[Last reviewed: January 2025]

Yes.

Law 34/2002 on Information Society and Electronic Commerce Services establishes that service providers may use data storage and retrieval devices in the terminal equipment of the addressees, provided the latter have given their consent after having been provided with clear and complete information on their use, in particular, on the purposes of data processing, in accordance with the provisions of data protection regulations.

Also, the Spanish Data Protection Agency has recently published a series of guidelines and recommendations to website publishers who have implemented cookies or similar technologies in their websites or applications based on its interpretation of the e-commerce regulation on the one hand, and European and national personal data protection regulations on the other. Additionally, the Spanish Data Protection Authority has published some specific guidelines on the use of audience measurement cookies.

[Last reviewed: January 2025]

Yes.

☒   email marketing

☒   prior opt-in consent

☒   prior existing business relationship (and subject to other requirements) with opt-out consent

☒   telephone marketing

☒   prior opt-in consent

☒   prior existing business relationship (and subject to other requirements) with opt-out consent

☒   SMS/text message marketing

☒   prior opt-in consent

☒   prior existing business relationship (and subject to other requirements) with opt-out consent

☒   postal marketing

☒   opt-out or implied consent

☒   online behavioral advertising targeting/social media targeting/ad personalization marketing

☒   prior opt-in consent

☒   prior existing business relationship (and subject to other requirements) with opt-out consent