On June 2, 2015 the new requirements set by European legislation on cookies came into force in Italy. In June 2014, the Data Protection Authority had published the initial guidelines. However, they lacked operational guidance. Immediately after, an inter-association panel promoted by Fedoweb, iab, Netcomm and UPA - associations of reference in the online world - was set up in order to fill this gap. The result of the panel, which has interacted with the Authority itself, was the release of a kit containing guidelines to implement the Cookie Law also on the technical side. Let's look together at the consequences of the Cookie Law and how to adapt to the new provisions in accordance with the kit approved by the Authority. While reading, always keep in mind that the following text may contain simplifications and it is always advisable to consult a legal advisor who can assist you directly. The Cookie Law in brief: In short, with the entry into force of the Cookie Law, from June 2 it will not be possible to install cookies before following this procedure: - Having prepared and shown to the user an information banner; - Having prepared and shown to the user a cookie policy; - To have required the consent of users; There are some exceptions which I will explain below, together with all the details. The Cookie Law in details: To comply with the Cookie Law, it is required that all sites that install cookies - even through third-party tools - must show a banner to the user's first visit, put in place a cookie policy and allow the user to provide consent as indicated by law. Before consent is given, no cookie - except technical cookies - can be installed. Brief information note: A brief information note will be provided through a short banner that should disclose the purpose of installation of cookies that the site uses. The banner must be sufficiently discontinuous from the user experience of navigating the site in order to make sure it gets noticed by the user. Among the examples provided by the Authority there are both a version in the middle of the page and a solution with a strip at the top of the site. Cookie Policy: The Cookie Policy does not need to list - name by name - all the cookies installed by the site. Instead, it must describe in detail the purpose of installation of cookies and indicate all third-parties who install or could install, with a link to the respective privacy policies, Cookie Policy and any consent forms. If the owner of the site installs and operates directly cookies that are not exempt from consent obligation (such as profiling cookies), it is necessary that in the Cookie Policy it is possible to exercise such consent. Consent: The consent is provided by the user through the continued operation, including clicking on links or scrolling the page. The only situations in which consent is held pending occurs if the user leaves the site without continuing navigation (including scrolling) or if the user reads the Cookie Policy. Inside the Cookie Policy the user may withhold consent to the installation of cookies, but to do so he must visit the sites of the individual services used by the site and refer to their policy and the instructions provided to prevent tracking. The only exception is that mentioned in the section regarding the Cookie Policy in reference to cookies not exempt and managed directly by the owner. Block cookies before consent: In accordance with general principles of privacy legislation, which prevent the treatment before consent, the Cookie Law does not allow the installation of cookies before obtaining prior consent, except for the exempt categories that will be explained below. In practice, this means that, for example, codes that link banners or simply codes that handle live chat can not run before obtaining prior consent (which, we repeat, is also obtainable by simply scrolling). Adaptation to this law will unfortunately be challenging for many sites and requires changes to the code of the site. The Authority has been very clear in this regard and you need to adapt if you want to respect the law. Cookie exempt from consent: Fortunately, some cookies are exempt from consensus and therefore are not subject to the preventive block. In particular:
  • Technical cookies, which are those needed to provide the service, including cookies of preference, session, load balancing and so on.
  • Statistics cookies managed directly by the owner, for example through softwares like Piwik;
  • There has lately been an opening of the Authority - albeit unofficial - to consider as exempt from the consent also statistical cookies used by third party (eg. Google Analytics), but only if the data is anonymised before being saved by the third service.
  How to fit in: Iubenda - a company specializing in the development of software solutions for compliance with legal obligations related to online and mobile presence - thanks to his participation to the inter-associative panel with the Authority as a technical partner, has developed a kit ready to adapt websites in accordance with the provisions of the Cookie Law in no time and without expensive investments. Iubenda is able to manage the problems of obtaining consent on cookies, saving preferences, displaying banners and generating the cookies policy - minimizing the negative impact of the Cookie Law on online businesses. In particular, even before the law came into effect with Iubenda you could already prepare:
  • The banner with the information brief;
  • The Cookie Policy;
  • The system of consensus through continued operation.
  From June 2 onwards you need to block codes when running cookie before acquiring the consent, in line with the requirements of the Authority. Therefore, Iubenda has released another set of functional tools to adapt easily to this aspect of the legislation. If you wish to find out more information on how to ensure compatibility with the Cookie Law and on means that Iubenda provides, please consult the guide to the Cookie Law and the dedicated kit available on the website of Iubenda at www.iubenda.com/it/cookie-law-e-soluzioni-iubenda. Iubenda is partner of LUISS ENLABS. Our startups can get Iubenda Cookie Kit with 25% off for one year!