number of visits and sources of
       traffic to be able to evaluate the performance of the site and serve to know what
       pages are the most visited and how visitors navigate the
       place:


       cookies Domain Description

                                                  Located on a site that uses the
                                                  time analysis platform
 _chartbeat2
                         .motorsport.com real Chartbeat. Is used for
                                                  distinguish between new visitors
                                                  and recurring.



    - Cookies detected from Google Analytics:


        cookies Domain Description



          _gid .motorsport.com This cookie is set by
                                                    Google Analytics. Store and
                                                    updates a single value for
                                                    each page visited and
                                                    used to count and perform
                                                    a follow-up of the

                                                    pages viewed.



          _ga .motorsport.com This cookie is associated
                                                    with Google Analytics, and
                                                    used to distinguish users
                                                    unique by assigning a number
                                                    randomly generated
                                                    as identifier

                                                    customer. It is included in each
                                                    site page request
                                                    and is used to calculate the
                                                    visitor data, sessions
                                                    and reporting campaigns
                                                    site analytics.



         _ga_ .motorsport.com Google Analytics uses this

    PVMXPYS8TW cookie to preserve the
                                                    session status.



C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 4/14









    - Targeting or advertising cookies: specifically designed to collect
       information on viewing the pages visited and being able to send
       advertising based on relevant topics that interest the user:


       cookies Domain Description


     demdexMore .demdex.net This cookie allows Adobe

                                                   Audience Manger to perform
                                                   basic functions like
                                                   visitor identification,
                                                   ID synchronization,
                                                   segmentation, modeling,
                                                   reporting, etc.



       dpmMore .dpm.demdex.net Adobe Audience Manager uses

                                                   this cookie to register
                                                   information about the
                                                   ID synchronization.



         _fbp .motorsport.com Used by Meta to offer
                                                   a series of products
                                                   advertising, such as offers on
                                                   real time advertisers

                                                   external.



         chaos .rubiconproject.com This cookie performs information
                                                   about how the end user
                                                   use the website and any
                                                   advertising that the end user
                                                   have seen before visiting said
                                                   website.



         uuid2 .adnxs.com This cookie allows advertising

                                                   directed through the platform
                                                   AppNexus – Collect data
                                                   anonymous about views of
                                                   ads, IP addresses, visits
                                                   to pages and more.






C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 5/14








    - Functionality cookies: allow the website to remember elections
       what you do (such as your username, your language, or the area you are in)
       find), and offer better, more personalized features.


       cookies Domain Description



      _cb_svref .motorsport.com This is a cookie owned by
                                                    Microsoft MSN used
                                                    to measure website usage
                                                    for statistical analysis
                                                    internal.




    - Cookies whose purpose could not be identified:


            cookies Domain Description


            adblfree .motorsport.com




            opt_out .postrelease.com Third party





           ms_touch .motorsport.com




            .motorsport.com sessions
          30daysExpires




              _cb .motorsport.com





              ktcid .kargo.com Third party




     pageviewSession .motorsport.com


C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 6/14









            cookies Domain Description






             FPLC .motorsport.com





   _pbjs_userid_consent_dat .motorsport.com
                to




       _pc_PianoABtestv2 .motorsport.com





       __browsiSessionID .motorsport.com




            ucountry.motorsport.com




         Sessions7days.motorsport.com





            abtestv2 .motorsport.com




      Sessions7daysExpires .motorsport.com




           ntvSession .motorsport.com





              FPID .motorsport.com



C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 7/14









            cookies Domain Description


        CONSUMABLEID .serverbid.com Third Party




           KCCHMore .ads.pubmatic.com Third Party





           HAPLB8G .go.sonobi.com Third party




        _pc_20ABtestv2 .motorsport.com




         Sessions30days.motorsport.com




          __browsiUID .motorsport.com





            audit .rubiconproject.com Third party





       b).- About the cookie information banner existing in the first layer
       (Homepage):

When entering the website for the first time, an information banner about cookies appears

with the following message:

 We care about your privacy.


