Extended cookie information – Act of the Italian Privacy Authority no. 229/2014
Cookies are small text files that are sent to the user’s terminal equipment (usually to the user’s browser) by visited websites; they are stored in the user’s terminal equipment to be then re-transmitted to the websites during the user’s subsequent visits to those websites. When navigating a website, a user may receive cookies from other websites or web servers (the so-called “third party”) where are located some items present on the website that the user is visiting (e.g. images, maps, sounds, specific links to pages of different domains).
Cookies are usually present in substantial numbers in the browser of each user and sometimes they remain stored for long. They are used for several purposes: performing IT authentication, monitoring of browsing sessions, storage of information on specific configurations regarding users accessing the server.
In order to appropriately regulate these devices, it is necessary to distinguish them by having regard to the purposes sought by the entities relying on them, since there are no technical features that allow to differentiate them.
In this regard cookies may be distinguished between “technical” cookies and “profiling” cookies.
Technical cookies are those used exclusively with the only purpose of “carrying out the transmission of a communication on an electronic communications network, or insofar as this is strictly necessary to the provider of a service of the information society that has been explicitly requested by the contracting party or user to provide the said service”.
They are not used for further purposes and they are usually installed directly by the owner or by the manager of the website. They can be grouped into browsing or session cookies, which allow users to navigate and use a website (e.g. to purchase items online or to authenticate to access reserved areas); analytics cookies, which can be equated to technical cookies when they are used directly by the website manager to collect aggregate information on the number of visitors and the pattern of visits to the website; functional cookies, which allow users to navigate according to selected criteria (such as language or products selected for the purchase) with the aim of improving the quality of service.
In order to install these cookies the users prior consent it is not requested.
Profiling Cookies are aimed at creating profiles of the user and they are used for sending advertising messages in line with the preferences expressed by the user during the navigation of the internet.
Due to the highly invasive nature that these cookies may have within the private sphere of the users, the Italian and European law requires that the users must be informed appropriately on their use as to give their valid consent.
For Profiling Cookies of third parties is meant, as an example: Google Analytics (it detects navigation data), Google Adsense and associated platforms, advertising agencies, social sharing buttons, social buttons of social networks, banners of affiliating platforms, Google APIs, images. Said cookies are disabled and they are activated only if the user clicks on the “I agree” button placed on the warning banner.
Regarding “Third Party Cookies”
There are several reasons why it appears impossible to require a publisher to provide information on and obtain consent for the installation of cookies on his own website also with regard to those installed by “third parties”.
In the first place, a publisher would be required to always be equipped with the tools and the legal and business skills to take upon himself the obligations of third parties – thus, the publisher would be required to check, from time to time, that what is declared by the third parties corresponds to the purposes they are actually aiming at via their cookies.
This is a daunting task because a publisher often has no direct contacts with all the third parties installing cookies via his website, nor does he know the logic underlying the respective processing. Furthermore, it is not seldom the presence of licensees between a publisher and said third parties, which makes it ultimately highly difficult for the publisher to keep track of the activities of all the stakeholders.
Secondly cookies of third parties might be modified by the third parties over time and it would be impractical to ask publishers to also keep track of these later changes.
Furthermore it should be taken into account that editors – a category that includes natural persons and SMEs – are often the “weaker” party of this context. On the contrary, third parties are usually large companies that have a considerable economic weight and they generally work with several publishers so that one publisher may often have to deal with a considerable number of third parties.
Also for the aforementioned reasons it is believed that the publishers may not be requested to include also the notices relating to the cookies installed by third parties through the website of the publisher.
In case of non-acceptance of cookies