Italy's data protection authority (DPA), the Garante, has announced its finalized guidelines on cookies and tracking technologies. The Garante’s guidelines, first released as a draft in December 2020, stipulate the means by which organizations may obtain customer consent, and what they can do with it.
The Garante based their update of existing 2014 guidelines on both EU privacy regulations and the growing use of what they consider “particularly invasive trackers.”
Site owners will have 6 months to comply with the principles contained in the Guidelines. Read on for a breakdown of the Garante’s new guidelines.
Serious About Default Opt-Out
The Garante has mandated that any mechanism for acquiring consent must ensure that—by default—no cookies or tracking tools other than technical ones are enabled at the time of a user’s first access to a website. That means no tracking cookies may be fired before the user explicitly expresses their consent to do so.
The Garante’s Banner Guidelines
The Garante also clarified its guidelines on consent banners, tracing the familiar guidelines of the GDPR, under which a banner must be clearly distinguishable on the web page and offer users the possibility of continuing without being tracked (opt-out).
The Garante specifically stipulates that if a user clicks an [x] button to close a consent banner, an opt-out should be assumed, and the user should not be tracked in any way.
On a similar note, the Garante specified that a user quickly scrolling or swiping away from a consent banner does not represent “a suitable manifestation of consent,” and should be treated as an opt-out.
Cookie Walls and Persistent Consent Requests
Site owners are also forbidden from resubmitting a consent banner to users who denied it at each new access to the website. The user’s choice to opt-out must be duly recorded, and no longer solicited. Exceptions are made for situations in which the “conditions of processing significantly change,” or when 6 months have passed.
How Ensighten Can Help
As guidelines and regulations continue to evolve, marketers and site owners must remain vigilant in updating and maintaining compliance. Ensighten offers organizations a solution to help build a fully compliant website and simplify compliance with the GDPR, CCPA, LGPD, and many more laws and frameworks.
With Ensighten Consent Management Plus (CMP+), you can set up customizable consent banners for and give your customers a clear-cut choice on how their data is used, or whether it is collected at all.
Ensighten CMP+ offers real-time enforcement, so user preferences are applied instantaneously, and no cookies or tracking measures are fired before consent is given.
And it’s easy to use. Our low-code, zero-integration deployment means Ensighten CMP+ can be added to every iteration of your website with a simple line of code.
You can also use Ensighten to perform a full audit of your website—up to 5000 pages—so you can understand which cookies and tracking technologies are in use, and identify potential security or compliance issues.
Request a demo today to see how Ensighten can help your organization stay compliant with evolving regulations worldwide.
Founded in 2009, Ensighten is the global cybersecurity leader providing client-side protection against data loss, ad injection, and intrusion while enhancing website performance.