The New Guidelines for the management of cookies on websites formulated last June by the Italian Data Protection Authority have been active since 9 January 2022.
The document "Guidelines for cookies and other tracking tools", published in the Gazzetta Ufficiale no. 163 of 9 July 2021, updates the information contained in provision no. 229/2014 following the changes introduced by the European Regulation 679/2016 (GDPR), the European Data Protection Board Guidelines and the indications that emerged from the public consultation.
In the new Guidelines, the Data Protection Authority has expressed these key elements:
- promotion of accountability;
- offer users transparent information;
- strengthening of compliance with consent;
- respect for privacy by design and by default.
Cookies, as detailed in the article (link) Cookie Policy, are small text files that the sites visited by users send to the devices used for consultation to be stored and then re-transmitted to the same sites on the occasion of the future visit. Cookies allow you to know user preferences, services, sites visited and the options that have been shown while surfing the net, thus simplifying the use of web services.
The new guidelines (compared to New Guidelines for Cookies) have in fact made some improvements through which the owners can adopt to guarantee users a disclosure that complies with the transparency requirements. Specifically, the information must make use of a simple language accessible to all and be multilayer (the spread over several levels).
In this field there are two main cases that emerge from the new provisions:
- If only technical cookies are used, the relevant information can be placed on the home page or in the general information of the website
- If other cookies and other "non-technical" identifiers are also used, the use of immediately pop-up banner of adequate size that contain some features expressed in the guidelines is recommended.
As regards the issue of consent, the new guidelines propose some news.
- the scrolling, pursuant to the GDPR, is not considered a suitable tool for the collection of suitable consent, except in the hypothesis in which it is inserted in a more complex process, in which the user is able to generate an event, which can be registered and that can be documented on the site server, and which can be qualified as a positive action suitable for unequivocally expressing the will to give consent to the processing.
- the cookie wall, that is the binding mechanism in which the user is obliged to express his consent to the receipt of cookies or other tracking tools is illegal.
- the consents previously collected and compliant with the characteristics required by the regulation remain valid on condition that, at the time of their acquisition, they have been registered and documented.
- the reiteration of the consent request for users who have chosen not to give it while maintaining the default settings is allowed in these cases:
1. if the conditions of the treatment change significantly;
2. when it is impossible for the site to know if a cookie has already been stored in the device;
3. when at least 6 months have passed since the previous presentation of the banner.
The goal of the new Guidelines is therefore to strengthen the decision-making power of users regarding the use of their personal data while browsing the web (Cookieless, the new web without cookies)
E-Business Consulting, a digital marketing agency active since 2003, creates digital strategies for every type of business. Call and request a free quote now!