Cookie management-related definitions and legal references: everything you need to know
See key definitions related to cookie management and consent collection, delving into legal references and regulatory compliance.
14-day free trial | No login information required | Cancel anytime
What are cookies?
Cookies are files used by web applications to store and retrieve information. They are files that contain information used at that time or later times to make choices by sites.
Let’s take an example: while browsing the site that sells your favorite T-shirts, you indicate that your size is small. This information may be recorded (in a cookie) for future use. When, after 1 month, you return to that site, you are no longer asked to choose your size because the site already knows: it is small. Imagine this potentiality made much more sophisticated and technologically advanced, these are cookies today. So when you open Google and searching for “new car” you will be presented with only those with four-wheel drive (which are your favorite!) don’t think there is magic: it is because somewhere, on some site, you have expressed your preference. From that moment many sites can share that information and make your browsing more personal, more intimate, designed around your preferences and expectations.
This is the purpose of cookies, but of course, as is often the case, everything can be used the right way and the wrong way. Precisely to protect you, lawmakers have established some very precise rules on the use of cookies by those who create sites. And that is precisely why CookieMan, the platform that manages the cookies of the sites you visit, exists: to give you the security of proper management of the whole process.
The main definitions
Personal Data (or Data)
Personal data is any information that, directly or indirectly, including in conjunction with any other information, including a personal identification number, makes a natural person identified or identifiable.
Main categories of personal data
They are part of this category of data:
- Genetic data: personal data relating to inherited or acquired genetic characteristics of a natural person that provide unambiguous information about the physiology or health of that natural person, and that result in particular from the analysis of a biological sample of that natural person
- Biometric data: personal data obtained by specific technical processing relating to physical, physiological or behavioral characteristics of a natural person that enable or confirm his or her unique identification, such as facial image or dactyloscopic data
- Health-related data: personal data pertaining to a natural person’s physical or mental health, including the provision of health care services, that reveal information about his or her health status
Any free, specific, informed and unambiguous manifestation of will by which the data subject indicates his or her consent, by means of a statement or unambiguous affirmative action, that personal data concerning him or her be processed.
Treatment
Any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data.
Data controller
The natural or legal person, public authority, service or other body which, individually or jointly with others, determines the purposes and means of the processing of personal data.
Identified usually as the visitor who uses the application in the sense you website or application in general. Usually coincides with the Data Subject.
The data subject is, in a nutshell, the natural person to whom the personal data being processed relates.
Any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, particularly to analyze or predict aspects of that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
This is the information collected automatically through the site or in general by the application you are using (including by third party applications integrated into the site/application), including: the IP addresses or domain names of the computers used by the User when connecting, the addresses in URI (Uniform Resource Identifier) notation, the time of the request, the method used in forwarding the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc..) the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (e.g. the length of time spent on each page) and the details of the itinerary followed while using the Application, with particular reference to the sequence of pages consulted, the parameters relating to the User’s operating system and computer environment.
What must a site have to be in compliance?
Privacy and Cookie Policy
Must be prepared and made available to the visitor the Privacy Policy the Cookie Policy in which the Data Controller must explain what processing it performs with the site, what the purposes are, and why these treatments are made lawful (legal basis).
ePrivacy Regulation
Each relevant market has its own directive to regulate compliance in relation to cookie management. In the European Union, it is necessary to display a directive-compliant banner and allow the visitor to decide which processing can be put in place and which cannot, acquiring consent and recording it so it can later be shown as evidence.
Terms and Conditions
In many cases (e-commerce, service provision, appointment management, etc.), it is necessary to prepare a document stating the terms and conditions of use of the service to make it clear to the visitor what his or her rights and obligations are.
The Owner (i.e., website owner) must be able to demonstrate that it has acquired consent when it implements processing that relies on that legal basis.
Italian regulations
In Italy, and generally throughout the European Economic Area (EEA), regulations are quite stringent. This is all to the benefit of users, ensuring that their data are processed in a conscious and transparent way by Data Controllers.
In particular, what must be taken as a reference on the processing of personal data, not only for those put in place through websites, is the General Data Protection Regulation (GDPR), also known by the acronym GDPR, which stands for the same thing in the English version: General data Protection Regulation (2016/679) that came into force in May 2018. This Regulation regulates in detail how data processing is to be put in place and therefore also has an impact in processing involving websites.
In contrast, the ePrivacy Directive (or Cookie Law) is a set of rules intended specifically for processing put in place via websites or mobile apps.
