The Spanish Data Protection Authority (AEPD) has just updated its Guidance document on the use of cookies. The new version follows the criteria established by the European Data Protection Board (EDPB) in relation to these key aspects:

1) The "continue browsing" approach is not a valid mechanism to collect users' consent.

Some months ago, the AEPD considered scrolling down or clicking on a link on the website was expressing the user's consent - provided that the cookie banner was visible and that it clearly stated this. However, this was not aligned with the EDPB approach which considered that these were not valid ways to obtain consent. The AEPD has since agreed. 

2) The use of "cookie walls".

In relation to the cookie walls, the AEPD has stated that the use of cookie walls will not generally be allowed. There may only be certain cases in which non-acceptance of the use of cookies prevents access to the website or use of the service, provided that: (i) the user has been informed and (ii) the user has been provided with an alternative way of accessing the service without having to accept the use of cookies.

These new criteria must be implemented by the end of October 2020, so organisations will have a short transitional period to introduce the necessary changes and to obtain consent according to the updated Guidance document.