What are cookies?
Cookies are small text files that the visited websites of users send information to their terminals (normally to the browsers) where information is saved to then be transferred to the same website on the next visit by the same user. During the browsing on a website, users may also receive on their terminals cookies that are sent by different websites or web servers (so-called “third party cookies) which may contain several elements (such as, images, maps, sounds, specific links to pages of other domains) present on the website that the users are visiting.
What are cookies for?
Cookies that are normally present in browsers of users in a high number and often with persistent characteristics, are used for different purposes: information authentication, monitoring of sessions, saving information on specific configurations regarding users who access the server, etc.
In order to achieve a proper regulation of said devices, we must distinguish them as there are no technical characteristics that differentiate one from the other based on the purposes to be achieved by those who used them. The legislator has taken this direction and has implemented the provisions set out in the Directive 2009/136/EC, establishing the obligation to acquire a prior, informed consent form users to install the cookies used for purposes other than those purely technical (see article 1, paragraph 5, letter (a)) of Legislative Decree 69 of 28 May 2012 that amended article 122 of the Code).
To that end and for purposes of this proceeding, the following two macro categories are identified: “Technical” Cookies and “Profiling” Cookies
“Technical” Cookies
Technical cookies are those used only for the purpose of “transferring a communication on an electronic communication network or to the extent strictly necessary to provide a service of the IT firm expressly requested by the subscriber or user in order to render that service” (see article 122, paragraph 1 of the Code).
They are not used for additional purposes and are normally installed directly by the owner of the website operator. They can be divided into browsing or session cookies and guarantee a normal browsing and use of the website (for example, allowing users to purchase or authenticate themselves to access reserved areas). Analytics cookies are similar to technical cookies used directly by the website operator to gather information in aggregate form on the number of users and on how they browse the website. Functional cookies allow users to browse based on a series of selected criteria (for example, language, selected products for purchase) with the purpose of improving the services provided to them.
The installation of said cookies does not require the prior consent of users; however, they must be informed of the information notice provided pursuant to article 13 of the GDPR EU 679/2016 where the website operator can provide the most appropriate methods only if said devices are used.
Profiling Cookies
Profiling cookies are aimed a creating profiles regarding the user and are used with the purpose of sending advertising messages based on the preferences expressed by the user while browsing in the network. Given the special invasive nature of said devices towards the privacy of users, European and Italian regulations require for the user to be properly informed on their use and in this way grant their own valid consent.
Article 122 of the Code refers to said cookies and states that “Saving information in the terminal of a contracting party or user or accessing information that is already saved are only allowed on the condition that the contracting party or user expresses its consent after been informed based on the simplified methods envisaged in article 13, paragraph 3″ (article 122, paragraph 1 of the Code).
Editors and “Third Parties”
Another aspect to consider for purposes of a correct definition of the matter under discussion, is the subjective aspect. Therefore, we must take into account of the different entity that installs the cookies on the user’s terminal, depending on whether it is the website operator of the user visiting the website (which can be specified in short as the “editor”) or a different website that installs cookies through the former (so-called “third parties”).
On the basis of the findings of the public consultation, it is considered necessary for said distinction between the two entities mentioned above to be taken into account for purposes of correctly identifying the respective roles and the respective duties with reference to issuing the information notice and acquiring the consent from users online.
There are multiple reasons for which it is not possible to assign the editor the obligation to provide the informative notice and acquire the consent to install the cookies for its website, even for those installed by “third parties”.
First of all, the editor must always have instruments and legal and economic resources to fulfil the obligations of third parties and must therefore be able to ensure the consistency of what is declared by third parties and the purposes that are actually pursued with the use of the cookies every time. It is very difficult given the fact that the editor often does not personally know all the third parties that install the cookies through its website and therefore not even the logic behind the respective processing. Moreover, it is not rare for persons with the role of concessionaries to come between the editor and third parties and therefore it is very difficult for the editor to monitor the activities of all the involved subjects.
Third party cookies could then be modified by third party suppliers over time and it would not be efficient to ask editors to keep track of these subsequent changes.
We must also take into account the fact that often editors that also include natural persons and small businesses, are the “weakest” part of the relationship. If third parties are normally large companies with substantial economic burden, normally more editors are required and could even be very numerous with respect to a single editor.
It is therefore considered that even with respect to the above reasons, the editor cannot be bound to include on the home page of its website, the information notices regarding the cookies installed to use through third parties. Furthermore, this would result in a general lack of clarity of the information notice issued by the editor and at the same time make it extremely difficult for the user to read the document and thus understand the information contained therein and in this way losing the simplification purpose envisaged in article 122 of the Code.
Likewise, as far as the acquisition of the consent for profiling cookies, as due to the above reasons keeping different the respective positions of editors and third parties, it is necessary to consider that the editors with which users will establish a direct relationship by accessing the respective website, must assume a dual role.
In fact, from one part said persons are data controllers as the cookies directly installed from their website; on the other part, as there cannot be a joint ownership with third parties for cookies that they install through themselves, it is correct to consider them as a sort of technical intermediaries between them and the users. Therefore, it is in this role that as you can see hereafter, they are called to take part in this resolution with reference to issuing the information notice and acquiring the consent from users online with respect to third party cookies.
Blocking Third Party Cookies
Block Third Party Cookies
Third party cookies are not generally essential for browsing; therefore, they can be refused by default using the provided functions of your browser.
Activate Do Not Track option
The Do Not Track option is available in most latest generation browsers. Websites are designed to comply with this option when activated and must automatically stop gathering some of your browsing data. However, as previously mentioned, not all websites are configured in a way to comply with this option (at their own discretion).
Activate “Anonymous Browsing”
Use this function to browse without leaving track of your browsing data. Websites will not remember you, the pages that you visit will not be saved in the history and new cookies will be deleted.
The anonymous browsing option does not however guarantee anonymity in the internet because it is only used to not retain browsing data, but your browsing data will continue to be available to website operators and network providers.
Delete cookies directly
There are special functions that can be used to delete cookies in all browsers. Nevertheless, keep in mind that new cookies are downloaded every time you get connected to the internet; therefore, cookies should be deleted periodically. Otherwise, some browsers offer automated systems to delete cookies.
Practical Guidelines
Blocking Cookies on Safari
Blocking Cookies on Chrome
Blocking Cookies on Firefox
Blocking Cookies on Opera
Blocking Cookies on Explorer