The case analysis involves a sanction procedure initiated by the Spanish Data Protection Authority (AEPD) against Eslora Proyectos, S.L. for failing to provide the necessary basic layer information to users regarding cookies loaded on their three websites. The defendant's response to the AEPD investigation requests included claims that they were performing data protection adaptation to GDPR, and they had limited resources. They also argued that due to a controversial CJEU judgement, they decided not to install a basic layer regarding cookies until the publication of any guides or recommendations by the AEPD. However, the AEPD found that the three websites loaded non-necessary cookies, including Facebook ones, without informing or obtaining user consent, and the basic layer was too vague and did not follow AEPD recommendations. Additionally, the second layer of the websites provided generic information on cookies but not specific information on which cookies would be installed or how long they would be installed. The AEPD understood that the defendant could have breached its information duties in relation to cookies under Article 22(2) of the LSSI. The defendant accepted the AEPD's cookie guide and installed the basic information layer, but it was still not compliant with the legislation. The AEPD offered the defendant the option to settle the issue before the decision takes place by agreeing to a voluntary payment of part of the fine with two possible discounts.