25/12/2020
Italian Garante Launched a Public Consultation on its Guidelines on the Use of Cookies and Other Tracking Technologies
The Italian Date Protection Authority (Garante Per La Protezione Dei Dati Personali) – Garante has launched a public consultation on the rules for the use of cookies and similar technologies.
Some of the key highlights mentioned in the summary are:
Technical cookies: They are used for the sole purpose of “carrying out the transmission of communication over an electronic communications network, or to the extent strictly necessary for the provider of a company service of the information explicitly requested by the contractor or by the user a provide this service. Such cookies do not require obtaining prior consent before being placed on users’ device, but the users must be informed about them.
Raw analytics cookies and third parties: They can be treated in the same way as technical cookies only if:
• are used only to produce aggregate statistics and in relation to a single site or a single mobile application;
• at least the fourth octet of the IP address is masked for third party cookies;
• third parties refrain from combining these analytics cookies with other data e.g., customer files or statistics of visits to other site or from passing them further on to other third parties.
Transparency requirements: Information about cookies should have below characteristics:
• in simple and plain language;
• displayed in a layered and channelled manner;
• if only technical cookies are used, the required information can
be placed on the home page of the site or in the general information;
• if other cookies are also used, a pop-up banner which would be displayed immediately upon the visit and appropriately sized should satisfy below criteria:
a) an indication that the site uses technical cookies and with prior consent of the user profiling cookies or other tracking tools stating their purposes related purposes (brief information);
b) the link to the privacy policy containing the complete information, including any other recipients of personal data, the data retention periods and how individual rights can be exercised;
c) an indication that the active conduct through the selection of an explicit command or element contained in the page below the banner constitutes consent for profiling;
d) an option to accept all cookies or other tracking technologies;
e) the link to another section of the website in which a user can obtain more information about the features, third parties and cookies and where through two commands they are able to give consent to the use of all cookies (or only certain categories), and if already given to revoke it, by performing a single action;
f) a command e.g., “X” at the top right, to close the banner without giving consent to the use of cookies or others profiling techniques while maintaining the default settings;
• Consent should be sought again if one or more of the conditions under which it was collected change or when it is impossible for the website to know if a cookie has already been stored on the device. There is no need to ask for a consent each time the users visit the website.
Further information to be provided: The coding criteria of cookies and other tracking tools adopted, to be communicated, upon request, to the Authority.
Additional information can be found in the summary available here and full information can be found in the Guidelines available here.
The information in this article is taken from both the documents and translated from Italian language. Always refer to the original document for the accurate translation as errors and omission may occur despite the best effort we take to provide the most accurate translation.