On June 10th, 2021, the Italian law on Cookies has been updated with the publishing by the Italian Data Protection Authority (Garante per la protezione dei dati personali) of the “Guidelines on the use of cookies and other tracking tools”. The Italian Garante follows the indications given by European GDPR in order to give the user greater control during their web browsing.
Owners of websites had 6 months to align to the new Guidelines setting the deadline for January 9th, 2022. Here is an overview of the cookie types and the existing compliance requirements.
WHAT ARE COOKIES
Cookies are small pieces of text that the website we visit send to our terminal device (usually through the web browser), where they are stored to be sent back to the website at the next visit by the same user. They are called “active identifiers” and can be cancelled directly by the user thanks to the web browser funcion. Here is the informative page on cookies on the GDPR website.
DIFFERT TYPES OF INTERNET COOKIES
Cookies are divided into several categories and must be treated differently by the website owner. Technical cookies are necessary for the website functioning or useful for the service supplying: among these we can list the language of the website, selected by the user and preserved for a next visit, or products temporarily added to a cart. Analytics cookies belong to this category provided they satisfy certain conditions.
Analytics or statistical cookies are useful for producing aggregate statistics related to the website or app. They are divided into:
- first party cookies, that is those identifiers developed directly by the website owner for their own use,
- third party cookies, such as Google Analytics or similar services.
These products, according to Italian Garante, can be installed provided that the visitors’ IP addresses are anonymized and that information is not released to third parties or cross-checked, for example, with the one possessed by Google. Given these conditions, it is not necessary to obtain the consent from the user, for the Italian Authority.
Lastly, there are profiling cookies: these are instead aimed at creating profiles related to the user and at sending advertisements according to preferences saved during the navigation. These cookies do need explicit consent in order to be installed.
WHAT IS A COOKIE POLICY
The Cookie policy is that legal document informing the user that our website uses these technologies. It is compulsory if the website uses cookies, even just session ones: the policy describes what kind of identifiers are present and their purposes, in addition to the third parties that may manage them through the website.
The cookie policy must be made available in every website language, as well as the Privacy policy.
COOKIE BANNERS AND PRIOR BLOCKING
In case the website makes use of non technical cookies, the visitor must be made aware, via a cookie banner shown at their first visit, of the scripts used by the website. This banner shows the user which re the cookies (both technical and profiling ones, fow which the consent is required) and their purpose, together with the consent or refuse options: the consent must be granular that is for each category. The banner links also to the cookie policy.
At the same time, it is not possible to install scripts before the user confirms so a prior blocking has to be implemented in order to prevent installation of cookies.
NEWS OF 2022
Let us pass to the news announced during 2021 and in force starting 2022, January 10th in Italy.
First of all, the Guidelines impose a period of time for consent validity, that must be kept for a minimum of 6 months: before this period the consent cannot be asked again, provided there are no changes. It must be made possible to the user to change their choices: this can be done through a widget or another always visible element in the website.
The Garante rejected the consent via scrolling, which is no longer valid, and the so-called “cookie walls”. This modality blocked the visit of the user who had to give consent in order to visit the website: the service must be made generally available.
The last and important item is that consent must be recorded: in this case the Italian Garante aligns itself to peer authorities of other European countries. We must demonstrate to keep a record of valid consents, in terms of who gave it and when.
WHAT TO DO?
Wondersys is a partner of Iubenda, one of the main service providers in the legal and privacy field. Iubenda solutions adapt to agencies or applications developers, as well as to companies of every size. In a virtual space more and more without borders, Iubenda products are provided into several languages and take into consideration the most important legislations of this matter (GDPR, LGPD, CCPA and others).
We chose to rely on Iubenda and then become partners so that we can offer our customers simple solutions, easily configurable and always up-to-date. Are you lacking the time or means to verify to be in compliance with the law? Contact us for more information.