Internet and E-Commerce Law

The Law

The Royal Decree-law 13/2012 has introduced many changes to the Internet and E-Commerce law (LSSICE) these affect the use of cookies.
With this Royal Decree, Spain as well as all member states of the EU conforms to the European Directive 2009/136/EC: “Amendment to the European Directive on data retention and data processing and protection of privacy in electronic communications”


The Cookie Law is a piece of privacy legislation that requires websites to get consent from visitors to store or retrieve any information on a computer, smartphone or tablet.
It was designed to protect online privacy, by making consumers aware of how information about them is collected and used online, and give them a choice to allow it or not.

What are COOKIES?

A HTTP cookie (also called web cookie, Internet cookie, browser cookie or simply cookie) is a small piece of data sent from a website and stored in a user’s web browser while the user is browsing that website. Every time the user loads the website, the browser sends the cookie back to the server to notify the website of the user’s previous activity.

Who does the law apply to?

Almost every commercial website.

All third party cookies (those which send information to external servers) require an express consent from the user.

First party cookies, destined to allow user’s browsing within the own website, (such as shopping cart, language, session cookies, etc) may be installed without the user’s consent.

If you do not know what cookies are used by your website, try:


Every company / entity that has a website must comply with the Cookie law.

  • Training in the aspects of the Cookie law
  • Advice on the wording of the company’s Policy on Cookies.

Our training course provides companies with the requirements of the Cookie Law – the company’s Cookie Policy; the required information to include; how it relates to the Data Protection Law (LOPD), and where to display the company’s Cookie Policy.


The first fines in Europe specifically for cookie law compliance failures have been handed out by the Spanish Data Protection Authority (AEPD). Breaches of the Cookie Law can also result in Data Protection fines.