The Italian Data Protection Authority’s new guidelines for the processing of cookies are in force. Does your website comply? Find out if the answer is yes (or if you need adjustments) through the Q&A below.
On January 9, 2022, the new guidelines for processing of cookies and other online tracking instruments issued by the Italian DPA have officially entered into force. Take this test to check if you are already compliant.
Q: What kind of cookies are you currently using on your website?
A: The Italian DPA has divided the cookies currently in use in 3 categories:
- Technical cookies: these cookies are the ones strictly necessary to a service provider for the dispensing of a service requested by users.
- Profiling cookies: these cookies are the ones used to create clusters of users, by associating them with specific actions or behavioral patterns. Such cookies are mainly aimed at modulating the delivery of services provided to the user in an increasingly personalized way, as well as to carry out targeted advertising activity.
- Analytic cookies: these cookies are the ones which are aimed at evaluating the effectiveness of the services offered or to measure user “traffic” on the website, by memorizing users’ online activities within the website. These cookies are mainly provided by third party suppliers.
Q: What should I do in case I use TECHNICAL COOKIES?
Q: What should I do in case I use PROFILING COOKIES?
A: Profiling cookies may be used only upon prior consent by the users. You may obtain users’ consents by implementing a cookie banner that will pop up on your website as soon as users log your online page.
Q: What should I do in case I use ANALYTIC COOKIES?
A: Analytic cookies can be processed without any consent by users only if they do not allow any identification (direct identification – i.e. “singling out” – of the person concerned should not be achieved), and if they are used for the production of aggregate data only. Otherwise, they need to be expressly authorized.
Q: How do I collect consent by users, when mandatory?
A: You may set up a cookie bannerthat will pop up on your website when users log your online page.
Q: How to draft a cookie banner?
Q: Do I have to grant users the possibility to modify their choices?
A: Yes, a specific section on the website must always be included to the end of consenting users to modify their first decisions.
Q: Can I obtain consent by users in other ways?
A: Consent by the user must be free and unambiguous, but there is no mandatory way to obtain consent by the users: you may implement your own system, in accordance with accountability principles set forth by the GDPR so long as consent is unambiguous and through a positive act of the user (“opt in”). No form of implicit consent is acceptable.
Q: Can I propose the banner again in case the user has declined consent?
A: The excessive and redundant use of banners requesting consent is not allowed – except for certain specific exceptions – since this may bring the user to give consent for the sole purpose of interrupting the pop-up of the banner.
Q: What about “cookie walls” and “scroll down”?
A: Don’t use them! A “cookie wall” is a mechanism by virtue of which the denial of the consent by users prevents them from accessing the website entirely. A “scroll down” system assumes the implied consent of the user when browsing of the website without expressing any choice with regard to cookies consent is continued. Neither cookie walls nor scroll down systems are compliant, since they are not aimed at obtaining an express consent by the user.
All clear? If not, reach out to us!