1. What are cookies?
Cookies are small text files that sites visited by users send to their terminals; they are stored and then sent back to those same sites the next time the user visits. However, so-called "third-party" cookies are set by a website other than the one the user is visiting. This is because each site may contain elements (images, maps, soundbites, specific links to web pages on other domains, etc.) residing on servers other than that of the site visited.
2. What are cookies for?
Cookies are used for different purposes: to run computer authentication, monitor sessions, store information on specific configurations for users accessing the server, store preferences, etc.
3. What are "technical” cookies?
These cookies are used for browsing or to provide a service requested by the user. They are not used for other purposes and are normally installed directly by the owner of the website.
Without these cookies, some operations would be impossible or much more complex and/or less secure. For example, in home banking activities (viewing statements, bank transfers, bill payment, etc.) such cookies are essential as they allow the user to be identified and maintain such identification throughout the session.
4. Are analytical cookies "technical" cookies?
No. The Guarantor (see provision of 8 May 2014) has specified that they can be considered technical cookies only if used for site optimization directly by the owner of the site, which can gather information in aggregate form on the number of users and how these users visit the site. Under these conditions, the same rules applied for technical cookies — in terms of information and consent — apply to analytical cookies as well.
5. What are "profiling" cookies?
These are the cookies used to track a user's browsing over the internet and create profiles based on his/her tastes, habits, choices, etc. With these cookies, advertising messages in line with the preferences already expressed by that user through online navigation can be sent to the user's terminal.
6. Is the user's consent required for the installation of cookies on his/her terminal?
It depends on the purposes for which cookies are used and, therefore, whether they are "technical" or "profiling" cookies.
To install technical cookies, user consent is not required, but disclosure (article 13 of the Privacy Law) must be provided. Profiling cookies, on the other hand, can only be installed on the user's terminal if they have given their consent after being informed in a simplified manner.
7. How should the site owner provide simplified disclosure and request consent to use profiling cookies?
As established by the Guarantor in the provision indicated in question no. 4, the disclosure must be set on two levels.
8. How should the banner be created?
The banner must be large enough to partially cover the content of the web page the user is visiting. Moreover, it cannot be deleted without active user intervention; in other words, the user must select an element contained in the page below.
9. What indications must the banner contain?
The banner must specify that the site uses profiling cookies, possibly also "third-party" cookies, which enable it to send advertising messages in line with the user's preferences.
It must contain a link to the extended disclosure and the indication that, through that link, it is possible to refuse consent to the installation of any cookies.
10. How can acquisition of consent through the use of the banner be documented?
To keep track of the consent acquired, the site owner can use a specific technical cookie, a system that is not particularly invasive and that does not require further consent.
When such "documentation" is present, the brief information banner need not be re-presented when the user visits the site again, and this does not compromise the user's ability to easily deny and/or modify their consent options at any time, for example by accessing the extended disclosure through the link that must be present on each page of the site.
No. Site owners can always resort to different methods from the one identified by the Guarantor in the above-mentioned regulation, provided the chosen methods meet all consent validity requirements established by law.
12. Does the obligation to use the banner also apply to the owners of sites that use only technical cookies?
No. In this case, the site owner can inform users in whatever manner he deems most appropriate, for example, even by inserting the relevant information in the disclosure posted on the site.
13. What should the "extended" disclosure indicate?
It must contain all elements required by law, analytically describe the characteristics and purposes of the cookies installed by the site and enable users to select/deselect individual cookies.
It must include an up-to-date link to the information and consent forms of the third parties with which the owner has agreements for the installation of cookies through their site.
Finally, it must also remind the user that they can also exercise their cookies options through their browser settings.
The owner of websites that install profiling cookies.
For third-party cookies installed through the site, the disclosure and consent requirements are the responsibility of the third parties, however, as a technical intermediary between the latter and the users, the site owner is required to include up-to-date links to the third-party disclosure and consent forms in its "extended" disclosure.
For profiling cookies, which usually persist over time, notification is required, while cookies that serve different purposes and fall within the category of technical cookies do not require notification to the Guarantor.
16. When do the measures prescribed by the Guarantor in the provision of 8 May 2014 come into force?
To allow involved parties to comply, the Guarantor has provided a transition period of one year from the date on which the provision was published in the Official Gazette of the Italian Republic. This period will end on 2 June 2015.