by Rocco Panetta
The new cookie Guidelines and other tracking tools adopted by the Italian Data Protection Authority, the Garante, and published today in the Official Gazette following the public consultation launched last November are a far-sighted measure of great operational detail. Compared to the first text adopted at the end of last year, some important innovations emerge. Sites operating on Italian citizens have six months to comply.
What’s new in the final text of the guidelines
Among the various, the main one is surely the total rejection of the legitimate interest as a legal basis for the use of cookies or other similar tools. Given the established practice on many websites, such a requirement will force many data controllers to rethink from scratch their policies on data processing through cookies. The second is a rule: in the case of authenticated users, it will not be possible to cross-reference data relating to navigation carried out through the use of several devices without prior consent. It will be necessary to understand whether to contextualize this prescription to the CMP (cookie management platforms) or to the privacy policy to be provided during registration to the sites. The Garante then puts a brake on the data controllers who, ignoring the refusal of consent by their users, continue to repropose the banner on the homepage, thus debasing the will already expressed by those concerned. Except in rare cases strictly identified by the Authority, the re-proposition of the banner may occur only after six months.
… Read more on PANETTA’s website