The Spanish Data Protection (AEPD)’s guidance on cookie compliance must be implemented on the 31st of October 2020. Here’s what you need to know about it. This guidance was published back in July. There are a lot of updates with respect to this guidance that all organisations must be aware of.
The guide on the use of cookies has been designed to reflect the European Data Protection Board’s (EDPB) guidelines dated 05/2020 on consent under regulation 2016/679 at great length. The Spanish AEPD will be implementing all updates by the EDPB in its guidelines on consent.
These include the validity of consent provided by the data subject when interacting with cookie walls amongst other areas. The AEPD has also provided a detailed analysis on the issue of scrolling or swiping through a webpage as a clear and affirmative action of consent.
This updated guidance explains that cookie walls cannot be used, since they do not offer a valid alternative to consent. One of the most prominent themes and provisions under the guidance relate to the criteria that consent should be based on. This is one of the most important aspects of obtaining consent for the privacy officer.
More stringent penalties shall now be enforced in cases where the denial of access would prevent the exercise of a right legally recognised by a user, such as when access to a website can only be granted if the consent is given first. This can be seen as a threat or as an additional pressure tactic in the process of obtaining consent.
This guidance borrows from the EDPB that continued browsing cannot constitute a valid way to obtain consent, and therefore Section 3.2.3(e) of the updated guide will be amended accordingly. You can read more here
This information has been collected from the original press release here and the updated guide here. If you would like to improve your compliance level to match the requirements in any part of the EU, you can do so with the help of Seers.
The innovative consent management solution includes the ability to update cookie tables, manage consent logs, maintain archives and stay up to date as per the user consent automatically while being fully compliant with the GDPR, PECR, CCPA and LGPD.