1. Home
  2. /  
  3. In evidence
  4. /  
  5. Cookie compliance & GDPR/ePrivacy

Cookie compliance & GDPR/ePrivacy

GDPR: What is it?


Its purpose is to regulate the methods of collection, processing and storage of personal data of European Union citizens by any company that must adhere to the requirements of the law, such as privacy by default and by design, the mandatory notification of violations, technical and organizational security measures to protect data. The GDPR therefore guarantees EU citizens broader rights in controlling and accessing their data, such as the right to be forgotten, data portability and the right to rectification. It also provides guidelines for data transfers abroad outside the EU.

Sanctions envisaged

  • Violations that provide for a fine of up to 10 million euros or up to 2% of the turnover of the previous year for companies (to be understood as a group) that, for example, do not communicate a data breach to the Guarantor Authority, violate the conditions on the consent of minors or unlawfully process the personal data of users;
  • Violations that provide for a fine of up to 20 million euros or 4% of turnover for businesses in cases, for example, of illegal transfer of personal data to other countries or non-compliance with an order imposed by the Guarantor.

New directives: Cookies and future developments, the new ePrivacy regulation


New directives: Cookies and future developments, the new ePrivacy regulation What characteristics should the banner for managing cookies have?

The banner must have these characteristics:
  • An X at the top right corner of the banner.
  • Indication that the site uses technical cookies and, with the user’s consent, profiling cookies or other tracking tools, indicating the related purposes (brief information).
  • The link to the privacy policy containing the complete information, where at least all the information referred to in Articles 12 and 13 of the GDPR.
  • A private area to manage categories.
  • A button to accept all cookies.

To ensure that users are not influenced by a configuration of buttons and colors that may induce them to unwittingly prefer one option over the other, the Guarantor stresses the need to use commands and fonts of equal size, emphasis and colors, which are equally easy to view and use.

After the user has expressed his preferences, the banner should not be repeated in subsequent accesses for a period of at least 6 months. This unless the conditions of data processing have changed significantly, or if it is impossible for the website operator to keep track of the user’s choice (for example if the latter has deleted the cookies).


New ePrivacy regulation

On February 10, 2021, the European Council approves a text on E-Privacy that will be the subject of discussion with the Parliament. From the moment the E-Privacy Regulation enters into force, it will take two years for it to become applicable.

It means that if the ok from the European Parliament were to arrive by the end of 2021, the legislation will be operational no earlier than 2023.

E-Privacy will also protect legal persons.

 

The territorial applicability of the Regulation will be the same as the GDPR, so it will apply not only to European companies, but also outside the borders of the Union. This is a fundamental point, which we will take up again below, but for now, it is important to know that E-Privacy will regulate some large international players, which for now have remained out of the game (read Amazon and Facebook, for example). One of the needs therefore is to extend the rules also to the Over the Top – the OTTs are Google, Amazon, Facebook … – companies that provide content and services through the network and that did not fall under Directive 2002/58 / EC. With E-Privacy, the rules will also apply to OTT, the IoT (Internet of Things) and the M2M (Machine to Machine) world.


The “goal” for the EU community with the new regulation:

Give an evolution to the GDPR and protect the confidentiality of interpersonal communications at a higher level. This aspect must be according to the European Council protected at all levels, regardless of the channels used.


Do you want to find out more? Do you need to know if your site meets the requirements of the EU directives? Contact us for a free analysis, we will provide you with all the tools and professional advice to make your online work tools “compliance”.

 

 


Alessandro Sester
Web Project Manager
@ Starsystem IT



Pubblicato il 31 August 2022

Condividi: