Cookie consent violations lead to sanctions for TV2 Média Csoport Zrt from the Hungarian supervisory authority.
The Hungarian Supervisory Authority (SA) has issued a fine to TV2 Média Csoport Zrt for cookie consent violations. The company operates the websites “tenyek.hu” and “tv2play.hu” which make media content available to the public. The two websites also display advertisements, as the data controller has contracts with third parties for the display of ads on the websites. Following an investigation into the company’s cookie consent management system, the Hungarian SA found that the websites were not GDPR compliant. As a result, the Hungarian SA has decided to issue a fine of 25,000 and order the company to come into compliance with the GDPR.
The user interface on the company’s websites caused issues with collecting valid consent from users, as well as providing sufficient information on users’ personal data.
TV2 Média Csoport Zrt. is the data controller for all features of “tenyek.hu” and “tv2play.hu”, as no other party can have a significant influence in the contracts with third parties. The websites use the same cookie consent management system (CMS), and after setting one CMS panel, a different one pops up, which could be confusing for users. In addition, the subsequent CMS pop-up asks for consent again – after having already asked for consent – and did not seem to accept ‘no’ for an answer. This made it so that the websites’ CMS was not exactly able to collect valid consent from users. Considering the fact that the cookies can be used for profiling an individual, the information about the cookies provided to data subjects was not considered sufficient. The user interface on these websites also made the information on cookies and personal data difficult to access for users.
The company failed to follow through on addressing issues with its cookie consent management system, which resulted in a fine of approximately EUR 25,000.
The data controller stated it would solve the CMS issues it acknowledged after being notified several months prior. However TV2 Média Csoport Zrt failed to follow through. There were some minor changes made, which unfortunately did not affect the merit of the case, as the changes were considered insufficient to achieve compliance. The Hungarian SA stated in its decision that the data controller should only continue the data processing on “tenyek.hu” and “tv2play.hu” if the processing on these sites was made compliant with the GDPR. An administrative fine was also issued of approximately EUR 25 000.
