Check Your Website’s Compliance with New Rules on Cookies

The Italian Data Protection Authority’s new guidelines for the processing of cookies are in force. Does your website comply? Find out if the answer is yes (or if you need adjustments) through the Q&A below.

On January 9, 2022, the new guidelines for processing of cookies and other online tracking instruments issued by the Italian DPA have officially entered into force. Take this test to check if you are already compliant.

Q: What kind of cookies are you currently using on your website?

A: The Italian DPA has divided the cookies currently in use in 3 categories:

  • Technical cookies: these cookies are the ones strictly necessary to a service provider for the dispensing of a service requested by users.
  • Profiling cookies: these cookies are the ones used to create clusters of users, by associating them with specific actions or behavioral patterns. Such cookies are mainly aimed at modulating the delivery of services provided to the user in an increasingly personalized way, as well as to carry out targeted advertising activity.
  • Analytic cookies: these cookies are the ones which are aimed at evaluating the effectiveness of the services offered or to measure user “traffic” on the website, by memorizing users’ online activities within the website. These cookies are mainly provided by third party suppliers.

Q: What should I do in case I use TECHNICAL COOKIES?

A: Technical cookies are not subject to any prior consent by the users. This means that you just need to provide the users with a specific cookie policy information, having the details set forth by article 13 of the GDPR. Such policy may also be contained on a specific section of your general privacy policy information.

Q: What should I do in case I use PROFILING COOKIES?

A: Profiling cookies may be used only upon prior consent by the users. You may obtain users’ consents by implementing a cookie banner that will pop up on your website as soon as users log your online page.

Q: What should I do in case I use ANALYTIC COOKIES?

A: Analytic cookies can be processed without any consent by users only if they do not allow any identification (direct identification – i.e. “singling out” – of the person concerned should not be achieved), and if they are used for the production of aggregate data only. Otherwise, they need to be expressly authorized.

Usually, analytical cookies are provided by third parties. In such case, you must provide, within your cookie policy notice, an updated list of all the third party cookies that are implemented within your website.

Q: How do I collect consent by users, when mandatory?

A: You may set up a cookie bannerthat will pop up on your website when users log your online page.

Q: How to draft a cookie banner?

A: First and foremost, cookie banners must be user-friendly and immediately visible. The dimensions of the banner must be neither too small nor too big, if compared with the kind of device used. Their wording must also be simple and easy to understand. In addition, cookie banners must contain a link to the cookie policy notice. No profiling cookies can be implemented before consent by the user. Only technical cookies may be pre-implemented.

Q: Do I have to grant users the possibility to modify their choices?

A: Yes, a specific section on the website must always be included to the end of consenting users to modify their first decisions.

Q: Can I obtain consent by users in other ways?

A: Consent by the user must be free and unambiguous, but there is no mandatory way to obtain consent by the users: you may implement your own system, in accordance with accountability principles set forth by the GDPR so long as consent is unambiguous and through a positive act of the user (“opt in”). No form of implicit consent is acceptable.

Q: Can I propose the banner again in case the user has declined consent?

A: The excessive and redundant use of banners requesting consent is not allowed – except for certain specific exceptions – since this may bring the user to give consent for the sole purpose of interrupting the pop-up of the banner.

Q: What about “cookie walls” and “scroll down”?

A: Don’t use them! A “cookie wall” is a mechanism by virtue of which the denial of the consent by users prevents them from accessing the website entirely. A “scroll down” system assumes the implied consent of the user when browsing of the website without expressing any choice with regard to cookies consent is continued. Neither cookie walls nor scroll down systems are compliant, since they are not aimed at obtaining an express consent by the user.

All clear? If not, reach out to us!

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s