- The definition of cookies, categories of cookies, and the relation between cookies and personal data protection. The Guidelines indicate which cookies are excepted from compliance obligations under Spanish Information Society Services and E-commerce Act.
- Information duties and transparency with regard to cookie notices.
- In-depth analysis on how to obtain consent, and when such consent is valid.
- Analysis of the parties' responsibility in cookie use, and parties intervening in usage-based advertising processes.
The update of the Guidelines focuses on point 3 above, and is justified in the EDPB's own update of the Guidelines 05/2020 on consent earlier this year (which one may discuss it was not a mind-blowing update). In particular, these are the main changes that, for the Spanish market and based on the original Guidelines, are indeed material:
- No cookie walls: as established in the aforementioned Guidelines 05/2020, access to services and functionalities of the website cannot be made conditional on the consent to the cookies. Cookie walls not providing an alternative to the consent are not valid.
- Access can be made conditional where (i) users are duly informed, and (ii) an alternative to the service / website is offered to the user without accepting cookies. Said alternative must be truly equivalent, and it would not be valid for such alternative to be offered by a company non-related to the website's editor.
The English version of the old Guidelines can be found here.
The Spanish DPA has given a 3 month truce (until October 31) for companies to adapt their websites, apps, etc., to the new criteria.
Authored by Santiago de Ampuero.