Spanish AEPD Cookie Guidelines

CookiePro helps organizations of all sizes simplify time to follow recent cookie guidance provided by the Spanish AEPD. With a purpose-built suite of technology solutions, your organization can get up and running with a cookie banner and preference center to follow guidelines.

Spanish AEPD Enforcement Date

What is the Spanish AEPD?

The Spanish Data Protection Agency is the independent public authority in charge of ensuring the privacy and data protection of citizens. The objective of this space is, on the one hand, to encourage citizens to know their rights and the possibilities that the Agency offers them to exercise them and, on the other, that the obliged subjects have at their disposal an agile instrument that facilitates compliance with the normative.

The Spanish Data Protection Authority (AEPD) recently provided updated guidance on the use of cookies based on the new guidelines from the European Data Protection Board (EDPB). Enforcement began October 31, 2020. Two main guidelines include:

  • Cookie walls are not permitted as they do not offer a valid alternative to consent
  • Continued browsing without interacting with a cookie consent banner does not constitute valid consent
At a high level, here's what you need to do to comply:
  • Audit your website to detect and categorize cookies and other tracking technologies on your website.
  • According to the AEPD, continued browsing is not considered compliant. Therefore, collect consent at or before the point of collection informing the consumer of the categories of personal information that the company collects and for what purpose.
  • Create a preference center that provides detailed information about the purpose of cookie collection and the third parties that will process any information collected when those cookies are deployed.
  • Build a centrally located, historical consent database to demonstrate compliance to regulators and auditors.

How to Comply With the Spanish AEPD

Cookie Compliance Consent
Scan website for cookies and tracking technologies
  • Detect all first- and third-party cookies, tags, trackers, pixels, beacons and more
  • Use advanced scanning functionality to scan behind logins, simulate user journeys, and trigger hidden pages
  • Continued scanning to keep an evergreen inventory of tracking technologies and up to date policies across your web properties
Custom Cookie Banner and Preference Center CMP
Configure Cookie Banner and Preference Center
  • Leverage professionally designed library of pre-defined banner and preference center templates
  • Enable over 200 unique languages, including right to left support
  • Add in custom branding and optional CSS to pull in existing website styling
  • Use geolocation rules to automatically display different banners and consent models based on region, country, or state
Mobile App Scanning and Consent
Monitor and Report Using Interactive Dashboards
  • Leverage A/B Testing to test CMP variants and optimize opt-ins
  • Maintain granular consent receipts and demonstrate compliance over time
  • Build a centrally located, historical consent database for data regulators and auditors
  • Utilize detailed analytics and visual dashboards to track the progress of your privacy program

Related Resources

Irish DPC FAQs on Recent Cookie Guidance
On April 6, 2020, the Irish Data Protection Commission (DPC) released a report explaining the findings following a cookie sweep of websites across a range of industries. With the release of this report came a list of guidance notes for […]
The Irish DPC Launches New Guidance on Cookies & Tracking Technologies
Earlier this month, the Irish Data Protection Commission (DPC) published new guidance on the use of cookies and tracking technologies, as well as a report summarizing the DPC’s findings following a “cookie sweep” of select websites across a range of sectors. In […]
The Latest EU Guides and Reports on Cookies
Website cookies and tracking technologies continue to be a trending topic in the EU due to local disparities with privacy and cookies regulations, and the long-awaited approval of an EU regulation national rules. The Directive on Privacy and Electronic Communications (Directive 2002/58/EC) […]
Onetrust All Rights Reserved