Roularta Media Group

Description

The Belgian DPA has imposed a fine of EUR 50,000 on Roularta Media Group. As part of its investigation, the DPA found that the cookie management on two websites operated by Roularta did not comply with the GDPR. In order to use cookies, controllers must obtain prior consent from the user, except in cases where the cookies are strictly necessary for website operation. The DPA found that consent to the processing of personal data through cookies on websites operated by Roularta was not valid, as not all necessary conditions were met. As such, about 60 cookies that were not required had been placed by the websites on visitors' devices even before they had given their consent. Roularta had also failed to sufficiently inform users about cookies. In addition, the boxes for consent to the placement of cookies by third parties were checked in advance, although users must always actively consent. In addition, the DPA found that users could not revoke their consent to cookie placement as easily as they had given it.