Update of the cookies guide

The Spanish Data Protection Agency (AEPD) has published an update of the cookies Guide. These new criteria on their use that are included in the new Guide must be implemented no later than 11 January 2024. Therefore, we believe a post is necessary to explain the new features introduced in it.

The first thing to bear in mind is that the use of trackers must be transparent, and consent must be free and voluntary, which means that pre-checked boxes are not considered valid consent. This implies that the checkboxes for each cookie must be disabled in the “cookie settings” section.

In the Banner where it is indicated that the website uses cookies, the “ACCEPT”, “REJECT” and “Settings” actions must be prominently displayed. In turn, the “ACCEPT” and “REJECT” actions must be on the same level, so that rejecting them is as easy as accepting them.

EXAMPLE: 

Use of cookies 

We use our own and third-party cookies to analyze the use of the website and show you advertising related to your preferences based on a profile created from your browsing habits. Cookies policy. 

The new update of the cookies Guide recommends establishing a simple mechanism for withdrawing consent. For example, having a permanently visible floating button at the bottom of the website where, when the user clicks on it, they are taken directly to the cookie settings, just as we have on our website:

Furthermore, multipurpose cookies with 2 or more different purposes must ensure they are only used if all the purposes they combine are accepted. In other words, if a cookie serves 2 purposes and the user only accepts one of them, the cookie should not be used, unless the management system allows for a different treatment to be given to the different purposes, so that the cookie only operates for the purpose that has been accepted.

Likewise, it should be remembered that cookies used for any of the following purposes are exempt from compliance:

• Technical cookies.
• “User input” cookies: These are session and user input cookies that are typically used to track user actions when filling out online forms on multiple pages or as a shopping cart to track items that the user has selected when pressing the button.
• User authentication or identification cookies (session only).
• User security cookies: cookies used to detect erroneous and repeated attempts to connect to a website.
• Media player session cookies.
• Session cookies for load balancing.
• User interface customisation cookies.
• Certain plug-in cookies to exchange social content.

Even though they are exempt from obtaining the user’s consent for their use, users must be informed of their use:

However, it will be necessary to inform and obtain consent for the use of the following cookies:

• Preference or personalisation cookies.
• Analytics or measurement cookies.
• Behavioural advertising cookies.

Finally, the Agency considers it good practice for the validity of the consent given by the user for a specific cookie not to last longer than 24 months and, during this time, the selection made by the user regarding their preferences should be preserved, without being asked for new consent whenever they visit the website.

Mariona Heredia

If you want more information about this update of the cookies guide, don’t hesitate to contact us!

Information on data protection

Company name
LEGAL IT GLOBAL 2017, SLP
Purpose
Providing the service.
Sending the newsletter.
Legal basis
Compliance with the service provision.
Consent.
Recipients
Your data will not be shared with any third party, except service providers with which we have signed a valid service agreement.
Rights
You may access, rectify or delete your data and exercise the rights indicated in our Privacy Policy.
Further information
See the Privacy Policy.