As of January 2022, the new guidelines of the Italian Data Protection Authority on the use of cookies and other tracking tools have come into force, binding anyone with a website, regardless of their activity.
Changes include the methods for signing consent, the installation of cookies by interested parties, and the communication of information.
Therefore, it is advisable to write a checklist to verify the compatibility of the website with the adjustments required by the Guarantor, and avoid the application of penalties, which are quantifiable in an amount equal to 4% of the annual turnover of the company.
Cookies are text files that websites place and store inside a terminal device, in the availability of their visitors. They are temporary files containing various information about the user: their IP address, their unique identifier, their email address and the preferences expressed, such as the categories of products most frequently purchased. It is therefore a tracking of computers and devices to collect information about the person who on the Internet downloads pages, fills in forms, buys goods, watches movies, etc...
By tracking user behaviour on websites, a profile can be built that can be used by advertisers and digital advertising platforms such as Google Analytics and Facebook Ads.
The one envisaged by the Italian Data Protection Authority is an adjustment that should protect users' privacy and facilitate their browsing experience on the web, making it possible to refuse all cookies by simply closing the banner with a click on the X, and no longer suffer their repetitive reappearance after refusal. In the past, accepting all cookies was the most convenient choice, while rejecting some or all of them required several clicks on various boxes, sometimes difficult to apply on the small screen of smartphones. Now, however, it is possible to choose at a glance whether to accept third-party profiling cookies or reject them all.
The most important change for companies concerns the tracking of user behaviour: in fact, banners on profiling cookies can no longer contain a reference to the legal basis of 'legitimate interest' (i.e. without consent).
The only exception applies to cookies that do not track or profile behaviour, technical and analytical cookies (analytics), as long as they only provide aggregate statistics, without tracking in any way the individual user, computer, or mobile phone (no IP address).