The Spanish Data Protection Authority (AEPD) recently fined SEAT, S.A. €20,000 for improperly placing cookies on its website without obtaining proper user consent, violating the General Data Protection Regulation (GDPR). The investigation revealed that SEAT's cookie banner did not provide an adequate option for users to reject non-essential cookies, leading to non-compliance with GDPR requirements for consent and transparency.
In addition to GDPR, SEAT also breached Spanish Law 34/2002 on Information Society Services and Electronic Commerce (LSSI) by using functionality and advertising cookies without prior consent. SEAT also failed to provide an effective mechanism for users to withdraw consent, resulting in continued cookie use even after consent was revoked.
SEAT managed to reduce the fine to €12,000 by cooperating with authorities and paying voluntarily. However, in such cases, non-compliance costs go beyond fines, affecting brand reputation and customer trust.
This case serves as a reminder of the growing importance of proper cookie management in light of privacy laws like GDPR. Businesses that fail to establish clear and comprehensive consent mechanisms risk facing significant penalties.
A compliance tool like Clym could have helped SEAT and other companies avoid similar situations. Clym provides an all-in-one solution for businesses that have to meet various regulatory requirements and the ONLY solution on the market to combine website accessibility, data privacy, age gating, geo-restriction & VPN access control, and more.
With our ReadyCompliance™ mechanism, Clym regularly scans websites for new cookies, categorizes them appropriately, so that no data is collected if users revoke consent. Additionally, Clym generates consent receipts for accepted cookie categories, enabling businesses to remain audit-ready.
By leveraging Clym, businesses can implement clear and comprehensive compliance mechanisms, minimize risks, and significantly reduce the likelihood of hefty fines while maintaining user trust.