Cookies rules have just come into force in Italy.
Due to interpretative uncertainty, on June 5, the Italian Data Protection Authority (DPA), or the Garante, issued a set of clarifications concerning the correct interpretation and the relevant implementation of the provisions provided for by the general resolution No. 229/2014, "Simplified arrangements to provide information and obtain consent regarding cookies."
In detail, the main clarifications provided by the Garante include:
- Analytics cookies can be equated to technical cookies insofar as they are used directly by the website manager to improve the usability of the website, e.g., to collect aggregate information on the number of visitors and the pattern of visits to the website;
- If analytics cookies are made available by third parties, the websites' managers making use of such cookies are not subject to the obligations provided for by the applicable law, such as, for instance, notification to the DPA if proper mechanisms to reduce the identification of the users are adopted--for instance, by masking a significant part of the IP--and the third party undertakes to not make a cross-check of the information provided by the cookies with those already in his availability;
- If the website contains links to third parties' websites such as, for instance, advertising banners or links to social networks, which do not require the installation of profiling cookies, then it will not be necessary to implement the information via simplified mechanisms, i.e., the informative banner nor to acquire the previous users' consent online;
- It is also possible to acquire the users' consent online through the "scroll" of the web page, provided that such an option is expressly provided for by the information;
- Within the extended information notice, it is not necessary to require and acquire the consent for each cookie, but it is possible to request a consent based on the cookies' category, such as travel or sports;
- It is possible to do only one notification with regard to all websites managed within the same domain, and,
- The provisions provided for by the general resolution on cookies shall apply to websites that install cookies on users' terminals, regardless of the presence of an office in Italy.
Although the Garante has followed a very prudent, transparent and open approach in adopting cookies rules, at the same time, a number of issues are still a struggle as the consent mechanism is always functioning in theory but hard to be implemented in concrete.
If you want to comment on this post, you need to login.