FAQ of the Italian Privacy Guarantor
Frequently asked questions
1. What are cookies?
They are small text files that the sites visited by users send to their terminals, where they are stored and then transmitted back to the same sites at the next visit. The so-called cookies “Third parties” are instead set by a website other than the one the user is visiting. This is because on each site there may be elements (images, maps, sounds, specific links to web pages of other domains, etc.) that reside on servers other than that of the visited site.
2. What are cookies used for?
They are used for different purposes: performing computer authentications, monitoring sessions, storing information about specific configurations concerning users accessing the server, storing preferences, etc.
3. What are “technical” cookies?
These are the cookies that are used to browse or provide a service requested by the user. They are not used for other purposes and are normally installed directly by the website owner.
Without their recourse, some transactions could not be carried out or would be more complex and/or less secure, such as home banking activities (viewing the bank statement, wire transfers, payment of bills, etc.), for which cookies, which allow you to make and maintain the identification of the user within the session, are indispensable.
4. Are cookie analytics also “technical”?
No. The Guarantor (see provision of 8 May 2014) has specified that they can be assimilated to technical cookies only if used for the purpose of optimizing the site directly by the owner of the site, who will be able to collect information in aggregate form on the number of users and on how they visit the site. Under these conditions, the same rules apply to cookie analytics, as regards information and consent, provided for technical cookies.
5. What are “profiling” cookies?
They are used to track the user’s browsing on the net and create profiles on his tastes, habits, choices, etc. Using them, advertising messages can be transmitted to the user’s terminal in line with the preferences already expressed by the same user in on-line browsing.
6. Is user consent required for the installation of cookies on his terminal?
It depends on the purposes for which they are used and, therefore, whether they are “technical” or “profiling” cookies.
The installation of technical ones does not require the consent of the users, while it is necessary to give the information (art. 13 of the Privacy Code). Profiling, on the other hand, can only be installed on the user’s terminal if the user has expressed his consent after being informed in simplified ways.
7. How should the site owner provide the simplified information and request consent to the use of profiling cookies?
As established by the Guarantor in the provision indicated in question no. 4, the information must be set on two levels.
8. How should the banner be created?
The banner must be large enough to partially cover the content of the web page that the user is visiting. It must only be possible to eliminate it through active user intervention, i.e. by selecting an element contained on the page below.
9. What indications should the banner contain?
It must specify that the site uses profiling cookies, possibly even “third parties”, which allow you to send advertisements in line with the user’s preferences.
In its interior it must contain the link to the extended information and the indication that, through that link, it is possible to deny consent to the installation of any cookie.
10. How can the acquisition of consent through the use of the banner be documented?
To keep track of the acquired consent, the site owner can use a special technical cookie, a system that is not particularly invasive and which in turn does not require further consent.
In the presence of such “documentation”, it is not necessary for the short information to be repeated on the user’s second visit to the site, without prejudice to the possibility for the latter to refuse consent and / or modify, at any time and in a manner easy, your options, for example through access to the extended information, which must therefore be linkable from every page of the site.
No. The owners of the sites always have the possibility of using methods other than that identified by the Guarantor in the aforementioned provision, provided that the chosen methods present all the validity requirements of the consent required by law.
12. Does the obligation to use the banner also affect the owners of sites that use only technical cookies?
13. What must the “extended” information indicate?
It must contain all the elements required by law, analytically describe the characteristics and purposes of the cookies installed by the site and allow the user to select / deselect individual cookies.
It must include the updated link to the information and consent forms of the third parties with which the owner has entered into agreements for the installation of cookies through its website.
Finally, it must recall the possibility for the user to express their options on cookies also through the settings of the browser used.
The owner of the website that installs profiling cookies.
For those of third parties installed through the site, the information and consent obligations burden the third parties, but the owner of the site, as a technical intermediary between them and the users, is required to include in the “extended” information the updated links to the information and consent forms of the third parties.
Profiling profiles, which usually remain over time, are subject to the obligation to notify, while those with different purposes and which fall into the category of technical ones, should not be notified to the Guarantor.
16. When do the measures prescribed by the Guarantor come into force with the provision of 8 May 2014?
The Guarantor has provided for a transitional period of one year from the publication of the provision in the Official Journal to allow interested parties to comply. This period will end on June 2, 2015.