Internet Cookies Act, the first fines fall

The first resolutions of penalties for infringement of the law of cookies of the year 2013 to companies for the use of these on the Internet, issued by the Spanish Agency of data protection, have arrived…

Many people do not know to this day that they are the cookies although in the daily use of Internet Intereactuan with them and they are notices/on them:

A cookie is a text file that is downloaded to the user’s terminal computer to store in it during Internet browsing certain data with one or more purposes, being a particularly intrusive treatment when the person responsible for its installation, updating and recovery collects and treats the information stored in the cookie without informing and without having the user’s consent for it.

In order to guarantee the use of such devices for legitimate purposes and with the knowledge of the affected users, who most often turn to the Internet for the accomplishment of their daily activities, the Community and national regulation establishes the Obtaining informed consent in order to ensure that users can know about the use of their data and the purposes for which they are used.

The legal actions initiated at the request of a particular whistleblower collect infringements of two Spanish companies XXX and yyyy that in their webs infringe both the LOPD and the LSSI because it does not provide information on the storage devices and Data retrieval (cookies) nor is consent requested for use, as in the contact section form of such sites is not adequately informed to the user of the purpose and treatment of their data.

The penalties have been in practice 3000 and €500 for these two “hunted” companies the law provided for possible penalties of up to €30,000.

The Spanish law of “cookies” belated in its aparación has become however one of the most stringent regulations at European level on these issues, a question that is bringing much controversy.

The law requires that cookie information be:

Clear: information must be easily understood.
Complete: Information about the specific purpose of cookies should be offered.
Previous: Information must be provided prior to installation of cookies.

It is also necessary to have the prior consent of the user… which can be collected in very different ways.

Certain cookies are exempt from the duty to inform and obtain consent. That is to say, they can be installed without the need of banners, pop-ups and windows of more aggressiveness.

Exempt cookies are as follows:

Which only allow communication between the user’s computer and the network.
Those necessary for the provision of a service of the information Society expressly requested by the user.

The “cookie” sector is likely to converge two different laws; The law of cookies and the law of protection of personal data lopd… when the cookies do not treat personal data only must comply with their specific law LSSI… when there are also sensitive data collected people also comes into play the law LOPD.

Any Web or blog must be up to date for compliance with these two rules with the relevant notices and devices… otherwise, and if an investigation is carried out there may be penalties… There are companies currently specializing in providing advice Technical and legal to update websites/blogs applications and avoid this type of fines… We need to be informed and comply with the law.

by Paola Alesci Naranjo
Lawyer and advisor specializing in PI