On July 10, 2021, the Italian Data Protection Authority (the Garante Privacy) approved new guidelines for the use of cookies. We created this guide to help you understand what has changed and how to meet the requirements with minimal effort (compliance required by January 10, 2022).

In Brief

• Applicability: If you or your users are based in Italy, these requirements apply to you.
• Cookie banner
  • “Accept” and “Reject” buttons are mandatory.
  • Users must be able to make granular choices regarding functionalities, third parties, and categories of cookies to install (while leaving the implementation details to the service provider, the guidelines suggest that grouping options is a suitable way to meet this requirement).
  • Users must be able to update their tracking preferences at any time.
• Consent Collection
  • Consent via simple scrolling is no longer valid.
  • Cookie walls are not allowed.
• Validity of User Consent Preferences: After asking for consent the first time, at least 6 months must pass before asking again.
• Statistical (Analytics) Cookies:
  • First-party statistical cookies can be installed without user consent (and without prior blocking).
  • Third-party statistical cookies can be installed without user consent (and without prior blocking) only under certain conditions.
• Proof of Consent: You need a cookie preference log to demonstrate that valid consent has been obtained according to GDPR standards.
• Legal Basis for Cookie Use Beyond Consent: Legitimate interest does not constitute a valid legal basis.
• Deadline: Compliance is required by January 10, 2022.