I am not a lawyer but not a clueless one either, one must adapt to avoid hassle and unnecessary waste of everyone's time, so I adopted this free service called COOKIE CONSENT. For all my websites and those of my clients.
The privacy policy and the new requirement by the Garante to include notice to users of the use of cookies, comes after transposing a European directive. As of June 2, 2015, it is a reality.
What are cookies
Cookies are information installed on the computer (or rather in the browser) of a website visitor, by the webmaster of the visited site. They can be of different types and nature, and perform different functions, depending on the case. In most cases they allow you to maintain an active connection to your favorite website, without having to always enter your user and password (e.g. Facebook), other times they are used for profiling and advertising purposes.
Basically, they serve to make life easier for users and help webmasters do their jobs better.
Are they evil? No, absolutely not.
There are different types of cookies, let's look at them very quickly.
They are the ones that allow you to keep a session open on a website, without re-entering user and password, they are the ones that measure visits (Google Analytics) or they are functional cookies, you think from an e-commerce where the user has identified favorite products, language choice, and other things...
If we want to follow the description of the Guarantor: "are aimed at creating profiles related to the user and are used for the purpose of sending advertising messages in line with the preferences expressed by the same in the context of web browsing."
For these we can identify those of Google Adwords and AdSense, remarketing cookies, and in general those of any platform that tracks users and measures their online habits.
None of these are able to trace the identity of the person, but they are only able to incorporate that profile into a larger cluster (set) of people, to whom advertising messages will, for example, be directed.
First-party cookies are those that your webmaster perhaps created especially for you. Somewhat uncommon situation, but still present. You have full responsibility here, and the Guarantor asks that you make a specific report to that effect, only to the users, but also to the institution (paying a fee, of course... and of course...).
But again... I have not and have never created a cookie myself, yet I have been developing web with my team for over 15 years...
Third-party cookies, on the other hand, are all those managed by other platforms (see examples above), and over which you do not have full control. You install them and use the results.
The law in effect since June 2, 2015 provides the following: "the storage of information in a contractor's or user's terminal equipment or access to information already stored shall be permitted only on condition that the contractor or user has given consent after being informed (...)."
It is required to publish a brief disclosure through a banner, such as you see here on Valerio.it and my other websites. Such a banner must provide:
- a warning about the use of profiling cookies, specifying that such cookies may also be transmitted by "third parties."
- A link to the page containing the extended information - cookie policy;
- The indication about the optionality of consent;
- An indication that continued browsing or interaction with the page (such as performing a scrolling of content or clicking on an element) involves giving consent to the use of cookies.
To make your life easier, I recommend COOKIE CONSENT. That allowed me in 10 minutes to have everything I needed.
The banner should contain a link to the policy, which should provide information about the cookies installed and how to remove them. It is possible to install a technical cookie so that the visitor does not see the banner again after he or she has approved it, either explicitly by clicking on the button, or by concluding behavior by continuing to browse the Web site.
The Privacy Policy for Online Business
This is not new, but since many have never adopted it, and may now end up under scrutiny because of the cookie law, it is time to remedy it. The privacy policy is the regulation that you, webmaster, adopt towards your visitors especially when you explicitly request their data: surveys, newsletter subscriptions, contests, user or customer profiles, etc...
The following is essential:
- Have a clear, understandable privacy policy linked to all your pages;
- forcing the user to put a checkmark on each operation of entering their data, giving consent is therefore a key step;
- specify in the policy how you will use this data;
- say who you are, as the person in charge of data processing, providing your first name, last name, address, email, vat or c.f. and whatever is needed to identify you;
- Explain what procedures should be followed to request, by the user, that his or her data be removed from the archives.
There is also Iubenda (for a fee)
Iubenda is a Web site that resells an essential service for anyone with a Web site. Using a very simple system of choices (answer a few simple questions), it can generate a privacy policy in perfect legalese that you can insert into your website with a copy-paste of the code or even, without even wasting that much time, provide you with a link to a page of theirs reserved for you (yes they do policy hosting for you), so all you have to do is insert the link to your menu item, and you're done.
After creating the privacy policy you can integrate it with the cookie policy. Virtually all third-party web services (Google Adsense, Adwords, Analytcs, all social, all email marketing systems...) are present, and you can insert them without difficulty. Search for the name of the service and click, Iubenda takes care of everything: description, warnings, legal notices, options to delete that specific cookie... everything in short.
In addition to the policy you are also provided with a simple script to make the banner appear.
Just copy-paste it into your site's code, and you're done. Then if you use WordPress, there is a plugin that does all the dirty work for you.
What to choose for the Privacy Policy
You can opt for several options, including contacting a lawyer who specializes in the matter privacy or one of the many consulting firms working in the field.
If you don't yet have a particularly active online business, I recommend that you don't invest too much money on the subject, but by all means adapt.
By searching online you can find solutions, templates and applications that can easily help you, even free of charge.