On 10 June 2021, the Privacy Guarantor has issued a provision that will oblige all website owners to comply with new guidelines on cookies and other tracking tools.
The intent is to provide clearer and more specific rules on method of transmission of the information and, above all, on method of acquiring consent of users who visit a website.
All interested parties will have to adapt by January 9, 2022. There is no time to lose.
What are cookies?
When we talk about Cookies, we mean simple text strings that are saved on a user's device each time the latter visits a new website.
In this way, the subject does not have to enter a username and password every time he visits a site he frequently visits and, at the same time, the website managers obtain information about their regular visitors.
In addition to keeping track of users who have already visited the site, i Cookies they are also used as tools to obtain and store information of various kinds, regarding the behavior of a user on the web. The collected data is then generally used for advertising purposes.
For this reason, today it is necessary that the websites that operate this tracking request the consent of the interested party. Those who surf the web will certainly have noticed that, upon entering a site, they are often greeted by a pop-up (banner) that informs (informative) on the presence of Cookies and requires permission for installation.
However, this only involves a part of the Cookies. Since, as we will see in the next chapter, there are different types.
Types of cookies
Without going into excessively technical details, we can say that i Cookies they are divided into two main categories: i technical cookies ei profiling cookies.
They are necessary for the proper functioning of the site. They are useful for storing time-saving information for the user, such as the credential storage mentioned above.
Being considered indispensable, they do not require the acquisition of the user's consent, but must in any case be indicated in the information.
As the name suggests, i profiling cookies they are used to recognize patterns of behavior, habits and preferences of visitors to a website.
Knowing the exact behavior of their users allows website managers to provide a personalized service based on their customers, to send advertising campaigns targeted and, in general, to improve the service offered.
THE profiling cookies, since they are not essential, they require the informed consent of the parties directly concerned.
The standard currently in force is the directive 2002/58 / EC of 12 July 2002 issued by the European Parliament, also called ePrivacy, in combination with the Regulation (EU) no. 2016/679 of the European Commission, also called general data protection regulation or GDPR.
The new guidelines introduced by the Guarantor are intended to put the user in a position to be able to decide on the installation of Cookies in full awareness, thanks to clear and precise information.
If previously the banner that welcomes new visitors to the site did not have to meet specific requirements, with the new rules it must have a size, color or other distinctive characteristics such as to be immediately visible.
Note that i technical cookies, for which only their presence in the information will continue to be necessary. Therefore, on the first access of a new device, websites will not be able to install it Cookies, if not technical.
As for the profiling cookiesinstead, they must be present in the banner and will need the explicit consent of the user, before their installation.
This last point represents a cornerstone of the new provision. Consent to profiling must be provided in such a way clear and unambiguous. This means that the user must actively click a button to accept.
Simple "silent assent" will no longer suffice.
The Guarantor then indicates some precise characteristics that the banner area must have:
- previously most of these areas were positioned in a corner, while the new banners must be clearly visible to each new user and must indicate the use, by the site, of technical cookies and any profiling cookies;
- the site in question must allow, via a link, access to an area where the visitor on duty can choose which ones Cookies to accept and which ones to reject.
- the radio buttons of which Cookies install must be of the same color and size, in order to avoid influencing the user's choice;
- finally, the banner can be re-proposed to a user no less than 6 months later, subject to significant changes to the conditions for the processing of personal data.
Below we show the example of the banner we use from Digife.
How much time do you have to adjust?
The effective date of the new guidelines is January 9, 2022, the day by which all internet sites must necessarily comply with the new directives.
Finally, the Guarantor establishes the behavior to be adopted for all consents filed before the entry into force of the new rule.
All data obtained, with prior consent, before 20 July 2021 will remain valid and, therefore, can be used by companies for profiling activities. This provided that the data collection takes place in compliance with the GDPR and that they can be consulted through digital documentation.