We are iubenda partners and above all we have a privacy consultant who follows us, so we are immediately updated when there are news on privacy.
Below we briefly summarize what’s going to change regarding cookies. There is time until January 10, 2022 to comply.
The new cookie regulations
Let’s start by saying that the new regulations affect you if you or your users have based in Italy. Let’s see below specifically, point by point, what changes.
1. Cookie banner
The cookie banner is used to give consent to cookies. It is a notice that is shown when you access a site for the first time. Its purpose is to inform visitors of the presence of cookies.
The notice says that the banner must include:
- a’brief on the use by the site of technical cookies and any profiling cookies or other tracking tools, with the relative purposes;
- a’clear indication that makes it clear to the visitor without any doubt that by accepting he/she is giving his/her consent to profiling. So the simple scrolling is not considered a valid method for collecting consent, the best way remains the click on the button “Accept”;
- a link, such as the “Learn more and customize” button, where the user can select which cookies to install and which not to install;
- the button Accept to accept all cookies;
- the button Reject to refuse all cookies.
So the news is:
- The buttons Accept and Reject become mandatory;
- users must be able to select which cookies to install and which not to install;
- users must be able update their preferences of tracking over time.
2. Consent collection
As mentioned in the previous point the scrolling Is not considered to be a valid method for collecting the consents. The same applies to the cookie wallaka a wall, which blocks navigation to the site unless all cookies are accepted. This practice had already been excluded from the modalities valid at May 2020.
3. Cookie consent preferences
Users may be asked again to provide consent only if:
- le conditions of consent have changed, such as, services have been added or removed;
- the owner of the site cannot keep track of prior consent, for example, if the visitor returns to the site with an anonymous browser or has deleted cookies from their device;
- at least 6 months have passed since the last acquisition.
4. Statistical cookies
We remind you that cookies are defined on the basis of two macro categories: technical cookies e profiling cookies. Technical cookies are the cookies that are used for navigation or to provide a service to the user, while profiling cookies are used to collect information such as on the number of users and how they visit the site.
With regard to statistical cookies it is made explicit that the first party statistical cookies can be installed without the user’s consent.
Instead the third-party statistical cookies (Google Analytics), may be installed without user consent only if:
- they do not allow the identification of a precise user (for example, Anonymized IP);
- their use is restricted to a single site/app;
- are not shared or disclosed to third parties;
- the data collected are not combined with other data.
In some countries (e.g. Belgium, Ireland and the United Kingdom) statistical cookies always require consent. Consequently, prior blocking remains the most prudent option.
5. Proof of consent
The Guarantor specifies that the owner of a website is required to prove that he has obtained a valid consent according to the standards of the GDPR.