Last month, the Spanish Data Protection Regulator issued the first fines for infringement of Spain’s implementation of the EU requirement related to installation and using cookies. The Spanish Regulator decided that the two companies had failed to comply with the obligation to provide clear and comprehensive information about the cookies they used on their websites. The companies were fined €3,500 each - a relatively low fine considering the great enforcement powers of the Spanish regulator, who could have potentially issued a fine up to €30,000 per infringement.

The European E-Privacy Directive (2002/58/EC) was amended in 2009 by Directive 2009/136/EC, which included a change to the E-Privacy Directive. The amendment requires that the end user not only be informed about the use of cookies and the purpose that the cookie will be used for, but also that the end user consents to the storing of cookies on their computer. This rule replaced the previous European rule that allowed operators to use cookies without consent provided an option for opt-out was available. EU Governments had until May 2011 to implement these changes into their own law, as did Spain, which is now the first country to start enforcing the new rules.