What are cookies?
Cookies are small text files that websites visited by users send to their terminals (usually to the browser), where they are stored and then transmitted back to the same sites on each subsequent visit via the same terminal.
What types of cookies exist?
This is the most common type and its duration is limited: it is activated when the user arrives at a website and is deleted when the user leaves the site. Its purpose is to recognize the user navigating between pages on the site, so that the system knows that it is always the same person. These cookies do not cause any problems for the user’s privacy, as they are deleted as soon as the user leaves the sit closes the browser window; the user’s consent is not required for their use.
This is a cookie that is deleted from the device used by the user only after a certain period of time, which can last up to years. As long as it is active, it is recognized by the system so it can be understood that the surfer has returned to the site visited previously. As a result, it is possible to personalize the web page, for example with a welcome message, or by displaying advertisements that call up the same products as previously displayed, to entice the user to purchase.
Original, or first-party, cookies, which are the cookies sent to your browser directly from the site you are visiting. They can be either session or persistent and are managed directly by the website manager.
These are generated and managed by parties other than the operator of the website on which the user is browsing (there is usually a contract between the website owner and the third party) They can be marketing or profiling and in any case require consent from the surfer. Each website may allow the transmission of “third-party” cookies, i.e., those generated by websites other than the one the user is visiting (through objects on it such as banners, images, maps, sounds, specific links to web pages on other domains).
These are the cookies necessary for the proper navigation of a site, and basically correspond to the session cookies we have just above.
Their purpose is to store the navigation made by the user on the various websites. In this way it is possible to determine a profile of the user, his tastes and habits in order to offer him advertisements in line with his preferences and always require consent.
What does the GDPR say?
Recital 32 of the GDPR states that: consent should be expressed by an unambiguous positive act by which the data subject indicates his or her free, specific, informed and unambiguous intention to consent to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or orally. Thus, before data processing begins, the user must provide consent that is unambiguous, freely given, voluntary, specific, and informed. Consent can be given in many ways, as the Cookie Law takes no position on this, but it must be a certain consequence of a voluntary choice. It must be an active behavior, as clarified by the ruling of the European Court of Justice (case C-673/17). The behavior engaged in by the user, therefore, cannot consist of merely scrolling down the page or clicking on a link leading to another page, but must be unequivocally directed at the acceptance of cookies. It is necessary for the user to click on an Accept or Reject button.
ID used to identify users.
Used by Google AdSense to test the efficiency of ads on Web sites using their services.
ID used to identify users for 24 hours after last activity.