We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

At last, the EU Cookies regulation is implemented in Spain

09 April 2012

By Pablo Rivas in our Madrid Office

 

With almost a year of delay, last Monday the Spanish law (Royal Decree-Law 13/2012) implementing in Spain  the regulation on cookies envisaged by the Directive 2009/136/EC, which modifies the E-Privacy Directive (Directive 2002/58/EC), was published.

Use of cookies by service providers was regulated by article 22 of Law 34/2002 on Information Society Services and Electronic Commerce ("ISSA") which implemented, among others, the Directive 2000/31/EC (Directive on Electronic Commerce). Pursuant to this article when a service provider employed cookies it should inform recipients on their existence and the purposes for which cookies were used. In addition, service providers should give recipients the possibility of rejecting cookies by a simple and free procedure. This latter condition did not apply when cookies were used for the purpose of carrying out or technically facilitating the transmission of a communication through an electronic communication network or, to the extent it was strictly necessary in order to provide a service explicitly requested by the recipient. In practice Spanish companies complied with the abovementioned requirement by providing recipients with information on the way of disability cookies from the browser.


The Royal Decree-Law 13/2012 dramatically modifies article 22 of the ISSA establishing that services providers may use devices for the storage and recovery of data (i.e. cookies) in the recipients' equipments only if they have obtained the recipients' consent for such use after providing them with clear and complete information on their use, and in particular, on the purposes for which their personal data is going to be processed pursuant to the Spanish data protection law. This modification makes clear the need of obtaining the prior consent of the recipients for the use of cookies while the previous regulation only requires to inform them and to give them the possibility of rejecting cookies by a simple and free procedure.


In line with Recital (66) of Directive 2009/136/EC, where it is technically possible and effective, in accordance with the relevant provisions of Spanish data protection laws, the user’s consent to processing may be expressed by using the appropriate settings of a browser or other application, provided that the recipients have to establish the configuration by an express action to that effect during the instalment or upgrading.


Finally, it shall be noted that the exemption envisaged in the ISSA as regards the use of cookies for the purpose of carrying out or technically facilitating the transmission of a communication through an electronic communication network or, to the extent it is strictly necessary in order to provide a service explicitly requested by the recipient, it is not modified by the Royal Decree-Law 13/2012.

 

Future-Proofing Privacy: New and Stronger Rights

The Regulation aims to strengthen the rights of individuals. It does so by retaining rights that already exist under the Data Protection Directive and introducing the new rights of data...

06 June 2016
Loading data