 We and our 464 partners store or access information
 of the device, such as unique identifiers in cookies to process data
 personal. You can accept or manage your preferences by clicking below,
 including the right to object based on your legitimate interest or, in any
 moment, through the privacy policy page. Your preferences are

 They will notify our partners and will not affect browsing data.


C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 8/14








 We and our partners process data to provide:
 Use precise geographic location data. actively analyze the
 device characteristics for identification. Understanding the public through

 of statistics or through the combination of data from different
 sources. Store or access device information. measure the
 content performance. Use of limited data for the purpose of selecting the
 content. Development and improvement of services. Limited data usage with
 objective of selecting advertising. Using profiles for content selection

 personalized. Create profiles for personalized advertising. Measure the performance of
 advertising. Use profiles to select personalized advertising. Create
 profiles to personalize content.

 <<List of Suppliers>>


 <<Show the Purposes>><<I accept>>


If you choose to accept all cookies by clicking on the <<Accept>> option, you will

check how the website continues to use the cookies detected at the beginning of the
visit, before giving consent.

If you click on the <<Show Purposes>> option, the website displays a panel of
control where cookie groups are pre-marked “OFF”,

except the group of cookies with the title “Analytics” which are pre-marked in
“ON” option.

If the information of this group of cookies is displayed by clicking on (+) in the title of the
“Analytics” group, information about the purpose of these cookies appears in the language
English, (whose translation is):


       “The collection of information about your use of the content, and its combination
       with previously collected information, is used to measure, understand and
       inform about your use of the service. This does not include Personalization,
       collecting information about your use of this service to personalize

       subsequently the content and/or advertising to you in other contexts, it is
       That is, on other services, such as websites or applications, over time.
       If you want to see the list of providers, click on Your privacy and View the
       consent of the provider.


If you wish to reject all cookies, clicking on the option <Confirm my
preferences> without moving any cursor of the cookie groups, from the position
“OFF” to the “ON” position and moved the cursor of the “Analytics” cookie group of the
position “ON” to the “OFF” position, it is checked how the website continues using the
cookies detected at the beginning of navigation.


Once the preferences are confirmed, (without having given consent for the
use of cookies) the website displays a new information banner:

         Become a member and access the website without advertising or accept cookies


C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 9/14








  We report from the Formula 1 and MotoGP paddocks because, like you, we love
                                    our sport.
  To do our job, our website uses cookies. Among other things, this

      Optimize your sleep experience and adjust ads to your interests. Without
  However, we want to give you the opportunity to enjoy our website without ads.
    You have two options: 1. Become a member for a small monthly fee, without
     cookies, but with a better website experience and more benefits-/2.
       Accept cookies and enjoy our content for free.


                <<BECOME A MEMBER>> <<ALLOW COOKIES>>

                        <<Are you already a member? Connect here>>



In this new banner it is verified that there are only two possibilities if
you want to continue browsing the website, or you previously accept all cookies
by clicking on the <<Allow Cookies>> option or you must become a member for a fee
monthly, where, according to the information provided, they assure that they will not install

cookies.

       c).- About the information provided in the second layer (Privacy Policy).
Cookies):


If you access the “Cookie Policy” through the link at the bottom
from the main page, the website redirects the user to a new page,
https://es.motorsport.com/info/cookie-policy/ where information is provided about:
what are cookies; What is the purpose of the information collected through cookies, what
type of cookies exist and how cookies can be managed through the
browsers installed on the terminal equipment.


       d).- Regarding the possibility of modifying the consent once given in
       relationship with cookies.

If the user has given initial consent for the website to use cookies that

are not technical or necessary and you want to modify said consent, there is the
possibility of accessing the cookie control panel through the link <<Manage
Preferences>> existing at the bottom of the web page you are visiting, to
through which the cookie control panel appears, where the groups of
Cookies are now marked “ON.”


