The new regulation on cookies in GDPR

The regulation on cookies, similar tracking technologies and the monitoring of our personal data are  themes particularly important in the latest General Data Protection Regulation no. 679/2016 (GDPR).

Cookies are nothing more than text files sent from a website to the computer of the user visiting it. Cookies were developed as tools to improve web surfing, but then they were used by companies to identify, recognize and classify the user (the so-called profiling cookies) in order to create personal advertisements on every website.

With the entry into force of GDPR on May 25, 2018, cookies’ type of treatment, for which already exist specific EU regulations and provisions, such as the so-called Cookie Law, the Guide Lines of EU Guarantees on the consent and operability of cookies and the General Provision of Guarantee on the simplified measures for the information document and consent’s acquisition, will be modified.

So the consent will suffer the most significant changes: from the joint provisions of article 7, first paragraph and article 30 of GDPR, the consent shall be expressed through a positive act with which the person shall express his free, specific, informed and unequivocal intention to accept the treatment of personal data concerning himself. This means that the only positive conduct will be to select a specific technical setting among the options of the browser or on the denial of the cookies.

One of the new obligations required by GDPR provides a series of opt-out mechanisms for the annulment of the consent, that shall be as clear and effective as the methods used to acquire the consent. Technically, every website shall set a control panel for the user in order to select or deselect every single cookie.