Spain: Published AEPD updated Guidelines on the use of cookies

On 11 July 2023, the Spanish Data Protection Authority (AEPD) adopted the updated guidelines on the use of cookies, aligning them with the European Data Protection Board (EDPB) Guidelines 03/2022 on deceptive design patterns in social media platform interfaces. The new version incorporates the AEPD's criteria for presenting cookie acceptance or rejection options prominently and equally, without complicating the rejection process. It also provides examples of how these options should be displayed, including considerations of color, size, and placement. The modifications include distinguishing between user-driven cookies (e.g., language or currency preferences) that don't require consent and editor-driven cookies based on user information, which require clear information disclosure and the choice to accept or reject them. Regarding cookie walls, access to services cannot be conditioned on cookie consent, and the new version clarifies that the alternative access may not necessarily be free. The guidelines must be implemented by 11 January 2024, allowing a six-month transitional period.