Professional Documents
Culture Documents
Eng Guiacookies Informa Rocajunyent 202307 0
Eng Guiacookies Informa Rocajunyent 202307 0
1 August 2023
In July 2023 the Spanish Data Protection Agency ("AEPD") has updated the Guidelines
on the use of cookies ("Cookie Guidelines" or the "Guidelines") to adapt it to the Euro-
pean Data Protection Supervisor's ("EDPS") Guidelines 03/2022 on misleading pat-
terns on social networks.
The criteria set out in the Guidelines are to be implemented by 11 January 2024 at the
latest.
The Cookie Guidelines and its updates cover the cases in which article 22 of Law
34/2002, of 11 July, on information society services and electronic commerce
("LSSICE") is applicable. Consequently, it applies to information society service
This Alert is for information purposes only and does not constitute legal advice of any kind.
providers who use cookies or similar technologies on websites or in mobile applica-
tions to store and retrieve data from the terminal equipment (e.g. computer, mobile
phone) of a natural or legal person using an information society service whose use re-
quires the informed consent of users.
The AEPD has introduced amendments to the Guidelines related to layered information
and consent, types of cookies and cookie walls. Specifically, the following:
Settings panel. The guide specifies that the settings panel can be integrated in the
second layer of the cookie banner, as long as the access is direct and only one
(and very obvious) click away, not making the user have to navigate through the
second layer. It is recommended to include it only when cookies are used for more
than one purpose, in order to simplify the user experience.
Cookie walls. The previous Guidelines already specified that for consent to be
considered freely given, access to the service and its functionalities cannot be con-
ditional on the user's consent to the use of cookies, but that the publisher must offer
an alternative way of accessing the service without the need to accept the use of
cookies. The new version of the Guidelines clarifies that this alternative need not
necessarily be free of charge.
Saving the configuration. In the configuration panel the user must be able to un-
derstand how to save his configuration and for how long. Pre-marked options are
not valid in any case.
This Alert is for information purposes only and does not constitute legal advice of any kind.
Failure to comply with the obligations and criteria established in the Guidelines entails
a breach of art. 22 of the LSSICE, constituting an infringement (art. 38 LSSICE):
In addition, if the breach of obligations concerns the processing of users' personal data,
it will also constitute a serious breach of Art. 13 of Regulation (EU) 2016/679 of the Eu-
ropean parliament and of the council of 27 April 2016 on the protection of natural per-
sons with regard to the processing of personal data and on the free movement of such
data and repealing Directive 95/46/EC ("GDPR"), which may entail a fine of up to EUR
20 000 000 or, in the case of a company, an amount equivalent to a maximum of 4 %
of the total annual aggregate turnover of the preceding financial year, whichever is
higher.
This Alert is for information purposes only and does not constitute legal advice of any kind.