If you wish to withdraw consent, you must move the cursors of the groups of
cookies from the “ON” position to the “OFF” position and click on <<Confirm my
preferences>>. However, if this process is carried out, the website displays the
information banner where it only allows the option to “accept all the
cookies” or “become a member of the club” by paying a monthly fee.


FIFTH: On 12/18/23, the Director of the Spanish Agency for the Protection of
Data agreed to initiate sanctioning proceedings against the entity, MOTORSPORT
NETWORK ESPAÑA, S.L. with CIF.: B87730164, owner of the website:
https://es.motorsport.com/, in accordance with the provisions of articles 63 and 64 of the

C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 10/14








Law 39/2015, of October 1, on the Common Administrative Procedure of the
Public Administrations (LPACAP), for the alleged violation of article 22.2 of the
LSSI, classified as “mild” in article 38.4.g) of the aforementioned standard, regarding the

“Cookie Policy” of said page.

In the opening agreement it was determined that the sanction that could apply,
taking into account the evidence existing at that time and without prejudice to what may result
of the instruction would amount to a total of 5,000 euros (five thousand euros).


The notification of the agreement to open the file was carried out in accordance with the
standards established in Law 39/2015, of October 1, on the Procedure
Common Administrative Administration of Public Administrations (LPACAP). According to Certificate
of the Correos y Telégrafos State Company, S.A., the document initiating
file sent to the corporate address, ***ADDRESS.1, was returned to its destination on

08/03/23, with the message “unknown”, as stated in the acknowledgment of receipt that
work in the file., according to the Central Commercial Registry, it was returned to its origin by
“unknown” on 01/10/24.

On 01/16/24, notification of the initiation agreement was made through an announcement in
the single Edictal Board of the Official State Gazette, in accordance with article 44 of

the LPACAP. In said announcement the claimed party is informed about the possibility of
obtain a copy of the opening agreement.

SIXTH: The aforementioned initiation agreement has been notified in accordance with the rules established in
the LPACAP and after the period granted for the formulation of allegations has elapsed, it has been

verified that no allegation has been received from the party claimed in this
Agency.

Article 64.2.f) of the LPACAP - provision of which the claimed party was informed
in the agreement to open the procedure - establishes that if no

allegations within the stipulated period regarding the content of the initiation agreement, when
This contains a precise statement about the imputed responsibility,
may be considered a proposal for a resolution. In the present case, the agreement
beginning of the sanctioning file determined the facts in which the
imputation, the violation of the LSSI attributed to the defendant and the sanction that could be
impose Therefore, taking into consideration that the claimed party has not

made allegations to the agreement to initiate the file and in response to what
established in article 64.2.f) of the LPACAP, the aforementioned initiation agreement is
considered in the present case proposed resolution.

In view of everything that has been done, by the Spanish Data Protection Agency

In this procedure, the following are considered proven facts:

                                PROVEN FACTS

Unique: In the verification carried out and completed by this Agency on 11/13/23, in the

website https://es.motorsport.com/, the following deficiencies could be verified in its
"Cookies policy":



C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 11/14








    - It was found that cookies were used that were not of a technical or
       necessary without the user's consent:

           o Performance cookies: _chartbeat2


           o Google Analytics Cookies (performance): _gid; _ga;
                      _ga_PVMXPYS8TW.

           o Targeting or advertising cookies: demdexMás; dpmMore; _fbp;

               chaos; uuid2;

           o Functionality cookies: _cb_svref;

           o Cookies whose purpose could not be identified: adblfree; opt_out

               (.postrelease.com.- third party); ms_touch; _cb; ktcid; (.kargo.com
                      third party); FPLC; _pbjs_userid_consent_data;
               _pc_PianoABtestv2; __browsiSessionID; ucountry; abtestv2;
               ntvSession; FPID; CONSUMABLEID (.serverbid.com.- third party);
               KCCHMás (.ads.pubmatic.com.- third party); HAPLB8G
               (.go.sonobi.com.- third party); _pc_20ABtestv2; __browsiUID;

               Audit (.rubiconproject.com.- third party)

    - It was verified that there is no possibility for the user to reject the
       use of cookies that are not of a technical nature since in the case of
       all cookies are rejected in the control panel, the website returns to

       display a new banner where there is only the possibility of accepting
       all cookies or, where applicable, register on the website in exchange for a fee
       monthly and where it is insured, according to the information provided in said
       banner, that cookies will not be installed.

