New cookie regulations



The July 10, 2021 The Privacy Guarantor has approved the new guidelines for the use of cookies.

We are iubenda partners and above all we have a privacy consultant who follows us, so we are immediately updated when there are news on privacy.

Below we briefly summarize what’s going to change regarding cookies. There is time until January 10, 2022 to comply.

The new cookie regulations

Let’s start by saying that the new regulations affect you if you or your users have based in Italy. Let’s see below specifically, point by point, what changes.

1. Cookie banner

The cookie banner is used to give consent to cookies. It is a notice that is shown when you access a site for the first time. Its purpose is to inform visitors of the presence of cookies.

The notice says that the banner must include:

  • a’brief on the use by the site of technical cookies and any profiling cookies or other tracking tools, with the relative purposes;
  • a link to the cookie policy where it must be indicated which data and for how long it is saved and how it will be used;
  • a’clear indication that makes it clear to the visitor without any doubt that by accepting he/she is giving his/her consent to profiling. So the simple scrolling is not considered a valid method for collecting consent, the best way remains the click on the button “Accept”;
  • a link, such as the “Learn more and customize” button, where the user can select which cookies to install and which not to install;
  • the button Accept to accept all cookies;
  • the button Reject to refuse all cookies.

So the news is:

  • The buttons Accept and Reject become mandatory;
  • users must be able to select which cookies to install and which not to install;
  • users must be able update their preferences of tracking over time.

For all visits after the first one, the user will not see the banner, but must be able to access the privacy/cookie policy (we recommend inserting the link on all pages in the footer) and an area where he/she can modify the tracking preferences expressed previously.

2. Consent collection

As mentioned in the previous point the scrolling Is not considered to be a valid method for collecting the consents. The same applies to the cookie wallaka a wall, which blocks navigation to the site unless all cookies are accepted. This practice had already been excluded from the modalities valid at May 2020.

Users may be asked again to provide consent only if:

  • le conditions of consent have changed, such as, services have been added or removed;
  • the owner of the site cannot keep track of prior consent, for example, if the visitor returns to the site with an anonymous browser or has deleted cookies from their device;
  • at least 6 months have passed since the last acquisition.

We remind you that cookies are defined on the basis of two macro categories: technical cookies e profiling cookies. Technical cookies are the cookies that are used for navigation or to provide a service to the user, while profiling cookies are used to collect information such as on the number of users and how they visit the site.

With regard to statistical cookies it is made explicit that the first party statistical cookies can be installed without the user’s consent.

Instead the third-party statistical cookies (Google Analytics), may be installed without user consent only if:

  • they do not allow the identification of a precise user (for example, Anonymized IP);
  • their use is restricted to a single site/app;
  • are not shared or disclosed to third parties;
  • the data collected are not combined with other data.

In some countries (e.g. Belgium, Ireland and the United Kingdom) statistical cookies always require consent. Consequently, prior blocking remains the most prudent option.

5. Proof of consent

The Guarantor specifies that the owner of a website is required to prove that he has obtained a valid consent according to the standards of the GDPR.

Need help setting up your cookie and privacy policy?


Next Post