I am not a lawyer but not a clueless one either, one must adapt to avoid hassle and unnecessary waste of everyone's time, so I adopted this free service called COOKIE CONSENT. For all my websites and those of my clients.
What are cookies
Cookies are information installed on the computer (or rather in the browser) of a website visitor, by the webmaster of the visited site. They can be of different types and nature, and perform different functions, depending on the case. In most cases they allow you to maintain an active connection to your favorite website, without having to always enter your user and password (e.g. Facebook), other times they are used for profiling and advertising purposes.
Basically, they serve to make life easier for users and help webmasters do their jobs better.
Are they evil? No, absolutely not.
There are different types of cookies, let's look at them very quickly.
They are the ones that allow you to keep a session open on a website, without re-entering user and password, they are the ones that measure visits (Google Analytics) or they are functional cookies, you think from an e-commerce where the user has identified favorite products, language choice, and other things...
If we want to follow the description of the Guarantor: "are aimed at creating profiles related to the user and are used for the purpose of sending advertising messages in line with the preferences expressed by the same in the context of web browsing."
For these we can identify those of Google Adwords and AdSense, remarketing cookies, and in general those of any platform that tracks users and measures their online habits.
None of these are able to trace the identity of the person, but they are only able to incorporate that profile into a larger cluster (set) of people, to whom advertising messages will, for example, be directed.
First-party cookies are those that your webmaster perhaps created especially for you. Somewhat uncommon situation, but still present. You have full responsibility here, and the Guarantor asks that you make a specific report to that effect, only to the users, but also to the institution (paying a fee, of course... and of course...).
But again... I have not and have never created a cookie myself, yet I have been developing web with my team for over 15 years...
Third-party cookies, on the other hand, are all those managed by other platforms (see examples above), and over which you do not have full control. You install them and use the results.
The law in effect since June 2, 2015 provides the following: "the storage of information in a contractor's or user's terminal equipment or access to information already stored shall be permitted only on condition that the contractor or user has given consent after being informed (...)."
It is required to publish a brief disclosure through a banner, such as you see here on Valerio.it and my other websites. Such a banner must provide:
- a warning about the use of profiling cookies, specifying that such cookies may also be transmitted by "third parties."
- The indication about the optionality of consent;
To make your life easier, I recommend COOKIE CONSENT. That allowed me in 10 minutes to have everything I needed.
The banner should contain a link to the policy, which should provide information about the cookies installed and how to remove them. It is possible to install a technical cookie so that the visitor does not see the banner again after he or she has approved it, either explicitly by clicking on the button, or by concluding behavior by continuing to browse the Web site.
The following is essential:
- forcing the user to put a checkmark on each operation of entering their data, giving consent is therefore a key step;
- specify in the policy how you will use this data;
- say who you are, as the person in charge of data processing, providing your first name, last name, address, email, vat or c.f. and whatever is needed to identify you;
- Explain what procedures should be followed to request, by the user, that his or her data be removed from the archives.
There is also Iubenda (for a fee)
In addition to the policy you are also provided with a simple script to make the banner appear.
Just copy-paste it into your site's code, and you're done. Then if you use WordPress, there is a plugin that does all the dirty work for you.
You can opt for several options, including contacting a lawyer who specializes in the matter privacy or one of the many consulting firms working in the field.
If you don't yet have a particularly active online business, I recommend that you don't invest too much money on the subject, but by all means adapt.
By searching online you can find solutions, templates and applications that can easily help you, even free of charge.