fbpx

Caricamento Pagina: New Guidelines on Cookies: what changes? - Il blog della Insight Adv Ltd - Insight adv - creative solutions
  Print
9 minutes reading time (1706 words)

New Guidelines on Cookies: what changes?

904 Hits

Cookies and gdpr 2

From 9 January 2022 , the owners of all websites will have to comply with the new Cookie Guidelines issued by the Privacy Guarantor on 10 June 2021.

The provision indicates which rules to apply to reading and writing operations within a user's terminal, with reference to the use of cookies and other tracking tools .

The document also specifies the correct methods for acquiring online consent from data subjects, where necessary, in light of the full application of the Regulation on the protection of personal data (GDPR).

In particular, in line with the principle of privacy by design, the acquisition of consent must ensure that no cookies other than technical cookies (e.g. from third parties) or other means of tracking are installed on the user's device (see fingerprinting ).

The primary objective of the new cookie guidelines is therefore to strengthen users' decision-making power regarding the use of their personal data when they navigate online .

Cookies and other tracking tools

When we talk about cookies we refer to strings of text that the websites visited by the user (or third-party website servers) place and store on their device while browsing, in order to identify who has already visited the site previously (technical cookies).

This also makes it possible to obtain more or less in-depth information on the user about the activities carried out by this online user (analytical and profiling cookies).

These tools can be actively managed by the user (e.g. refusal of consent, removal of cookies from the device) and for this reason they are also called "active identifiers".

Alongside the latter we find the "passive identifiers". Like the former, these too allow for treatments similar to cookies - such as fingerprinting - with the difference that they cannot be managed independently by users except through the intervention of the site owner.

Types of cookies

Depending on the type of cookie, it is possible to perform various functions, including monitoring sessions as well as storing information on specific configurations concerning users accessing the server.

For this reason we can divide cookies into two macro-categories: technical cookies and profiling cookies .

Technical cookies

Technical cookies are necessary in order to " carry out the transmission of a communication over an electronic communications network , or as strictly necessary for the provider of an information society service explicitly requested by the contractor or user to provide this service" (Article 122, paragraph 1 of the Privacy Code).

They do not require the acquisition of consent, but must be indicated in the information.

Profiling cookies

Profiling cookies, on the other hand, are used to lead specific actions or recurring behavioral patterns to specific, identified or identifiable subjects in the use of the features offered .

The grouping of the different profiles within homogeneous clusters of different sizes allows the owner to provide increasingly personalized services, as well as send advertising messages in line with the preferences expressed by the user in the context of surfing the net.

However, the so-called analytics cookies (including, for example, the famous Google Analytics) should not be forgotten. These are cookies used to evaluate the effectiveness of an information society service provided by a site owner, to design a website or help measure the "traffic" of a website, i.e. the number of visitors broken down by geographical area, connection time slot or other characteristics.

Current regulatory framework

The Privacy Guarantor , with provision no. 229 of 8 May 2014, had already intervened to provide information on how to acquire consent for cookies and store them.

However, the full entry into force of the GDPR as well as the diffusion of new technologies have made it necessary to introduce some changes.

To date we can say that the reference legal framework on the use of cookies and other tracking systems consists both of the provisions of the ePrivacy directive (directive 2002/58/EC) - implemented in Italy by the Privacy Code - and of what is present in the GDPR.

If on the one hand the e-Privacy directive in article 122 defines the methods of collecting consent to proceed with the archiving of information on users' devices, on the other hand the European regulation for the protection of personal data , in art. 4, point 11) specifies the general definition and characteristics, also specifying the conditions of consent with art. 7.

What changes with the new Guidelines?

Among the aspects addressed in the new guidelines, the mechanism for acquiring consent online via banners is of relevance.

To allow the user to decide whether or not to accept the installation of cookies, it is necessary for the site owner to provide adequate information that allows the interested party to choose freely and consciously whether or not to give his consent.

The only exception is made for those websites that use only technical cookies. In this case it will not be necessary to prepare an information banner since, as anticipated, the installation of these cookies does not require any consent. It will therefore be sufficient to simply indicate on the home page of the site or in the privacy information that the same uses exclusively technical cookies.

What to do if there are cookies other than technical ones

Compliance with these rules therefore requires that, where a site uses cookies other than technical ones , at the time of the user's first access and by default, no cookies or other tools other than technical ones are placed inside the user's device. user, nor that any other active or passive tracking technique is used.

While on the one hand the owner can adopt the methods deemed most suitable to ensure compliance with this obligation, on the other it is also important to guarantee the user's freedom of choice.

To do this, the Guarantor has envisaged the adoption of a mechanism whereby the user, accessing the home page (or other page) of the website for the first time, immediately sees an area or banner (containing an X selectable at the top right) whose dimensions are such as to constitute a perceptible discontinuity in the use of the contents of the web page he is visiting, but also such as to avoid the risk that the user may resort to commands and therefore make unwanted or unaware choices .

The adequacy and congruity of the size of the banner must also be assessed in relation to the different devices that can be used by the interested party.

