Insufficient cookie banners on websites should not be underestimated in terms of data protection. This shows an existing judgment in which the Spanish supervisory authority imposed a fine of € 30,000 because a website operator had not implemented his cookie consent in accordance with data protection regulations.
“The Spanish Data Protection Agency (AEPD) has sanctioned Vueling Airlines with 30,000 euros for not giving users the ability to refuse their cookies and force them to use them if they want to browse its website. In other words, it was not possible to browse the Vueling page without accepting their cookies. “Source: https://www.enforcementtracker.com/
This judgment is an incident from Spain. However, it cannot be ruled out that German companies will not have to expect the same or even higher fines.
The updated guideline of the EDSA and the quote from the German Federal Commissioner for Data Protection and Freedom of Information Professor Ulrich Kelber make this clear:
“There are still websites that, due to their structure, impose tracking on users. The updated guidelines make it clear again that consent cannot be enforced. […] I would like those responsible to draw the right conclusions from this and finally offer data protection-friendly alternatives. ”
Source: https://www.bfdi.bund.de/DE/Infothek/Pressemitteilungen/2020/10_Leitlinien-Einwilligung-Internet-aktualisiert.html