Cookies are strings of text that websites visited by the user or different web server sites (i.e. third-parties) place and store within a terminal device in the availability of the user.

The purpose of the new guidelines of the Italian Data Protection Authority, published in Gazzetta Ufficiale n. 163 of 9.07.2021, is to increase the protection of users by strengthening their decision-making power regarding the use of personal data collected by cookies.

The Guarantor has officially invited the owners, namely the companies, to assess with extreme rigour that their website is in compliance with the new provisions and to adopt any possible solution, including the ones of technical nature, suitable to be interpreted and recorded as a form of consent expressed by the user for the installation of cookies or for the use of other tracking tools.

Correctly applying the new rules, among the main innovations, companies:

  • in no case may they invoke, for example, as was observed by the Guarantor during the verifications carried out on different websites, the discriminating legitimate interest of the owner to justify the use of cookies or other tracking tools;
  • they can no longer use the simple “scroll down” of the cursor to collect consent to the installation and use of profiling cookies or other tracking tools.

Therefore, the opt-in mechanism is confirmed: no cookies (except for purely technical ones) can be applied to the user who does not express any choice.

Moreover, it has been observed that the excessive repetition of the banner for the acquisition of consent, where the user has previously denied it, appears likely to harm its freedom, inducing it to give such consent to continue browsing.

By 9 January 2022 at the latest, all websites must be compliant. In this way, visitors can exercise the rights of which they are carriers and at the same time the owner of the website will not incur penalties.