This topic created many threads online in the last weeks. Let’s take a look at the details and find out how we can comply with our website.
Cookies are noting more than small text files automatically created by the browser to store informations regarding the users visiting your website.
The italian “Garante della Privacy” states that not all cookies are bad. On 8 May 2014 he divided cookies in 2 categories:
Technical Cookies, used to offer a better service to your users, for example:
- Session cookies
Necessary for the normal functioning of the website, for example to access a client area or buy a product or service.
- Functional cookies
These cookies, despite not being essetiel, are improving the user experience. These are used to remember the user choosen language, or the wishlist in an ecommerce website
- Analytics Cookies
These are considered technical cookies when they are used to collect anonymous informations about websites visitors. Google analytics (probably the most used analytics tool) Allows you to anonimize these cookies.
Profile cookies According to the “Garante della privacy” definition are used to create a profile of an user and used to send advertising messages accordingly to their preferences.
What to show to the user
It is necessary to show a popup to the user the first time that an user access your website, explaining him what we are tracking and giving him a link to the complete policy. From the second time on it’s not necessary anymore. And how do I know it is his second time? With a technical cookie.
The banner has to be present on every page of the website, not only in the homepage, in case the user get into your website from a subpage using a search engine.
An Opt-in is not required, just navigating the website is enough to accept the policy.
Technical cookies do not need any authorisation from the user!
At the moment (until there will be more directions) in this page there must be:
- (for editors with advertising) a text stating that the website is using profilation cookies to send targeted ads
- (if present) that the website uses third party cookies
- A link to an info page that must contain
- A list of cookies used and their purpose
- The possibility of deselecting profilation cookies
- In case of third party cookies, a link to the owner of the cookie informational page
- An indication that navigating the website the user accepts cookies
- Instructions on how to configure the browser to not accept cookies
This policy has to be linked on every page of the website.
As you can imagine writing such a policy it’s a hard work, might be smart to use a service like Iubenda.
How to make your website compliant
At the moment of this writing no websites are complying with the law. Profilation cookies can’t be installed before the user gives his consent, and the user should be able to decide which cookies he wants end which doesn’t. We are not aware of any script that does this properly at the moment.
While waiting for a better solution we would recommend:
- Anonimie google analytics cookies
(all the information provided are provided as is. For detailed information you should reference the actual laws)