Italy’s New Guidelines For Cookies And Cookie Consent

Italy’s New Guidelines For Cookies And Cookie Consent

By Shreya

Published on 27th Jan 2021|Last updated on 15th Mar 2021

Italy joins the array of EU countries to update its cookie guidance. It provides clarification on several aspects related to tracking technologies, especially cookie consent. The update is a further testament to the significance of GDPR standards.

On December 10th, 2020 the Italian Data Protection Authority (Garante) published new guidelines on cookies and other similar tracking technologies. The updated guidelines addressed the rules relating to passive identifiers, consent through scrolling, cookie walls, privacy by design, cookie banners and policy, and third-party cookies.  

In this post, we will discuss the highlights of the guidelines.

Italy’s new cookie guidance for cookies, cookie consent – key takeaways

The scope of passive identifiers

The users can remove ‘active’ identifiers, such as cookies, from their devices. 

When it comes to ‘passive’ identifiers, such as fingerprinting, the users cannot directly remove them from the devices. They often have to rely on the data controllers to do it. Passive identifiers read the device information and subsequently creates a profile, which the data controllers can access. Hence, behavioral advertisements can happen via such techniques as well.

The Italian DPA recognizes the decision by the  European Data Protection Board (EDPB) guidelines for cookies about the validity of consent via scrolling. The EDPB has stated that the users scrolling through a web page does not constitute valid consent. However, Garante specifies that when the scroll down can be part of a series of actions that indicate a pattern, it is considered as the users’ unequivocal consent to use cookies. 

The DPA highlights the need for improved methods based on the ‘dynamic web’ to express consent rather than the traditional agree or reject buttons. It believes that such methods based on user behavioral patterns could give more clarity in indicating unambiguous and affirmative action.

Following the footsteps of the EDPB, Garante also ruled that using cookie walls is not valid. Just like Spanish DPA, they allow the use of cookie walls where the website manager provides the users an equivalent alternative to the website content without the need to consent to the use of cookies. The alternative must be GDPR compliant.

Re-collection of consent 

The guideline stresses the need for maintaining proof of consent. The DPA directs that there is no need of asking for consent for using cookies and other tracking technologies every time the same user visits the website. There must be a mechanism to keep a log of the consent and remember the user preference for every visit after the first time.

A website only has to re-collect consent if:

  • there is a change in the condition for obtaining consent
  • The website manager cannot find out if the users have the cookies stored on their devices when they revisit the site. For example, when they delete cookies stored on their device. 

Privacy by design for cookies

The guidelines encourage the websites to follow the privacy by design approach for using cookies.

The website must not store cookies, other than technical, by default. The guidelines also do not allow the use of any active or passive profiling techniques.

It also highlights that the user can deny consent to use cookies by closing the cookie banner on the website without the need to access any web pages or settings.

The structure of analytics cookies

Following the guidelines for privacy by design approach for cookies, Garante states that analytics can be deemed as technical cookies only if:

  • It is impossible to identify the users from the data collected by the cookies
  • The analytics tool masks ¼ of the user IP address (versions, IPv4 and IPv6)
  • The minimized data is not combined with other user information or shared with third parties
  • The use of the cookies is limited to obtain aggregate statistics concerning a single website or mobile app

The DPA urges the websites to use easy to see and use buttons of the same size, emphasis, and color, on cookie consent banners to ensure that users are not influenced by design choice. It states that the cookie banners must comprise of the following:

  • Adequate information about the technical and profiling cookies
  • Information about what each action of users, such as scrolling, indicates
  • Information about the option to accept or deny consent to all the cookies
  • Link to privacy or cookie policy that discloses information about the ways to exercise GDPR rights, potential recipients of personal data collected, storage duration of data collected through cookies, and the categories of cookies the site uses
  • Link to a web page or settings for users that offer a granular option to consent to cookies depending on their categories — where all the options must be de-selected by default

The guidelines suggest that the websites can also adopt a ‘multichannel’ approach for cookie policy. It encourages maximum utilization of the dynamic web by implementing less traditional contact points, such as video channels, pop-ups, virtual assistants, phone calls, and chat boxes.

CookieYes is a cookie consent solution that will help your website to comply with GDPR for cookie usage. You can easily customize the cookie banner to set the consent options and the button size, color, and position of your choice. It also gives an auto recommendation for banner color as per the website’s color scheme. 

With CookieYes, you can add relevant information on the banner, and give granular choices for cookies. 

Banner settings of CookieYes cookie consent solution

CookieYes automatically scans your website for cookies and adds them to the cookie list. It also blocks third-party cookies before the users give their consent. You can also manually add the cookie scripts that you would like CookieYes to block before obtaining the user consent. 

It will record all the consent received that will help you to showcase proof of consent, if necessary.

Dashboard of CookieYes cookie consent solution

It supports multilingual websites with 13 widely spoken languages in the world.

Try for free. Sign up today.

Make Your Website GDPR Compliant With CookieYes

CookieYes is a new and easy solution to make your website comply with the GDPR Cookie Law from Cookie Law Info. Join the 1 Million+ website using our solutions now!


Shreya is a Content Writer for Mozilor Technologies. She writes about data privacy and cookies (not the eating type). In her free time (or any time), she enjoys listening to music and reading fiction.

Post a Comment

Your email address will not be published. Required fields are marked *