The Spanish Data Protection Agency, Agencia Española de Protección de Datos (AEPD), revised its guide on the use of cookies. The updated guide (in Spanish) was announced on July 28, 2020, and it is in line with the revised EDPB guidelines on consent

The AEPD has established that the organizations must implement the revised content no later than October 31, 2020. 

France’s CNIL also recently updated its guidelines on cookies and similar technologies.

You can read the official AEPD press release here (only available in Spanish).

In this post, we will discuss the key highlights of the revised guide.

AEPD revised cookie consent guide

In May 2020, the European Data Protection Board (EDPB) revised its guidelines on consent. It provided clarifications on the use of cookies. Aligning with the updated guidelines, the AEPD has also revised its guide on two important details:

  1. Continued browsing without any interaction
  2. The use of cookie walls

Continued browsing without any interaction

Continued browsing without interacting with the cookie banner does not constitute valid consent. Unless and until the users explicitly express their consent to use the cookies, you cannot store them on their device

The AEPD clears that such action (scrolling through the website without responding to the cookie consent) is difficult to distinguish from other activities or interactions. Therefore, such “implied” consent is not unambiguous. 

Hence, the consent obtained via the “continue browsing” option is not valid.

The use of cookie walls

The AEPD prohibits the use of cookie walls. Cookie walls are pop ups on a website that restricts partial or full access to the website unless users agree to the use of cookies. 

The consent obtained via cookie walls is deemed invalid as it is not “freely given.” The AEPD stated that the cookie walls do not let the users freely express their consent to use cookies. This is a significant change from the previous version of the guide where it did allow the use of cookie walls. The only restriction was that the use of cookie walls should not hinder the legally recognized rights of the users. 

If at all one has to use cookie walls, they have to provide adequate information and equivalent alternative to the website content without accepting the use of cookies

To follow the revised content in the guide, the solution is to deploy a cookie banner set up that does not store cookies unless the users agree. The consent banner should also not make access to the website services or content conditional to user consent. 

CookieYes is a simple yet powerful application to fulfill both the requirements (and more). It automatically blocks third-party cookies scripts before the user agrees to use them. The customizable cookie consent banner by CookieYes does not restrict access to website services or content.

You can know more about CookieYes and how to set it up on your website here.

Disclaimer: This blog post is for information purposes only. It does not intend to be a substitute for legal advice. To know more about the legal aspects, we advise you to read the official document of the guide or contact an attorney.