Market News

Spanish data protection authority imposes fines on “vueling airlines” for insufficient cookie policy

In October 2019 the Spanish data protection authority (Agencia española de protección de datos, AEPD) imposed a fine of EUR 30’000 on Vueling-Airlines for an illegal cookie policy. The Spanish regulations implementing the EU ePrivacy Directive require the use of cookies that can be configured directly on the website itself. In the present case, however, visitors to the online booking platform had to consult the browser settings to be able to prevent the use of cookies.

Although the decision is neither based on the GDPR nor refers to the recent cookie case law of the ECJ, the decision contains interesting information on the (different) requirements that European data protection authorities place on the cookie consent architecture. In the opinion of the AEPD, for example, under certain conditions surfing on the website should also be able to count as valid consent.

More information: