GDPR cookie requirements
The data protection agency, when making the decision, referred to the local data protection laws of Spain, but in fact the company's actions violate Art. 5 and 6 GDPR.
– each type of cookie can be accepted or rejected independently of the others, without using one button with the consent to all types of cookies;
– an indication of the ability to disable cookies through browser settings can complement the mechanisms for refusing to use them, but is not considered separately as a full-fledged refusal mechanism;
– Each type of cookie should be described in terms of functionality and processing time.
Other cookie approaches
The most progressive approach to working with cookies is an approach in which the site does not formally notify the user about their use, but explains the need for cookies and motivates to voluntarily consent to their use. Most users do not even realize that it is thanks to cookies that they can save the necessary data when closing the page of the site – completed forms or baskets with goods of online stores.