On 30 March this year, the Spanish Government passed Royal Decree 13/2012 (hereinafter "Royal Decree"), whereby the Amended ePrivacy Directive (Directive 2002/58/CE amended by Directive 2009/136/CE) was implemented, introducing into Spanish law the European regulation concerning cookies.
The term "cookies" refers to any hidden data exchanged between the web user and the web server, which is stored in the hard drive of the user's computer. As mentioned in the Preamble to the Royal Decree, such devices could not just facilitate the web browsing but may also be used to disclose private information about the user. Therefore, the purpose of the Royal Decree is to ensure that users are adequately informed and provided with mechanisms that appropriately safeguard their privacy.
Regarding II), the Royal Decree includes the same criteria contained in Recital 66 of the Amended ePrivacy Directive, except for the requirement of an "affirmative action" in order to achieve valid consent through browser settings. This additional requirement was suggested by the Article 29 Data Protection Working Party in its Opinion 2/2010.
Spain has fully implemented the wording of the new EU regulation on cookies but imposes more restrictive criteria concerning users' consent expressed by browser settings or equivalent settings on other applications. Spain follows the criteria of the Working Party in this regard in strengthening of the "opt-in" consent requirement.
For more information on the above, please contact:
Javier Fernandez-Samaniego (contact)