    - The impossibility of withdrawing consent once given was confirmed.


                           FOUNDATIONS OF LAW

                                           Yo
                                    Competence.


In accordance with the provisions of article 43.1 of the LSSI and the provisions of the
articles 47, 48.1, 64.2 and 68.1 of the LOPDGDD, is competent to initiate and resolve
this procedure the Director of the Spanish Data Protection Agency.

Likewise, article 63.2 of the LOPDGDD determines that: "The procedures
processed by the Spanish Data Protection Agency will be governed by the provisions

in Regulation (EU) 2016/679, in this organic law, by the provisions
regulations dictated in its development and, insofar as they do not contradict them, with a
subsidiary, by the general rules on administrative procedures."

The fourth additional provision "Procedure in relation to powers
attributed to the Spanish Data Protection Agency by other laws" establishes

that: "The provisions of Title VIII and its implementing regulations will apply to
C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 12/14








the procedures that the Spanish Data Protection Agency would have to
process in the exercise of the powers attributed to it by other laws."


                                            II
                          Classification of the offense committed

The deficiencies detected, regarding the cookie policy, on the website
https://es.motorsport.com, that is, the use of cookies that are not of a nature
technique without the user's consent; the impossibility of rejecting them or being able

manage them in a granular way and the impossibility of withdrawing consent once
provided, they represent the commission of the violation of article 22.2 of the LSSI, since
establishes:

       “Service providers may use storage devices and

       data recovery on recipients' terminal equipment, provided
       that they have given their consent after they have been
       provided clear and complete information on its use, in particular on
       the purposes of data processing, in accordance with the provisions of the LO
       15/1999, of December 13, on the protection of personal data.


       Where technically possible and effective, the consent of the recipient
       to accept the processing of the data may be facilitated through the use of the
       appropriate settings of the browser or other applications.

       The above will not prevent possible storage or access of a technical nature

       for the sole purpose of carrying out the transmission of a communication over a network of
       electronic communications or, to the extent strictly necessary
       necessary, for the provision of an information society service
       expressly requested by the recipient.”


                                            III
                                        Sanction

This Infraction is classified as “minor” in article 38.4 g) of the aforementioned Law, which
considers as such: “Use data storage and recovery devices
when the information has not been provided or the consent of the

recipient of the service in the terms required by article 22.2.”, and may be
sanctioned with a fine of up to €30,000, in accordance with article 39 of the aforementioned
LSSI.

The LSSI, in its article 40, establishes the “graduation of the amount of sanctions”,

taking into account the following criteria:

       a) The existence of intentionality.
       b) Period of time during which the infraction has been committed.
       c) Recidivism due to the commission of infractions of the same nature, when

       so it has been declared by final resolution.
       d) The nature and amount of the damages caused.
       e) The benefits obtained from the infringement.
       f) Billing volume affected by the infraction committed.

C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 13/14








       g) Adherence to a code of conduct or a self-regulation system
       applicable advertising regarding the infringement committed, which complies with the
       provided in article 18 or in the eighth final provision and that has been
       favorably informed by the competent body or bodies.


After the evidence obtained, it is considered appropriate to graduate the sanction to be imposed.
in accordance with the following aggravating criterion, established by art. 40 of the LSSI:

    - The existence of intentionality (section a). Expression that must
       be interpreted as equivalent to the degree of guilt according to the
       Judgment of the National Court of 11/12/07 falling in Appeal no.

