Clear explanations of GDPR, ePrivacy and privacy law concepts related to cookies, tracking technologies and consent requirements for websites and SaaS products.
In the first instalment of this series we reviewed the lower‑value fines imposed for cookie‑consent violations. The remaining cases involve significantly higher penalties and illustrate how regulators respond to persistent or large‑scale infringements. Below are the top five cases with the largest fines, ordered from lowest to highest. 6 – Facebook Ireland – fine of €60 million … Read more
Digital cookies and trackers are essential for personalising services and measuring audience behaviour, but European privacy rules (in particular the EU e‑Privacy Directive and the General Data Protection Regulation (GDPR)) require companies to obtain informed, freely given consent before setting non‑essential cookies. Supervisory authorities have repeatedly sanctioned organisations that ignore these rules or make it … Read more
In 2026, cookie compliance is no longer a theoretical or “best-practice” discussion. It is a litigation issue. Across Europe and the United States, regulators and courts are increasingly aligned on one point: collecting user data before valid consent is a legal risk, even if you have a cookie banner in place. Companies are not just … Read more
TL;DR: Modern retail sites often combine analytics telemetry with video playback signals (embedded players, CDNs, session replay, ad pixels). That combination can create GDPR exposure in the EU and VPPA-style litigation risk in the U.S. The key lesson is operational: compliance depends on what your stack actually transmits at runtime, not on what your banner … Read more