Avoid losing your Google Ads features and performance: Google now enforces Consent Mode v2. Adapt now →

Italian cookie guidelines explained

Blog
In January 2022, the deadline for meeting the new Italian cookie guidelines passed. The Italian Data Protection Authority ‘Il Garante’ will continue to hand out fines to non-compliant companies. In this article, I’m going to tell you exactly how you meet the Italian cookie requirements without losing all your data.
Table of Contents

The Italian cookie guidelines:
The 10 simple steps to comply

Italy updates its cookie guidelines – do they apply to you?

On July 10th, 2021, the Italian Data Protection Authority “Il Garante” approved a new set of guidelines for the use of cookies on websites and apps.

The deadline for meeting the new requirements was January 10th, 2022.

Did you meet the deadline?

Or don’t you know where to start?

I’m going to take you step by step through the Italian cookie guidelines. Show you exactly what you need to do. No legal language, no jargon. Just plain words you can act on!

Who are the Italian cookie guidelines for?

“If your website or app visitors are based in Italy, the new Italian cookie guidelines apply to you!”

So, if your business is based in Italy or you target Italian citizens, these cookie guidelines are for you.

Italian cookie guidelines – what are the rules?

The new Italian cookie guidelines requires you to collect valid cookie consent from the users of your website or app.

And you must be able to document the consent. 

But there are specific ways you must collect that cookie consent.

Let’s break down the guidelines.

The Italian Data Protection Authority requires you use a cookie banner to collect consent.

The cookie banner informs your visitors of your use of cookies.

It informs about:

  • who owns the cookies (you, Google, Facebook, Amazon etc.)
  • what data they collect (marketing, statistics etc.)
  • and for how long time they collect data.

And the banner collects your visitors’ consent.

For your cookie banner to comply with the Italian cookie guidelines and the GDPR it must include:  

This is how Cookie Information helps you get a cookie banner that complies with the Italian cookie guidelines.

The rules for consent are like those in the GDPR.

Consent is an active choice between a ‘yes’ or a ‘no’ based on information about what the user gives consent to.

This is how Cookie Information helps you collect consent that complies with the Italian cookie guidelines

What is the legal basis for using cookies? And how you document it?

This is how Cookie Information helps you collect and document all your users’ consent

The Italian Data Protection Authority also touches upon first-party data and analytics cookies.

These rules apply under specific conditions:

This is how Cookie Information helps you control how to collect consent before cookies are set

Follow these simple guidelines and you comply with the new Italian cookie guidelines.

Here’s how you do it!

Cookie Information helps your business comply with the Italian cookie guidelines

Cookie Information’s Consent Management Platform makes sure your website or app is always cookie compliant.

And you don’t have to worry about losing all your data!

Cookie Information is a Google CMP partner.

Google Consent Mode is integrated in our platform as default!

That means you get valuable traffic and conversion data from all those users who decline cookies.

Here’s what you get:

You get a GDPR compliant cookie banner for your website or app that complies with the new Italian cookie guidelines.

The cookie banner includes:

  • Information on cookies and data collection based on deep scans of your website or app (as required by the Italian guidelines).
Cookie Information's cookie banner that complies with the Italian cookie guidelines
An example of a compliant cookie banner that informs visitors of cookies and collects their consent.
  • A “reject all” or “decline all” button (as required by the Italian guidelines).
An example of a compliant cookie banner with a reject/decline button in the banner’s first layer - Italian cookie guidelines
An example of a compliant cookie banner with a reject/decline button in the banner’s first layer.
  • Toogles and checkboxes so your user can choose what data to give consent to (as required by the Italian guidelines).
An example of a compliant cookie banner with a toggles or checkboxes to give specific consent in the banner’s first layer - Italian cookie guidelines
An example of a compliant cookie banner with a toggles or checkboxes to give specific consent in the banner’s first layer.
  • An easy way to change or withdraw consent to cookies
An example of an easy way for your users to re-open the cookie consent banner and change or withdraw consent - Italian cookie guidelines
An example of an easy way for your users to re-open the cookie consent banner and change or withdraw consent.

All your visitors’ consents are securely stored on Microsoft Azure servers within the EU/EEA.

And if the Italian Data Protection Authority asks to see them, we will assist you in every way, so you pass the audit with flying colors.

Give us 5 minutes and we’ll show you how to comply with the Italian cookie guidelines without losing all your data.

The Italian cookie guidelines - the legal stuff

Applicable Italian and international law (GDPR).

The relevant legal framework is the ePrivacy Directive 2002/58/EC amended and transposed in national law by Section 122 of Legislative Decree No 196 of 30 June 2003 and the GDPR.   LINKS

Essentially what Section 122 contains is:

Storing information, or accessing information that is already stored, in the terminal equipment of a contracting party or user shall only be permitted on condition that the contracting party or user has given his consent after being informed in accordance with simplified arrangements.

According to Italian law, cookies and other tracking tools (other than technically necessary cookies) may only be used after obtaining an informed consent. It is the responsibility of the website or app owner to collect that consent.

But in 2018 the GDPR took force. Rules for consent are much stricter in the GDPR and requires data controllers (owners of websites and apps) to collect a consent that is:

  • Freely given
  • Informed
  • Specific
  • Unambiguous

The Italian cookie guideline’s rules for consent are equal to those of the GDPR.

The new version of the Italian cookie guidelines come from the revised 2014* cookie guidelines which needed an update considering new laws and decisions like the 2018 GDPR, the European Court of Justice ruling against Planet49, Schrems II and much more.

* Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies (decision no. 229 of May 8, 2014) published on June 3, 2014

The new Italian cookie guidelines were approved on July 10th, 2021, by the Italian Data Protection Authority “Il Garante”.

The deadline for meeting the new requirements was January 10th, 2022.

Meet the deadline already today with Cookie Information’s Consent Management Platform.

Cookie Information ensures your cookie compliance

Give us 5 minutes and we’ll show you how. 

FAQ on cookies and consent in Italy

[Q] – We are not using cookies on our website!

[A] – Most websites use cookies. These are either technically necessary cookies used for making the website work (e.g., remember language preferences, login settings, shopping cart cookies), or cookies set through your website by some of the services you use like for example Google Analytics, Facebook, Instagram, LinkedIn, Hotjar etc.

Our website is not collecting – or processing – any personal data!

 Maybe not, but third-party services like Google Analytics, Facebook, Hotjar, Amazon are! If you use any third-party service which set cookies through your website, you are the Data Controller (according to the GDPR), so collecting valid consent using these cookies is your responsibility.

Can we use Google Analytics without consent?

No. Google Analytics is using multiple cookies that collect your visitors’ personal information which is used to provide you with insights into audience, acquisition and behaviour. That’s made possible with persistent cookies that track the user across your website. If you use Google Analytics, you should definitely collect valid GDPR consent to cookies.  

What are technically necessary cookies?

Technically necessary cookies are essential for your visitors to browse your website and use its features. That could be login features and shopping cart cookies (so the information is not lost when the visitor clicks away from a specific page). Technically necessary cookies are not Google Analytics. Unfortunately.

How do I know if my website is GDPR cookie compliant?

You have it checked. By a Consent Management Platform provider – like Cookie Information – which can easily and quickly assess whether your website uses cookies that are not collected consent for. Get a free compliance check here with Cookie Information. No strings attached.