Cookies Policy

Art. 22.2 of Law 34/2002, relating to Information Society Services and Electronic Commerce (LSSI) establishes that data storage and retrieval devices may be used provided that the recipients have given their consent after they have been provided with clear and complete information about its use, in particular about the purpose of the data processing.
In its Ruling 4/2012, the Art. 29 Working Group has interpreted that among the cookies deemed to be exceptions to the above are those that are intended to:

  • “User input” cookies (session and user input cookies are often used to track the user’s actions when filling in online forms on various websites or as a shopping basket to track the items that the user has selected by clicking on a button).
  • Authentication or user identification cookies (session only)
  • User security cookies (for example, cookies used to detect erroneous and repeated attempts to connect to a website).
  • Multimedia player session cookies
  • Session cookies to balance the load
  • Customization cookies for the user interface
  • Accessory cookies (plug-in) to exchange social content.

These cookies are excluded from the scope of the LSSI and therefore, it would not be necessary to inform or obtain consent for their use.
It would therefore be necessary to know what type of cookies any given website uses in order to assess the need to include information and a request for consent.
If consent is required, it must be borne in mind that the LSSI refers to Organic Law 15/1999 pertaining to the protection of personal data, in relation to the requirements of informed consent, and that since May 25 this referral shall be understood as made to the GDPR. Therefore, the requirements applicable to informed consent for the use of cookies will be those established in the GDPR.
In relation to the installation of cookies, it is pointed out that the usual “keep browsing” formula could still be valid if the decision on cookies is confirmed. As possible formulas, the following should be considered:

  • Inclusion in the first data layer of: a button (or similar mechanism) to accept all cookies, another to reject them and a third to configure them (this last button could also be a link within the first layer text, allowing access to a configuration panel from which the user could choose between enabling cookies or not at granular level.
  • One button to accept all cookies and another to configure them, specifying in this first data layer that the option to configure cookies also serves to reject them.
  • There are websites that include an “accept” button but use cookies if the user continues browsing. The inclusion of the button and the option to “continue browsing” should be considered incompatible since they lead to error in the manifestation of consent.