Last year, the Spanish Data Protection Agency (AEPD) updated the Guidance on the use of cookies in order to bring it into line with the Guidelines on consent as amended by the European Data Protection Committee.
As we have seen over the years, the entry into force in 2018 of the General Data Protection Regulation (GDPR) has introduced numerous changes in the field of data protection, mainly with regard to the requirements for obtaining consent from data subjects.
These new consent requirements have forced most websites to make a series of adaptations in terms of how their cookie policy works and the way in which users give their consent for cookies to be stored or not.
Cookies are a small file that is downloaded to the user's computer/phone/tablet when accessing a website, online shop, intranet, online platform or similar, to store and retrieve information about the browsing done from that computer. These cookies can collect certain user information (i.e. IP address, date and time of visit to the website, etc.) and therefore the user's consent is necessary to obtain and store it.
New developments in the area of cookies
Under the new regulations, the main novelties introduced by the AEPD The cookies policy is as follows:
- The removal of the option to seek consent via the "continue browsing" option. The European Committee has taken the view that the "continue browsing"is not a valid form of consent, insofar as such actions may be difficult to distinguish from other activities or interactions of the user, so that it would not be possible to understand consent to be unambiguous.
- The ban on the use of cookies walls (or cookie wall) if no alternative to consent is offered.
However, it is important to take into consideration that there may be some cases in which the non-acceptance of cookies prevents access to the website provided that (i) the user is informed, (ii) an alternative access to the service is offered that does not involve the use of cookies, (iii) the alternative service is "genuinely" equivalent to that offered on the website and (iv) the alternative service is not offered by an entity outside the publisher.
- See amend and clarify certain aspects relating to the methods for providing information on the withdrawal of consent to users.
The Spanish Data Protection Agency established a transitional period for this adaptation of the cookie policy to take place. to the new rules, being the The deadline for this is 31 October 2020. However, it is not uncommon to find websites that are still not adapted to these new guidelines.
In this regard, it is important to bear in mind that the AEPD may impose penalties for the incorrect management of cookies with fines of up to €30,000but which may be higher in accordance with the parameters set out in the GDPR.
Therefore, it is important to review the cookie policy in order to adapt it to the new guidelines, as the The AEPD has begun to impose the first fines for non-compliance with the regulations, regardless of the volume of turnover of the non-compliant party or its activity.Many of them are the result of users' own complaints.
Subsidies from the Junta de Andalucía for digital modernisation
The Junta de Andalucía has recently approved an aid package for the ".digital modernisation and improving the competitiveness of self-employed and self-employed workersThis includes the financing of up to 100% of the amount of a number of items, with the following category of costs being included in the so-called 'modality B' expenditure:
"Consultancy costs for the monitoring compliance with the legal aspects of the website such as the current regulations on data protection, cookies policy(c) the rules applicable to electronic commerce, in particular those relating to the protection of consumers and users and the European rules on the application of Strong Customer Authentication (SCA) for electronic payments."
The inclusion in the eligible items of the costs incurred for legal advice for the website underlines the importance of complying with these legal obligations.