Belgian Data Protection Authority imposes cookie fine of €15.000 to SME

Belgian Data Protection Authority imposes cookie fine of €15.000 to SME

Bittersweet Christmas present from the Belgian Data Protection Authority (BDPA) to a small company specialized in legal information. First Belgian fine for unlawful use of cookies. Here are 7 quick tips to avoid the same fine.

Small company fined for unlawful use of cookies

On December 17, 2019, the Belgian Data Protection Authority (BDPA) handed the small Belgian company – who operates a website with legal information – a fine of €15.000 for unlawful use of cookies.

Interestingly, this time the BDPA did not act based on a filed complaint but carried out their investigation on its own initiative.

In its decision, the BDPA fined because:

    • They did not provide sufficient information about the cookies used on the website (e.g. list of cookies used; their purpose, lifespan; or a list of third parties). Furthermore, the cookie policy was only available in English, although the website targeted French and Dutch-speaking readers;
    • The website did not provide any opt-out option for certain types of cookies (including first-party cookies);
    • Although an improved version of the website did collect consent, the consent obtained was not sufficiently granular, i.e. users should have been able to give consent to different cookie categories (e.g. statistical, marketing, functional);
    • There was no easy way for users to withdraw consent when first given.

Belgian Data Protection Authority sets an example

In a press announcement to Belgian website, the BDPA confirms that the intent of the investigation and fine was to set an example, pointing to the exemplary role that a legal information website should play. In the same instance, the BDPA argued that most websites in Belgium are unlikely to comply with the rules as prescribed in this case.

"Sites must be well aware that they have serious obligations. There is an information obligation for cookies, even if they come from third parties." Dispute Chamber Data Protection Authority

What is remarkable with this fine is, that it is a small website with approx. 35.000 visitors a month who is the first to receive a fine for unlawful use of cookies in Belgium. The BDPA sends a clear message that it is not only the big players who are targeted, but every company must comply with the GDPR for cookies.

How to avoid getting a cookie fine by your national DPA?

7 quick tips to avoid a cookie fine!

To collect valid consent, you need a cookie consent solution (banner) which:

  • Informs your visitors of cookies (list of cookies; their purpose; lifespan; list of third parties);
  • Provides your visitors with the option to decline cookies (opt-out);
  • Holds back cookies before consent is obtained;
  • Does not assume consent with pre-ticked boxes;
  • Gives your users the possibility to give consent to specific cookie categories (e.g. functional, statistical or marketing);
  • Provides an easy way to withdraw consent to cookies;
  • Collects and stores consents for 5 years (in case of inspection by DPA).

Unsure whether your cookie consent solution collects valid consent?

Get a free and professional assessment of your website’s cookies. You’ll have the results within two working days.

Learn more

Cookie Information provides websites with a leading cookie consent solution which meets the requirements in the ePrivacy Directive and GDPR. Secure your visitors’ data today – contact Cookie Information on how to become cookie compliant.

book a meeting with jonas