On June 10, 2021, the Privacy Guarantor issued a provision to oblige all website owners to comply with the new guidelines on cookies and other tracking tools. The intent is to provide more precise rules on transmitting the information and, above all, on acquiring the consent of users who visit a website. All interested parties will have to adapt by January 9, 2022. There is no time to lose.
What Are Cookies?
The collected data is then generally used for advertising purposes. For this reason, today, it is necessary that the websites that operate this tracking request the interested party’s consent. Those who surf the web will undoubtedly have noticed that, upon entering a site, they are often greeted by a pop-up ( banner) that informs ( information ) about the presence of cookies and requests their permission for installation. However, this only involves a part of the cookies. Since, as we will see in the next chapter, there are different types.
Types Of Cookies
Without going into excessively technical details, we can say that cookies are divided into two main categories: technical cookies and profiling cookies.
They are necessary for the proper functioning of the site. They help store time-saving information for the user, such as the credential storage mentioned above. Being considered indispensable, they do not require the acquisition of the consent by the user but must, in any case, be indicated in the information.
As the name suggests, profiling cookies recognize patterns of behavior, habits, and preferences of visitors to a website. Knowing the exact behavior of its users allows website managers to provide a personalized service based on their customers, send targeted advertising campaigns, and, in general, improve the service offered. Since they are not essential, profiling cookies requires the informed consent of the interested parties.
The new guidelines introduced by the Guarantor are intended to put the user in a position to decide on the installation of cookies in full awareness, thanks to clear and precise information.
Suppose previously, the banner that welcomes new visitors to the site did not have to meet specific requirements with the new rules. In that case, it must have a size, color, or other distinctive characteristics to be immediately visible.
It should be noted that technical cookies are excluded from this obligation, for which only their presence in the information will continue to be necessary. Therefore, at the first access of a new device, websites will not be able to install cookies, if not technical ones. As for the profiling cookies, however, they must be present in the banner and will need the user’s explicit consent before their installation.
This last point represents a cornerstone of the new provision. Consent to profiling must be given unambiguously. This means that the user must actively click a button to accept. Simple “silent assent” will no longer suffice. The Guarantor then indicates some precise characteristics that the banner area must have:
- Previously most of these areas were positioned in a corner, while the new banners must be visible to each new user and must indicate the use, by the site, of technical cookies and any profiling cookies ;
- The site in question must allow, via a link, access to an area where the visitor on duty can choose which cookies to accept and which to refuse.
- The buttons for selecting which cookies to install must be of the same color and size to avoid influencing the user’s choice;
- Finally, the banner can be re-proposed to a user no less than 6 months later, subject to significant changes to the conditions for the processing of personal data.
How Much Time Do You Have To Adjust?
The new guidelines’ date of entry into force is January 9, 2022, the day by which all websites must necessarily comply with the new directives. Finally, the Guarantor establishes the behavior to be adopted for all consents filed before entering the new rule. All data obtained, with prior consent, before July 20, 2021, will remain valid and, therefore, can be used by companies for profiling activities. This is provided that the data is collected in compliance with the GDPR and can be consulted through digital documentation.