Italy joins the array of EU countries to update its cookie guidance. It provides clarification on several aspects related to tracking technologies, especially cookie consent. The update is a further testament to the significance of GDPR standards.
On December 10th, 2020 the Italian Data Protection Authority (Garante) published new guidelines on cookies and other similar tracking technologies. The updated guidelines addressed the rules relating to passive identifiers, consent through scrolling, cookie walls, privacy by design, cookie banners and policy, and third-party cookies.
In this post, we will discuss the highlights of the guidelines.
Italy’s new cookie guidance for cookies, cookie consent – key takeaways
The scope of passive identifiers
The users can remove ‘active’ identifiers, such as cookies, from their devices.
When it comes to ‘passive’ identifiers, such as fingerprinting, the users cannot directly remove them from the devices. They often have to rely on the data controllers to do it. Passive identifiers read the device information and subsequently creates a profile, which the data controllers can access. Hence, behavioral advertisements can happen via such techniques as well.
Cookie Consent through scrolling
The DPA highlights the need for improved methods based on the ‘dynamic web’ to express consent rather than the traditional agree or reject buttons. It believes that such methods based on user behavioral patterns could give more clarity in indicating unambiguous and affirmative action.
The use of cookie walls
Re-collection of consent
The guideline stresses the need for maintaining proof of consent. The DPA directs that there is no need of asking for consent for using cookies and other tracking technologies every time the same user visits the website. There must be a mechanism to keep a log of the consent and remember the user preference for every visit after the first time.
A website only has to re-collect consent if:
- there is a change in the condition for obtaining consent
- The website manager cannot find out if the users have the cookies stored on their devices when they revisit the site. For example, when they delete cookies stored on their device.
Privacy by design for cookies
The guidelines encourage the websites to follow the privacy by design approach for using cookies.
The website must not store cookies, other than technical, by default. The guidelines also do not allow the use of any active or passive profiling techniques.
The structure of analytics cookies
Following the guidelines for privacy by design approach for cookies, Garante states that analytics can be deemed as technical cookies only if:
- It is impossible to identify the users from the data collected by the cookies
- The analytics tool masks ¼ of the user IP address (versions, IPv4 and IPv6)
- The minimized data is not combined with other user information or shared with third parties
- The use of the cookies is limited to obtain aggregate statistics concerning a single website or mobile app
The DPA urges the websites to use easy to see and use buttons of the same size, emphasis, and color, on cookie consent banners to ensure that users are not influenced by design choice. It states that the cookie banners must comprise of the following:
- Adequate information about the technical and profiling cookies
- Information about what each action of users, such as scrolling, indicates
- Information about the option to accept or deny consent to all the cookies
- Link to a web page or settings for users that offer a granular option to consent to cookies depending on their categories — where all the options must be de-selected by default
CookieYes — the perfect GDPR cookie consent solution
CookieYes is a cookie consent solution that will help your website to comply with GDPR for cookie usage. You can easily customize the cookie banner to set the consent options and the button size, color, and position of your choice. It also gives an auto recommendation for banner color as per the website’s color scheme.
With CookieYes, you can add relevant information on the banner, and give granular choices for cookies.
CookieYes automatically scans your website for cookies and adds them to the cookie list. It also blocks third-party cookies before the users give their consent. You can also manually add the cookie scripts that you would like CookieYes to block before obtaining the user consent.
It will record all the consent received that will help you to showcase proof of consent, if necessary.
It supports multilingual websites with 13 widely spoken languages in the world.
Try for free. Sign up today.