In Italy, the public consultation has been completed, and we are waiting for the Garante to publish its new guidelines on cookies. If you are interested in this market, it’s time to prepare for the implementation of the new rules. Banner configuration, audience measurement cookies, granular consent, walls… We will tell you everything.
Why new guidelines on cookies in Italy?
The Garante per la protezione dei dati personali (“Garante”) is the Italian data regulator. An active regulator since 2020, Italy has issued the most significant fines in Europe.
Now, it is Italy’s turn to review its guidelines on cookies! The current version dates back to May 8, 2014, before the entry into force of the GDPR.
A revision became essential to incorporate the new requirements for consent and transparency.
This is one of many reasons. The Italian authority has also conducted checks on the implementation of legal obligations. It noted the arrival of new tracking technologies on the internet.
On December 10, 2020, the Garante submitted a draft of guidelines for public consultation. An essential step to base the new rules on practical experience. Actors such as the IAB have announced that they have responded.
The public consultation is now closed, and we await the document’s final version. This text will naturally regulate cookies and other alternative technologies, such as fingerprinting.
What are the main points of the draft guidelines?
Audience measurement cookies are exempt from consent in Italy under certain conditions. Only purely technical cookies can be deposited directly on the first visit to the site. For others, the user’s license will be required.
What about web analytics?
The Garante has a clear position on this. Whether first or third-party cookies, audience measurement cookies can be considered technical cookies if they meet several conditions:
- They have the sole purpose of facilitating the creation of aggregated statistics;
- Audience measurement is on a single site or mobile application;
- Third-party actors hide the fourth part of the IP address;
- Data collected via third-party cookies are not shared or communicated to other third-party actors or enriched with other data.
The regime to apply will depend on the use made of these cookies. This rule explains why Google Analytics cookies are generally considered subject to user consent in France.
The banner is a valid format but not imposed.
According to the Garante, the flag is a suitable mechanism for informing and collecting consent from your visitors to deposit cookies.
The banner display is optional if the site only places technical cookies. Of course, information on the types of cookies placed will need to be provided, but this can be done on the homepage or through a dedicated cookie information section.
In any case, the guidelines specify that it should include the following:
- A first level of information to indicate that technical or profiling cookies, and other tracking tools, are used and for what purposes;
- A link to the publisher’s privacy policy. This will mention, in particular, who the recipients of the data collected are, their retention periods, and the rights available to each person regarding their data;
- A button to accept cookies and other trackers;
- A link to a parameterization area allows granular consent choices. Information banners are therefore excluded;
- A button (a cross or a “close” button) allows the banner to be closed. This action will be considered a refusal to consent.
The CMP is an essential tool for granular consent management in Italy. If the user wishes, they will click on a button on the banner and be able to manage their consent choices more granularly.
This “dedicated area,” as called by the Italian regulator, will include the following:
- “Accept all” and “Reject all” buttons;
- Possibilities to configure preferences for broad processing purposes;
- Options to configure preferences by cookie category;
- The ability to choose for each third-party actor depositing cookies.
Once the user has expressed their choice, the publisher does not need to display the banner again. However, they must be able to easily access the privacy policy, information on cookies, and the module for managing their consent granularly.
A Consent Management Platform (CMP) will be indispensable for managing this user journey and complying with Garante’s guidelines. Fortunately, this is the business of Axeptio!
Scrolling, cookie walls, to use with moderation
Scrolling is not considered a valid mode of consent in principle. The Garante, however, opens the way to its recognition in specific cases where it is part of a series of actions that allow the user’s intention to consent to be expressed unambiguously.
In line with the CNIL, the Garante does not favor cookie walls. The publisher could use this format if they provide access to content or services without the user’s consent.
In any case, the publisher must be able to prove the compliance of their consent collection process.
By the way, we recommend that you take a look at this little column on the cookie wall, co-written by 2 Axeptio partners (and not the least): Romain Bessuges (CEO of Axeptio) and Christophe Landat (lawyer and partner at Axeptio as well).
Ready to adopt the Italian Garante’s guidelines on cookies?
Although the guidelines are still a project, start before the last moment.
On the contrary, familiarize yourself with the existing text to understand what the Italian regulator expects.
A Consent Management Platform will be an essential tool; it is simply a matter of deploying a rigorous policy for managing cookies deposited via your site.
No need to panic; Axeptio provides a tool that has proven its worth and passed the stress test of regulations in other countries such as France or Belgium. The original approach to cookie management modules will also allow you to transition to the era of chosen marketing.
