Spain: Implemented Law on information society services and electronic commerce (Law 34/2002)

On 12 October 2002, the Law on information society services and electronic commerce (Law 34/2002) came into effect, which aims to implement the EU eCommerce Directive (2000/31/EC). The law will apply to services provided electronically, upon individual request, whether or not payment is involved. This law will require clear identification of commercial communications, including details about access conditions, discounts, and prices. Unsolicited advertising emails or similar communications will be prohibited unless prior consent is obtained. However, consent will not be required if there is an existing contractual relationship and the communications relate to similar goods or services. Recipients will have to be given the option to opt out of promotional data processing, free of charge. Service providers will be allowed use cookies with user consent, provided they offer clear information about their use. Consent can be given through browser settings or other applications, but must be configured explicitly. The Spanish Data Protection Agency will have the authority to fine information society providers up to EUR 30,000 for improper cookie use without informed user consent.