DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

馃嚜馃嚫 European Union

Cookie consent in Espa帽a

Consent and privacy law in Espa帽a

In short
Spain combines the GDPR with the LOPDGDD and the LSSI, which governs cookies. The AEPD publishes a widely cited cookie guide that requires opt-in consent for non-essential cookies and bans cookie walls that block all access unless the user accepts. The AEPD expects a reject option of equal ease to accept and detailed information about each cookie and its retention. Spanish guidance also addresses consent for minors and reminds controllers that implied consent from continued browsing is not valid. The AEPD is among the more active EU regulators on cookie enforcement.
Authority
Agencia Espa帽ola de Protecci贸n de Datos (AEPD)
Status

GDPR applies since 25 May 2018, with the national LOPDGDD of 2018

Primary law
GDPR
Languages

es

Who must comply

Any organization that offers goods or services to people in the EU or monitors their behavior, wherever the organization is based.

Penalties

Up to 20 million euros or 4 percent of global annual turnover, whichever is higher

Key obligations

  • Obtain prior, opt-in consent before non-essential cookies
  • Make refusing as easy as accepting
  • Keep records that prove consent
  • Honor withdrawal at any time
  • Respect data subject rights (access, erasure, portability)

Local guidance

  • Follow the AEPD cookie guide, which is updated regularly
  • Avoid hard cookie walls that block all access unless cookies are accepted
  • Offer an easy reject path and per-cookie information
  • Pay attention to consent rules for minors under the LOPDGDD

How ConsentX helps

  • Prior-script blocking for true opt-in
  • Equal-weight Allow and Reject controls
  • Tamper-evident consent receipts and evidence
  • One-click withdrawal trigger
  • Built-in DSAR workflow with 30-day SLA
Get started free
yoursite.com
馃嚜馃嚫 Spain

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with Spain using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under Spain.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that Spain requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a Spain audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Are cookie walls allowed in Spain?+

The AEPD restricts cookie walls. Access cannot be conditioned solely on accepting non-essential cookies unless an equivalent alternative is offered, so a hard wall that blocks all content is generally not permitted.

What does the AEPD require on a cookie banner?+

The AEPD requires opt-in consent for non-essential cookies, a reject option as easy as accept, and clear information about each cookie including its purpose and retention period.

Governing law

馃嚜馃嚭 GDPR

Other countries in European Union

馃嚛馃嚜 Deutschland馃嚝馃嚪 France馃嚠馃嚬 Italia馃嚦馃嚤 Nederland馃嚙馃嚜 Belgi毛 / Belgique馃嚨馃嚤 Polska馃嚨馃嚬 Portugal馃嚫馃嚜 Sverige馃嚘馃嚬 脰sterreich馃嚠馃嚜 脡ire / Ireland馃嚛馃嚢 Danmark馃嚝馃嚠 Suomi