Roularta Media Group – €50,000 Fine (Belgium, 2022)

On 16 January 2019, the Executive-committee of the Belgian DPA (GBA) started an investigation on the use of cookies on Belgian media websites. The controller in this case is Roularta Media Group. The investigation revealed the following potential violations. First, the placement of unnecessary cookies prior to consent of the data subject. Second, the placement of statistical cookies without consent. Third, pre-ticked boxes to grant consent for cookies from partners. Fourth, the placement of a disclaimer for third-party cookies. Fifth, false and inadequate information in their privacy policy. Sixth, unjustified retention periods for the storage of cookies. Lastly, revoking consent was impossible. In fact, this placed more cookies. The controller argued that statistical cookies are used for aggregated basic statistics, necessary for the business model of the website. No personal data is being processed for this activity, as such, the GDPR does not apply. The controller argued that regarding the statistical cookies, the personal data was anonymised. The controller further argued that the Belgian DPA did not provide adequate guidelines for companies to comply with the GDPR. The controller refers to e.g. the French and Dutch DPA, who have provided this. Regarding the placement of cookies, the DPA first noted that cookies can only be placed without prior consent when they are (1) strictly necessary for the transmission of communication or (2) to provide a service that is explicitly requested by the user. The DPA held that the controller violated Article 6(1)(a) and Article 5(3) ePrivacy Directive 2002/58/EC, as some of the cookies placed without prior consent were found to be not strictly necessary. The controller even admitted to the placement of unnecessary cookies without obtaining prior consent. Regarding the placement of statistical cookies in particular, the DPA noted - with reference to her decision in 12/2019 - that these also require prior consent. The DPA ob