Italian cookie law and privacy issues

by Beatrice Bottoni


Cookie law is no doubt one of the hottest topics in 2015, raising many questions and sometimes causing a bit of confusion around the right use of cookies.

These apparently harmless small strings of text have been under the spotlights since the introduction of Cookie Law, an EU directive adopted by all countries in 2011; since then every country has made changes to this legislation. In Italy these changes were made by the Authority for the protection of personal data and were defined in the 8 May 2014 release. This action will become effective soon in Italy, starting from June.

But what are these cookies? What are they for? Why should I fear them?


Let’s start from the first definition: “Cookies are small text strings that the sites visited by the user send to his terminal (usually the browser), where they are stored before being re-transmitted to the same sites at the next visit of the same person.”

Cookies can be used for different purposes, such as the execution of an  authentication process, monitoring sessions, storing information about specific configurations about users accessing the server. Regarding this, we have to distinguish between technical and profiling cookies:

Technical cookies are used for “the transmission of a communication over an electronic network, or as strictly necessary for the provider to provide the service explicitly requested by the subscriber or user.” The kind of cookies are therefore required for the proper functioning of certain areas of the websites and to provide particular services. This category for example includes:

  • session cookies, which are used to store which items have been placed in the cart, remember that users have already logged on to our site so you do not constantly require their authentication;
  • analytics cookies are instead used by the website owner to collect aggregate information about the number of users and how they behave on the site;
  • functionality cookies, which allow the user to browse according to a set of selected criteria (for example, the language, the products selected for purchase) in order to improve the experience of browsing the site.

These cookies do not collect information allowing direct identification of the user. All information collected by these cookies, in fact, are aggregated and are used for technical analysis to improve the functioning of the site. As stated in the legislation, for the use of these cookies you are not required to have a prior permission from the user, while it remains compulsory for the owner of the site to provide a disclosure according to art. 13 of the Code, if it uses these devices, providing it most appropriate way considered.

Profiling cookiesare aimed at creating profiles related to the user and are used in order to send advertising messages in line with the preferences expressed while surfing the net.

This way you can send to users advertisements based on already displayed products / services (retargeting) and customize the e-mails sent to them still on the basis of the products displayed, maybe added to the cart and then abandoned or to perform upselling activities. These activities are permitted only if the user has expressively given his agreement.

All the attention is concentrated on these cookies, as a disclosure with information about cookies on the site is not enough – a short disclosure contained in a pop-up banner on the homepage must be presented to users accessing the website.  This banner should also include the request for permission to the use of cookies. The information must then be integrated with “extended” information about cookies, which can be accessed by the user through a clickable link.

“Users who want more information and differentiate their choices about the different cookies stored by the visited site, can access other site pages, containing in addition extended information, having the opportunity to express more specific choices.

We come now to the question … why all this fuss? If you do not fulfill these standards you can face rather costly penalties, so it is absolutely necessary to make the point about which types of cookies are used by your site and accordingly adapt it to provide information and ask for the users agreement.

It’s important to note that this legislation will clearly impact your site tracking –  if the user doesn’t agree with cookie policy you will not be able to collect the necessary data for profiling your visitors,such as age, gender, interests.

You can download here a document (Italian only) that provides guidelines to comply with the new legislation.