This update was quite expected since the publication of the DPA’s 'Cookie' Guide in No-vember 2019 generated some controversy among other DPAs as well as the experts at large. Indeed, the option to continue browsing as a way of expressing the user's consent, as it was recognized in that Guide, was not well regarded by other regulators given the requirement of express consent in GDPR (General Data Protection Regulation). This was also the position of the EDPB.
When the EDPB in its plenary session in May published such Guidelines, the AEPD already announced changes ahead.
The new AEPD’s Guide Guide on the use of “cookies”of has been published in its web-site. See: www.aepd.es/sites/default/files/2020-07/guia-cookies.pdf
The new criteria stated must be implemented no later than October 31 of this year, thus it establishes a transitional period of three months for the Spanish organizations to adapt.
Despite the fact that with the approval in the future of the‘ Eprivacy ’Regulation, still pend-ing, it is possible that it will alter the‘ cookie ’regulations again in some way, it is of the ut-most importance that all organizations using „cookies“ adapt as soon as posible to this new development, in particular, as the sanctions imposed by the Spanish DPA for infringing the „cookies“ regime have been quite high so far. A € 30.000 fine has been imposed on the so-cial media Twitter and the same amount has been imposed on the aviation company Vueling.
Article provided by: Belén Arribas (Spain)
Dr. Tobias Höllwarth (Managing Director INPLP)