The protection of the user when browsing the Internet has to be taken into account more and more. Entities must act proactively in compliance with regulations, in order to make the Internet interface increasingly secure and act in a transparent way with the data of the users of the web pages.
Currently, the vast majority of entities use the Internet to facilitate access to their services. This implies that, on many occasions, this data traffic on the Internet is used by companies to study and monitor the users of their website. With this information, they offer advertising based on your browsing habits.
Sanctioned Airline: Vueling
In this sense, the AEPD sanctioned VUELING AIRLINES, SL for not correctly complying with the conditions required by the aforementioned regulations.
After conducting the appropriate investigations, it was found that the airline installed cookies on devices without obtaining the consent of those users who accessed its website to purchase tickets. The transfer of data to third parties through cookies was implicit since it did not allow their refusal. Specifically, the Vueling website does not allow the user to use strictly necessary cookies and neither does a positive and affirmative action of consent be collected.
On the other hand, the AEPD recommends that a configuration panel be incorporated in the second informational layer of the Cookies Policy so that the user can eliminate them in a granular way. The resolution indicates guidelines to facilitate this selection by means of buttons on the panel, one to reject all cookies and another to enable all cookies or do it in a granular way.
The penalties for not properly informing in the Cookies Policy can be substantial. In this case, the penalty to be imposed on the airline was considered to be 30,000 euros. The criteria that were taken into account were: the existence of intent, the period of time during which the infringement has been committed, since the claim was from January 2019, the benefits obtained from the infringement and the volume of users affected for the infraction.