The Data Protection Authority has published (Official Gazette No. 163, July 9, 2021). The Guidelines on cookies and other tracking tools adopted on websites (June 10, 2021), aiming to strengthen users’ decision-making power regarding the use of their personal data when browsing online. The document(summary sheet here) updates the guidance contained in measure no. 229/2014 in light of the changes introduced by GDPR 679/2016.

Basically, changes related to the mode of displaying the cookies banner, and the mode of accepting them, with the possibility for those accessing the site to be able to consult the content while keeping non-technical cookies disabled or otherwise be able to make differentiated selections on them, in detail:

  • Prior and explicit consent must be obtained prior to any cookie activation (except for necessary, whitelisted cookies).
  • Consents must be specific, i.e., the user must be able to enable some cookies while leaving others disabled: therefore, he or she should not be forced to consent to all or any.
  • Consent should be given freely, that is, it should not be forced.
  • Consents should be revocable as easily as they are given.
  • Consents must be kept securely as legal documentation.
  • Consent must be renewed annually, although, some national data protection guidelines recommend more frequent renewal, such as every six 6 months.

The legislation also provides for severe penalties:

  • Failure or inadequate disclosure : from 6,000 to 36,000 euros
  • Installation of cookies without consent : from 10,000 to 120,000 euros

I titolari del trattamento che non avessero ancora adempiuto a quanto previsto dalle linee guida avranno tempo sino al 9 gennaio 2022 per conformarsi ai principi in esse contenuti.