The Swedish data protection regulator (IMY) has issued a formal warning to Warner Music and two other companies for violating the rules on the use of cookie banners that did not comply with the GDPR. No sanctions have been imposed yet, but in case of repeated violations, fines of up to €20 million are possible
The essence of the violation is that users were not provided with full and clear information about the use of cookies, in particular about the right to withdraw consent. Under EU law, refusing cookies must be as easy as consenting to them, and must be voluntary, informed and unambiguous.
Warner Music did not provide sufficient information about the withdrawal of consent. ATG, which operates in the gambling industry, used a banner design that misled users. And Aller Media, a large media company, was unable to substantiate its “legitimate basis” for processing personal data at all.
The investigation was launched after complaints from citizens in other European countries. All three companies operate in different sectors, but the problem was one thing in common – failure to comply with the clear requirements for consent to the use of cookies, as prescribed in the General Data Protection Regulation (GDPR).
IMY emphasized that the use of pre-installed checkboxes, confusing design or unclear wording in cookie banners is a direct violation of the law.
This case is a reminder to companies of the strict requirements of the GDPR for digital transparency. Even giants such as Warner Music are not immune to legal consequences due to small UX mistakes. To avoid fines in the millions, all organizations must ensure simple, clear and fair interaction with users regarding data collection.
66 
56 
83 