What features should the banner have?

The banner must have these characteristics:

  • The warning that closing the banner by selecting the appropriate X at the top right implies that the default settings remain, without jeopardizing the continuation of navigation in the absence of cookies or other tracking tools other than technical ones.
  • The indication that the site uses technical cookies and, subject to the user's consent, profiling cookies or other tracking tools, indicating the relative purposes (brief information).
  • The link to the privacy policy containing the complete information, where at least all the indications pursuant to articles are provided in a clear and complete manner. 12 and 13 of the GDPR.
  • A command through which it is possible to express one's consent by accepting the placement of all cookies or the use of any other tracking tools.
  • A link to a further dedicated area in which it is possible to analytically select only the functions, the so-called third parties (whose list must be kept constantly updated, whether they can be reached via specific links or also via the link to the website of an intermediary who represents them) and cookies, also possibly grouped by homogeneous categories, to whose use the user chooses to consent.

To ensure that users are not influenced by a configuration of buttons and colors that may lead them to unknowingly prefer one option over the other, the Guarantor underlines the need to use commands and characters of equal size , emphasis and colors, which are equally easy to view and use .

After the user has expressed his preferences, the banner should not be re-proposed to him in subsequent accesses for a period of at least 6 months . This unless the conditions of data processing have changed significantly, or in the event that it is impossible for the website manager to keep track of the user's choice (for example in the event that the latter has canceled the cookies).

Acquisition of consent to the use of cookies

In general and also pursuant to recital 32 of the GDPR, consent must be expressed through a positive and unequivocal act such as, for example, the selection of a specific box.

Starting from this principle, therefore, the user's action must be active , opt-in and never opt-out, and silence as well as the pre-selection of boxes can never be suitable for configuring a valid consent provision.

Consent collection method: scrolling and cookie wall

The Guidelines, in the wake of the EDPB provision, mention scrolling and the cookie wall among the methods of obtaining consent:

  • Scrolling, declared in itself unsuitable for obtaining a suitable consent, becomes valid only in the event that it is inserted into a more complex process in which the user is able to generate an event that can be documented by the site server .
  • The cookie wall, tendentially illegal, is suitable for the collection of consent in the event (to be assessed on a case-by-case basis) in which the owner offers the interested party the possibility of accessing an equivalent content or service , without giving consent to the installation of cookies.

In the first case, therefore, while not completely rejecting the use of scrolling as an acquisition procedure, the Guarantor believes that this method should not be the only one, but should be part of one of the components of a more complex process. So, therefore, that the user can make an unequivocal and conscious choice.

Period of adaptation to the new guidelines

The period of adaptation to the provisions of the new Guidelines of the Guarantor for the protection of personal data must take place by 10 January 2022 , or after 6 months from the date of publication in the Official Journal on 10 July 2021.

But what happens with the consents acquired before the publication of the new Guidelines?

In this regard, the Guarantor has established that the consents obtained before 20 July 2021 will be valid provided that they comply with the characteristics required by the GDPR and that, at the time of their acquisition, they have been registered and can therefore be documented .

0
Tags:
Le guide della Insight privacy cookies
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

How do colors affect us? What effect do they have ...
WebP, JPEGXL and AVIF are new image formats. Which...

About the author

Umberto Mazza

Umberto Mazza

Subscribe to updates from author Unsubscribe to updates from author Umberto Mazza

Giornalista e Reporter freelance. Fonda nel 2006 la Insight Agency e da dicembre 2022 è Creative Director della Insight Adv Ltd.

Copywriter, graphic and web designer, marketing specialist e digital strategist.

È un appassionato fotografo e videomaker.

Un buon libro, la musica e il cinema sono le sue grandi passioni, seconde solo all'amore per la moglie Magda e la figlia Maja.

 

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, 02 May 2024

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.insightadv.it/

Stay in touch with us!

Do you want to stay updated on all the latest news of our agency, on new services and on all the sections of our blog?

Subscribe to our newsletter!

Satisfied customers

What they say about us

I had the opportunity to get to know Insight Agency when he started working with one of our clients, so I was able to appreciate not only their professional and creative approach, but above all the...
2013-09-16
Read more
Mario Gentile
CEO & Founder / Punto Ike
I have known Umberto for a few years and I can confirm that he is a professional in his field! Over time a good friendship has also been established which I am sure will last over time: it is prec...
2013-09-24
Read more
Pietro Sciannamblo
CEO & Founder / Esigaretta Italia
I met Insight Agency way back in 2006 and since then we have come a long way thanks to their professionalism, creativity, ingenuity and above all availability. The thing that most impressed me abo...
2013-09-16
Read more
Tommaso Marrone
CEO / CSF Centro Servizi e Formazione srl

About

Insight Adv Ltd is a full-service advertising agency. We offer our customers Graphic and Web Design, Marketing and Strategic Communication services.

We create websites, e-commerce and fad platforms, commercials and promotional videos and applications for smartphones and tablets. We also offer digital & direct marketing, social media and content management services. 

Pillole...

Follow us on