The Data Protection Supervisor has approved new Guidelines on cookies, with the aim of strengthening the decision-making power of users regarding the use of their personal data when browsing online. The measure was adopted taking into account the results of the public consultation launched at the end of last year.

The updating of the previous Guidelines of 2014 has become necessary in the light of the innovations introduced by the European Regulation on privacy, but it has its reasons also in a number of other factors: the experience gained in these years (based on the numerous complaints, reports and requests for opinions

The mechanism of obtaining consent online must first ensure that, by default, at the time of first access to a website, no cookies or other tools other than technical ones are placed inside the user’s device, nor is any other tracking technique used.

Here, in summary, the main contents of the new Cookie Guidelines.

Cookie Policy

In compliance with the EU Regulation, the information to users must also indicate any other recipients of personal data and the time of storage of information. And it can be rendered on multiple channels and in different modes (e.g. with pop up, video, voice interactions).

The obligation of information only for technical cookies, also included in the general information, remains confirmed. The Guarantor then recommends that analytics cookies, used to evaluate the effectiveness of a service, are used only for statistical purposes.


For profiling cookies, the need for consent to be requested through a banner that can be clearly identified on the web page, through which users will also be offered the possibility to continue navigation without being in any way tracked, for example by closing the ban

With regard to scrolling, the Guarantor states that the simple shift of the slider (scroll down) is not an appropriate manifestation of consent. The owners of the sites (publishers) will eventually have to insert the scrolling in a more articulated process in which the user is able to generate an event, recordable and documentable at the server of the site, that can be qualified as positive action suitable to manifest in

With regard to the cookie wall, a system that binds users to the expression of consent, the Guarantor clarifies that this mechanism is to be considered unlawful, except for the hypothesis, to be verified case by case, in which the owner of the site allows users anyway access

The Authority also stresses that the re-submission of the banner to any new access for the request of consent to users who previously denied it is not right in legal obligations and is a redundant and invasive measure. The choice of the user, therefore, must be duly recorded and not stressed, unless they significantly change the conditions of the treatment; it is impossible to know if a cookie is already stored in the device; it has elapsed at least 6 months. In any case, the right of users to revoke the consent given before is still in place.

The Guarantor hopes that soon we will arrive at a universally accepted coding of cookies, now absent, that allows to distinguish objectively technical cookies from analytics or profiling cookies. Pending this objective, the Guarantor shall call on publishers to make the criteria for coding of the trackers adopted by each of them manifest in the information.

Site owners will have 6 months to comply with the principles contained in the Guidelines.

Leave a Reply

Your email address will not be published.

You May Also Like