by Rocco Panetta
The new cookie Guidelines and other tracking tools adopted by the Italian Data Protection Authority, the Garante, and published today in the Official Gazette following the public consultation launched last November are a far-sighted measure of great operational detail.
Compared to the first text adopted at the end of last year, some important innovations emerge. Websites addressing their services to Italian users have six months to comply.
What’s new in the final text of the guidelines
The main novelty introduced is surely the total rejection of the legitimate interest as a legal basis for the use of cookies or other similar tools. Given the established practice on many websites, such a requirement will force many data controllers to rethink from scratch their policies on data processing through cookies.
The second one is a rule that concerns authenticated users: in the case of authenticated users, it will not be possible to cross-reference data relating to navigation carried out through the use of several devices without prior consent. It will be necessary to understand whether to contextualize this prescription to the CMP (cookie management platforms) or to the privacy policy to be provided during registration to the sites.
The Garante then puts a brake on the data controllers who, ignoring the refusal of consent by their users, continue to repropose the banner on the homepage, thus debasing the will already expressed by the data subjects. Except in rare cases strictly identified by the Authority, the re-proposition of the banner may occur only after six months.
A click to close them all
For users, an important novelty of the guidelines – even if already known with the text that went into consultation – is instead the possibility to refuse all cookies with a click on an X that closes the request window.
No more websites that force you to choose between two options, “accept all” or “accept only selected”. Rejecting cookies becomes as easy as accepting them. A step that improves transparency and protects the free consent of the user (which can never be “extorted” with practices limiting his choice or with dark patterns).
This is with a view to protecting the rights of the data subjects but also to developing a healthy market based on personal data and personalized advertising, for the sustainability of online publishing.
…
Originally published on Agenda Digitale.