2014 is only three months old but already it has been a year of extraordinary happenings. We had two consecutive days of sunshine in Glasgow. My accounting software showed no overdue client invoices. My local Tesco started carrying Sriracha Rooster Sauce. And somebody got a cookie law fine.
From where did this mythical beast emerge? (The cookie law fine, not The Velvet Rooster of Double Happiness.)
It happened in Spain, a country which, like Germany, has very strict personal data protection laws in place as atonement for the sins of its past.
I know y’all are tl:dr these days, so here’s what you need to know:
- The fine was €3,500 (£2,925 GBP). That’s relevant because…
- The fine was issued to a family of jewellery shops. They sell engagement rings that cost more than that fine.
- What sort of man buys an engagement ring online? Seriously?
- After the complaint about the site was made to the Spanish data regulator, it took nine months for the case to be heard. And after that, it took six months to issue the fines.
- The case, and the fine, hinged on a hair-splitting of Spanish law as opposed to a perceived threat to the common weal.
You can read the full account here. The impression you’ll get is that this case was really, really important to lawyers. The cookies in question were, by the court’s own admission, “not uncommon or particularly intrusive to individuals’ privacy”.
Europe’s first and, to date, only cookie law fine was an academic exercise designed to prove a point rather than safeguard consumer privacy: a rattling of sabres that was never truly in the public interest. If this is what it takes to fine a company less than an hour’s worth of revenues, its reputation as Europe’s only cookie law fine will stand for a very long time.
Needless to say, in the 15 months that Spanish solicitors kept their fee clocks running on this case, Spain cheerfully tracked 60 million of its citizens’ domestic phone calls for the NSA during one month alone.