Schedule a demo
Login to console
  • Cookie banner

The Italian Garante's new Guidelines on the use of cookies: 6 months to become compliant

October 28, 2021 by Chiara Saullo

The Garante has published, on 10 July 2021, their new Guidelines on cookies and other tracking tools. The purpose of these Guidelines is to ensure that all websites comply with the General Data Protection Regulation (GDPR) and the ePrivacy Directive. Companies have until January 10, 2022 to make their banners compliant, after which they may face significant fines. Find out in this article how Didomi can help you.






What is the role of the new Garante Guidelines?


The role of the new cookies Guidelines is to specify the correct methods for providing information and acquiring user consent online.


The Garante had already launched on December 10, 2020 a public consultation on its Guidelines' draft about cookies, but have now released their official Guidelines, with a compliance deadline for 6 months time. 


Garante's intervention is due to the sometimes incorrect implementation of these regulations, especially considering the increase of users' browsing experiences and new technologies.


Would you like to discuss this topic with an expert in Italian data protection guidelines? Book a call with us.


Schedule a demo


A Garante Guidelines’ overview on the use of cookies


Before we dive into the subject, we would like to remind you what cookies and other tracking tools are. Cookies are strings of text that appear on the main screen of a website ("first party") and ask for the consent of the user, i.e. different websites ("third parties"), to process their personal data. 


Here are the new Garante Guidelines on the use of cookies:


  1. Integrating the banner with additional information


  • The banner must ask the user whether they wish to accept all cookies or other tracking technologies. 

  • The user's personal data storage period must be specified. 

  • The banner must contain a link to the privacy policy. 

  • The user must be able to give/withdraw consent granularly according to purposes and providers.

  • Withdrawing consent should be as easy as giving it, an edit link should be available to users in case they want to change their consent.

  • A simple and accessible language should be used. 


  1. Reinforcing consent 


  • If the user gives his/her consent to data processing, the act must be "free, specific, informed and unambiguous" according to the GDPR. 


  1. Complying with the principles of privacy by design and by default 


  • The user's personal data must be controlled by means of a banner which, by default, only processes the personal data necessary to fulfill a specific purpose. 

  • Furthermore, in order to acquire consent, the banner must contain an "X" in the top right-hand corner that allows the banner to be closed without having to give consent to the use of cookies or other profiling techniques, thus maintaining the default settings.


  1. Methods of collecting consent 


  • Scrolling does not represent, except in rare cases, a clear, affirmative positive action on the part of the user. Therefore, scrolling does not equal valid consent.  

  • Cookie walls are unlawful, except when the site offers the user the possibility of accessing without giving consent to the installation and use of cookies.


  1. Validity of already collected consents 


  • Consents collected before the publication of the new Garante Guidelines on cookies, if they comply with the characteristics required by the Regulation, are valid as long as, at the time of their acquisition, they have been recorded and can therefore be documented. In general, the banner may not be shown to users before 6 months have passed since the consent was collected.


The deadline for compliance with this new regulation is in 6 months time (so before the end of 2021). If your company is not compliant, get in touch with one of our experts now. We will be delighted to help you! 


Schedule a demo


How Didomi can help you become compliant


Didomi clients do not have to worry about evolving compliance regulation: we take care of it. 


We create cookie banners that are 100% compliant with the new Garante Guidelines, without sacrificing performance or data visibility. Indeed, besides being a legal requirement, banners also represent a strategic opportunity. 


Didomi's Consent Management Platform (CMP) allows you to easily manage and optimise the user consent collection across all your channels (web, mobile, app, etc.).


Didomi's CMP on mobile - compliant without compromising performance


Discover our CMP


Below you will find an example of a compliant, high-performing banner from one of Didomi's customers, Michelin. With a design that complements the brand colours, Michelin's banner certainly doesn't go unnoticed! It is compliant because scrolling is not accepted, it clearly presents a button to refuse on the top right corner of the banner and a link to a dedicated area where you can manage your choices.



If you want to see more examples of compliant cookie banners, you can read our article here


So, the benefits of a Consent Management Platform (CMP) are several: 


  • It easily manages and optimises user consent collection across all your channels

  • It is GDPR and Garante (or any other local data protection authority) compliant

  • It is performant 

  • It is customizable

  • It is compatible on multiple devices (web, mobile, app, etc.)


Start the installation process today with one of our GDPR and Garante experts and benefit from an effective, compliant and performant CMP! Remember, you have until January 10, 2022 to make become compliant.


Schedule a demo


Related articles