Auratech Legal Solutions

Rejecting Non-Essential Cookies: What the AEPD Requires

A company may be sanctioned if its cookie banner makes acceptance easy but does not offer an equivalent way to reject non-essential cookies. Strictly necessary cookies may be used without consent, but analytics, advertising or non-essential personalisation cookies require a free and informed choice.

What the Spanish Data Protection Authority requires

The AEPD Cookie Guide states that users must be able to accept, configure or reject cookies clearly. The AEPD also announced that the updated criteria had to be implemented by 11 January 2024 in its note on the updated Cookie Guide.

Common cookie banner mistakes

What a compliant banner should do

The banner should clearly explain who uses cookies, for what purposes and how users can change their decision. If an “Accept” button is shown, users should have an equivalent option to reject or configure cookies without unnecessary friction.

The cookie policy should also identify cookie types, controllers, duration, purposes and how consent can be withdrawn.

Checklist for companies

Conclusion

Failing to allow users to reject non-essential cookies is one of the most visible compliance problems on a website. A clear and balanced banner reduces sanction risk and improves user trust.

Exit mobile version