Cookie paywalls can be legal in Spain, but you have to ensure that it meets certain conditions. The Spanish AEPD updated its cookie guidelines, explaining in what cases you can give your users the choice between paying for your content or accepting cookies, marking a significant post in guiding website owners.

It clarifies the conditions under which different types of paywalls—such as cookie walls, registration walls, and survey walls—can legally be implemented. The AEPD has aligned with other European data protection authorities, permitting cookie walls if users are well-informed and are offering a real alternative to cookie acceptance.

The new guidelines come at an important point it time, soon after the EDPB guidelines on "Pay or Okay" business model of the large social media platforms. Those guidelines affect only large platforms such as Meta and TikTok, but didn't affect media publishers. The AEPD guidelines fill that gap for businesses operaring in Spain.

What is a Paywall?

A paywall is a system that prevents users from accessing webpage content without a subscription or a one-time payment. 

It is commonly used by news websites and other digital media to restrict access to articles, videos, or other content, allowing only paying customers to view the full content. Paywalls help content providers monetize their work while controlling access to their digital resources.

From a data protection perspective, information regarding paywalls is important because media publishers often offer a free version of the content, but in return for accepting cookies.

There is uncertainty whether this is legal or not, particularly after the recent EDPB opinion on paywalls used by large online media platforms and surrounding paywall use in Spain. In that opinion, EDPB stated that online platforms shall offer users a free version without cookies, challenging current practices surrounding paywall use in Spain. Media publishers, however, were not under the scope of that opinion.

AEPD Rules on Paywalls in Spain

The AEPD seems open to using cookie walls, registration walls, and paywalls. 

adhering to recommendations from the European Data Protection Board (EDPB). These recommend that alternatives to accepting cookies should be comparably viable and come from the same provider. However, the Spanish DPA has not specified limitations like pricing or the types of organizations eligible to use these mechanisms. A general guideline is to keep the cost reasonable, ensuring users are not coerced into consenting and genuinely have a choice.

The guide outlines the obligations of website owners regarding cookie usage, emphasizing transparency and informed consent. Website owners must:

1. Provide clear, accessible, and detailed information about the use of cookies, including their purpose and who manages them. You can do so by a well-structured cookie consent request or a link to your cookie policy.
2. Ensure that users can easily access information about cookies and consent to their use. This includes implementing mechanisms for accepting, configuring, or rejecting cookies. You also need to allow them to withdraw their consent.
3. Offer information on data transfers to third countries, if applicable, and detail how users can manage their preferences concerning cookies, ensuring compliance with GDPR requirements.
4. Ensure that the consent request is specific for each set of cookies depending on their purpose. Only when users accept the use of cookies for a specific purpose, for example, marketing, you can process the collected data for marketing purposes.

These obligations aim to protect user privacy and ensure that users have control over their personal data.

The guide emphasizes the need for obtaining informed consent from users for the use of cookies. Consent must be given through an explicit action, such as clicking a "consent" button, and users must be informed about what they are consenting to, including the purposes of the cookies and who is managing them. Consent is linked to clear and comprehensive information provided to the user. Moreover, there should be an easy way for users to withdraw their consent at any time, and this should be as easy as giving consent.

How Secure Privacy can help you comply with the Spain Paywall regulations?

Secure Privacy can help you comply with Spain's paywall rules by managing cookie consent and data processing in line with the Spanish Data Protection Agency regulations. We offer tools to clearly inform users about cookie use, obtain their explicit consent, and allow for easy consent withdrawal, ensuring transparency and user control over their personal data. That is a must if you want to make your cookie paywall legal in Spain.

This aligns with the need for clear user consent under the AEPD's guidelines for legally implementing paywalls, such as cookie walls and registration walls. Secure Privacy’s solutions can ensure that these requirements are met efficiently.

We will take care of the cookie consent request compliance, will record the collected consent and will allow for an easy withdrawal where needed.