       351/2006, corresponding to the reported entity the determination of a
       system for obtaining informed consent that is appropriate to the mandate
       of the LSSI.

In accordance with these criteria, it is considered appropriate to impose, for the violation of the

article 22.2 of the LSSI, regarding the cookie policy made on the website
of its ownership, a fine of 5,000 euros (five thousand euros).

Therefore, in accordance with the above, by the Director of the Agency
Spanish Data Protection,
                                     RESOLVES:


FIRST: IMPOSE the entity MOTORSPORT NETWORK ESPAÑA, S.L. with
CIF.: B87730164, owner of the website: https://es.motorsport.com/, for the
violation of article 22.2 of the LSSI, typified in art. 38.4.g) of the aforementioned standard,
a fine of 5,000 euros (five thousand euros).


SECOND: NOTIFY the resolution to MOTORSPORT NETWORK ESPAÑA S.L.

THIRD: This resolution will be enforceable once the deadline to file the
optional resource for replacement (one month counting from the day following the
notification of this resolution) without the interested party having made use of this power.
The sanctioned person is warned that he must make effective the sanction imposed once

This resolution is executive, in accordance with the provisions of art. 98.1.b)
of Law 39/2015, of October 1, on the Common Administrative Procedure of the
Public Administrations (hereinafter LPACAP), within the voluntary payment period
established in art. 68 of the General Collection Regulations, approved by Real
Decree 939/2005, of July 29, in relation to art. 62 of Law 58/2003, of 17
December, through your entry, indicating the NIF of the sanctioned person and the number of

procedure that appears in the heading of this document, in the account
restricted IBAN No.: ES00-0000-0000-0000-0000-0000 (BIC/SWIFT Code:
CAIXESBBXXX), opened on behalf of the Spanish Data Protection Agency in
the banking entity CAIXABANK, S.A.. Otherwise, it will be
collection in executive period. Once the notification is received and once executive, if the

Execution date is between the 1st and 15th of each month, both
inclusive, the deadline to make the voluntary payment will be until the 20th of the month
next or immediately following business day, and if it is between the 16th and last day of
each month, both inclusive, the payment term will be until the 5th of the second month
following or immediate subsequent business.

C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es 14/14









Against this resolution, which puts an end to the administrative procedure in accordance with art. 48.6 of the

LOPDGDD, and in accordance with the provisions of article 123 of the LPACAP, the
Interested parties may optionally file an appeal for reconsideration before the
Director of the Spanish Data Protection Agency within a period of one month to
count from the day following the notification of this resolution or directly
contentious-administrative appeal before the Contentious-administrative Chamber of the

National Court, in accordance with the provisions of article 25 and section 5 of
the fourth additional provision of Law 29/1998, of July 13, regulating the
Contentious-administrative Jurisdiction, within a period of two months from the
day following the notification of this act, as provided for in article 46.1 of the
referred Law.


Finally, it is noted that in accordance with the provisions of art. 90.3 a) of the LPACAP,
may provisionally suspend the final resolution through administrative channels if the
interested party expresses his intention to file a contentious-administrative appeal.


If this is the case, the interested party must formally communicate this fact through
writing addressed to the Spanish Data Protection Agency, presenting it through
of the Agency's Electronic Registry [https://sedeagpd.gob.es/sede-electronicaweb/],
or through any of the other registries provided for in art. 16.4 of the aforementioned Law
39/2015, of October 1. You must also transfer the documentation to the Agency

that proves the effective filing of the contentious-administrative appeal. If the
Agency was not aware of the filing of the contentious appeal.
administrative within a period of two months from the day following notification of the
This resolution would end the precautionary suspension.



Sea Spain Martí
Director of the Spanish Data Protection Agency.

























C/ Jorge Juan, 6 www.aepd.es
28001 – Madrid sedeagpd.gob.es