AEPD (Spain) - PS/00032/2020
|AEPD (Spain) - PS/00032/2020|
Article 5(3) e-Privacy Directive
Article 22(2) LSSI
|Parties:||IBERIA LÍNEAS AÉREAS DE ESPAÑA, S.A. OPERADORA UNIPERSONAL|
|National Case Number/Name:||PS/00032/2020|
|European Case Law Identifier:||n/a|
|Original Source:||AEPD (in ES)|
The Spanish DPA fined an airline €30,000 for not allowing their website's users to exercise a choice regarding cookies before placing them, as well as for not offering enough information about cookies and not allowing users to reject all cookies at once.
English Summary[edit | edit source]
Facts[edit | edit source]
A user of the website of Iberia, an airline, lodged a complaint before the Spanish DPA (AEPD) saying that they had not been given an option to reject the cookies when using the website, and that they had been obliged to accept them to keep browsing.
During the investigation, the AEPD also found that cookies were placed before obtaining consent. Additionally, they found that the information about cookies was incomplete and misleading.
Holding[edit | edit source]
The AEPD concluded that Iberia had infringed the Spanish law on cookies (LSSI), as transposed from the e-Privacy Directive. The DPA considered that the airline should had allowed users to reject cookies in the second layer at once, instead of granularly, and that it should not had installed cookies without allowing users to exercise their choice.
The airline should had also informed users about third party cookies and the storage period, as well as more clear information about the purpose of cookies.
For this, the Spanish DPA fined Iberia €30,000.
Comment[edit | edit source]
Share your comments here!
Further Resources[edit | edit source]
Share blogs or news articles here!
English Machine Translation of the Decision[edit | edit source]
The decision below is a machine translation of the Spanish original. Please refer to the Spanish original for more details.