Have you ever entered a website finding a cookie consent banner asking you to "accept cookies"?
In addition, most sites do not display their contents unless you accept the cookie policy, at least customizing it.
But what are cookies? And why do you need to accept them?
Do not worry: this article will help you clarify what they are, what they are for, and why they are indispensable for your website.
Cookies
The connection between the delicious, sweet cakes and the digital term is unclear. What is certain is that the use of this word in the ICTs derives from the expression "magic cookie", already in use in the 80s in the Unix environment (a multi-user operating system most used for high-level and centralized data processing systems).
Cookies are short text files the visited website saves on the user's computer or mobile device to provide the site with information regarding the user's browsing activity on its pages.
How do cookies work?
Every time we visit a website, it exchanges with the browser (Google, Firefox, Safari, etc.) important information: both personal data, such as the IP address of the device used, login information to the account (if we log to the site) or our email address, and non-personal information, such as preferred language, the pages visited, geographical location, and much more.
In short, when giving consent to cookies, the browser stores data and transmits them back every time the user visits the website they belong to, keeping track of the user's browsing history.
In doing so, webpages can load faster and simplify future visits making the website more useful and easier to browse. For instance:
- they prevent the user from entering their username and password again;
- they keep track of the items added to an online shopping cart;
- they save the information entered when filling out a digital form.
Types of cookies
There are different types of cookies, classified according to several factors.
According to how long they stay on the device, we can have:
· session cookies expire or are deleted when the user closes the web browser;
· persistent cookies can remain stored on the user's computer from 30 to 365 days, depending on the lifespan set by its creator.
Based on their creator:
· first-party cookies are directly created by the visited website, which is the only one that can read them;
· third-party cookies are generated by websites different from the web pages users are currently browsing, such as ads, retargeting services, and social buttons (e.g., the Facebook like button) to submit personalized advertisements to the user. Both the site that uses them and the one that created them can read these cookies.
Finally, based on their purpose, we have:
· technical cookies, essential for the website to retain the user's preferences and make browsing faster;
· profiling cookies, used to create user profiles based on personal choices and behaviors for marketing purposes.
There is a fundamental difference: technical cookies do not need the user's permission to be installed on their device, as they allow browsing the site, while profiling cookies require the consent of the users to be used, since they relate to their personal data.
Why are they useful to your website, and what are the risks?
For those who own a site, cookies are essential and offer a plethora of benefits:
· they offer the user an easy and fast browsing experience, resulting in reputation improvements and, probably, increasing accesses or sales;
· by storing and classifying the user's browsing history on your site, they allow you to carry out a more detailed targeting. This way, you can show visitors the ads that might interest them the most, thus increasing your chances of selling.
However, if poorly managed, cookies have implications that can prove problematic:
· as they store sensitive data, hackers might target cookies to steal their data;
· they may violate users' privacy (which is why third-party cookies no longer exist).
What is a Cookie Policy, and what is its purpose?
Cookies are essential as they are part of a wider data management system that does not only concern the online side but also the physical side of a company: Privacy Policy. As it has to do with the rules to manage all the contacts with which the company maintains relationships in its life, it requires care and attention.
The Data Protection Officer is a key figure in both private and public companies. The DPO has legal, ITC, risk management and process analysis skills and evaluates and organizes the processing of personal data to guarantee its protection in compliance with national and European privacy regulations.
The DPO can be an internal figure to the company or an external consultant: NitAGE collaborates with experts in the sector who can support you against the risks, control the activities carried out, and discuss with the assessors during controls.
In the framework of a consistent and compliant Privacy Policy, your Professional cookie Policy needs to be:
· continuously up to date: our legal experts work to adapt your site's policy to changes in both national and international legislation;
· available in multiple languages so that as many visitors as possible can understand it. NitAGE provides a different Privacy Policy for each language;
· written by a legal team: NitAGE uses certified cookies services;
· customizable: NitAGE uses certified services that ensure compliant privacy policy, integrated, and well configured on your website.
Who regulates the use of cookies?
The European Union regulates the use of data by websites, companies, and service providers, how they are authorized to treat data, and the purposes of their usage with the EU Regulation 2016/679, the General Data Protection Regulation (GDPR). Specifically, the use of cookies is regulated by Articles 13 and 14.
In each country, the policy on cookies and privacy is regulated by a specific body that monitors the use of personal data. In Italy, an independent administrative authority supervises the protection of personal data: the Italian Data Protection Authority. Among its various tasks, it verifies that data processing complies with the EU regulation.
What has changed since January 2022?
Starting from January 10, 2022, the new guidelines that the Data Protection Authority approved in July 2021 have come into force. These guidelines define new categories of cookies, grouping their purposes:
1 Strictly necessary:
- Backup saving and management
- Hosting and backend infrastructure
- Managing landing and invitation pages
- Platform services and hosting
- SPAM protection
- Traffic optimization and distribution
- Infrastructure monitoring
- Handling payments
2 Basic interactions and functionalities:
- Contacting the User
- Interaction with live chat platforms
- Managing web conferencing and online telephony
- Managing support and contact requests
- Interaction with support and feedback platforms
- Tag management
- Registration and authentication
- User database management
3 Experience enhancement:
- Content commenting
- Interaction with data collection platforms and other third parties
- Displaying content from external platforms
- Interaction with external social networks and platforms
- Interaction with online survey platforms
- RSS feed management
- Social features
4 Measurement:
- Analytics
- Beta testing
- Content performance and feature testing (A/B testing)
- Heat mapping and session recording
- Managing data collection and online surveys
5 Targeting cookies
- Advertising
- Advertising service infrastructure
- Commercial affiliation
- Managing contacts and sending messages
- Remarketing and behavioral targeting
What to do to comply with the new policy
> for technical cookies, it is necessary to provide users with the privacy statement, but it is not mandatory to ask for their acceptance;
> for profiling cookies (which collect data), it is compulsory to ask the user for consent to the installation. The user can consent or deny the use of cookies by the site or can choose which cookies to install.
Roma | Catania | Torino
[email protected]
