Share This Article
New Italian privacy cookies rules will come into force on the 2nd of June 2015 requiring relevant technical andย content changes to ecommerce, gaming, news, etc.ย Internet sites.
I had covered in this blog post the approval by the Italian privacy authority of the guidelines on the usage of cookies that granted one year to Internet operators to put them in place.ย Now the one year term is almost expired and the new cookies rules will come into force on 2 June 2015.
New cookies privacy obligations
I had alreadyย discussed in this blog post the main obligations set forth by new Italian cookies regulations that change depending on whether technical, profiling or third parties’ cookies are used. ย The general principle is that users should give their prior consent to the usage of cookies, but the modalities in which such consent is givenย have beenย differently addressed by the privacyย authority on the basis of the type of cookies used (e.g. technical cookies vs. profiling cookies) and whether they are operator’s cookies or third parties cookies.
In this respect, it is good to mention that Italian rules on cookies are based on the EU Privacy Directives, but the guidelines from the Italian data protection authority on cookies introduced obligations quite different from those adopted in other jurisdictions.
Additional obligations in case of profiling
I willย touch it in more details in another blog post, but the Italian privacy authority also published new guidelines on profiling activities on the Internet which impact also the usage of profiling cookies requiring, among others,
- a much higher level of transparencyย in theย privacy informationย notice,
- the prior consent from users and
- data retention rules compliant with the principle preventing to store data for longer than necessary to pursue the purposes of the data processing.
But this is not all, since if users’ preferences are somehow profiled through cookies, survays, fingerprinting or other tools, Italian privacy law requires also a prior notification to the privacyย authority of such data processing.
Relevant sanctions for breach
Based on our experience, the Italian privacy authorityย is becomingย very active in challenging the lack of compliance with privacy regulations, also running audits and investigations at operators’ premises.ย And theย โฌ 1 million fine issued against Google in 2014ย is a further confirmation of that.ย But privacy compliance will become even more relevant with the new EU privacy regulation that will increase the potential fines up to 5% of the global turnover.
Theย new approach from the Italian privacy regulator of scrutinizing compliance, but at the same timeย trying to “negotiate” practical ways of ensuring it is also the basis on which the Internet of Things privacy consultation has been launched.
Online operators have only a few days left to comply and should not waste them!
