How to Implement Legal Cookie Paywalls in Spain According to New Guidance - Latest Updates from the AEPD 2024
Discover the latest updates from the AEPD 2024 on implementing legal cookie paywalls in Spain. Learn about the conditions, guidelines, and tools to ensure compliance with Spanish data protection regulations.
Cookie paywalls can be legal in Spain, but you have to ensure that it meets certain conditions. The Spanish AEPD updated its cookie guidelines, explaining in what cases you can give your users the choice between paying for your content or accepting cookies, marking a significant post in guiding website owners.
It clarifies the conditions under which different types of paywalls—such as cookie walls, registration walls, and survey walls—can legally be implemented. The AEPD has aligned with other European data protection authorities, permitting cookie walls if users are well-informed and are offering a real alternative to cookie acceptance.
The new guidelines come at an important point it time, soon after the EDPB guidelines on "Pay or Okay" business model of the large social media platforms. Those guidelines affect only large platforms such as Meta and TikTok, but didn't affect media publishers. The AEPD guidelines fill that gap for businesses operaring in Spain.
What is a Paywall?
A paywall is a system that prevents users from accessing webpage content without a subscription or a one-time payment.
It is commonly used by news websites and other digital media to restrict access to articles, videos, or other content, allowing only paying customers to view the full content. Paywalls help content providers monetize their work while controlling access to their digital resources.
From a data protection perspective, information regarding paywalls is important because media publishers often offer a free version of the content, but in return for accepting cookies.
There is uncertainty whether this is legal or not, particularly after the recent EDPB opinion on paywalls used by large online media platforms and surrounding paywall use in Spain. In that opinion, EDPB stated that online platforms shall offer users a free version without cookies, challenging current practices surrounding paywall use in Spain. Media publishers, however, were not under the scope of that opinion.
AEPD Rules on Paywalls in Spain
The AEPD seems open to using cookie walls, registration walls, and paywalls.
adhering to recommendations from the European Data Protection Board (EDPB). These recommend that alternatives to accepting cookies should be comparably viable and come from the same provider. However, the Spanish DPA has not specified limitations like pricing or the types of organizations eligible to use these mechanisms. A general guideline is to keep the cost reasonable, ensuring users are not coerced into consenting and genuinely have a choice.
The guide outlines the obligations of website owners regarding cookie usage, emphasizing transparency and informed consent. Website owners must:
- Provide clear, accessible, and detailed information about the use of cookies, including their purpose and who manages them. You can do so by a well-structured cookie consent request or a link to your cookie policy.
- Ensure that users can easily access information about cookies and consent to their use. This includes implementing mechanisms for accepting, configuring, or rejecting cookies. You also need to allow them to withdraw their consent.
- Offer information on data transfers to third countries, if applicable, and detail how users can manage their preferences concerning cookies, ensuring compliance with GDPR requirements.
- Ensure that the consent request is specific for each set of cookies depending on their purpose. Only when users accept the use of cookies for a specific purpose, for example, marketing, you can process the collected data for marketing purposes.
These obligations aim to protect user privacy and ensure that users have control over their personal data.
The guide emphasizes the need for obtaining informed consent from users for the use of cookies. Consent must be given through an explicit action, such as clicking a "consent" button, and users must be informed about what they are consenting to, including the purposes of the cookies and who is managing them. Consent is linked to clear and comprehensive information provided to the user. Moreover, there should be an easy way for users to withdraw their consent at any time, and this should be as easy as giving consent.
How Secure Privacy can help you comply with the Spain Paywall regulations?
Secure Privacy can help you comply with Spain's paywall rules by managing cookie consent and data processing in line with the Spanish Data Protection Agency regulations. We offer tools to clearly inform users about cookie use, obtain their explicit consent, and allow for easy consent withdrawal, ensuring transparency and user control over their personal data. That is a must if you want to make your cookie paywall legal in Spain.
This aligns with the need for clear user consent under the AEPD's guidelines for legally implementing paywalls, such as cookie walls and registration walls. Secure Privacy’s solutions can ensure that these requirements are met efficiently.
We will take care of the cookie consent request compliance, will record the collected consent and will allow for an easy withdrawal where needed.
Get Started For Free with the
#1 Cookie Consent Platform.
No credit card required

GDPR and Marketing: Complete Compliance Guide
The General Data Protection Regulation (GDPR) has fundamentally changed how businesses handle digital marketing across all channels. GDPR and marketing go hand in hand for any company that wants to reach customers in Europe. Since its enforcement began in May 2018, these comprehensive privacy rules have made marketing teams worldwide rethink their data collection and communication strategies completely.
- Legal & News
- Data Protection
- Cookie Consent

Terms of Service vs Privacy Policy: What's the Difference?
You're launching a new website or app, and everyone's telling you that you need legal documents. But when you start researching terms of service vs privacy policy requirements, the distinctions blur together into confusing legal jargon.
- Legal & News

Cross-Domain Cookie Consent: Complete Implementation Guide
Cross-domain cookie consent is a vital solution for companies managing multiple websites, subdomains, or digital properties under one corporate umbrella. Without proper implementation, users face repetitive consent banners as they move between related sites, creating friction and potentially exposing organizations to compliance risks.
- Legal & News
- Data Protection
- Cookie Consent