Cookie law e Garante per la privacy: my solution

not, there'll put pictures “american cookies” with an angry face to be more sympathetic or “sugar the pill”, as these days are making many bloggers, thong thong, write articles on “cookie law all’italiana” with the sole purpose of receiving organic traffic, but does not propose any solution, and do nothing but plagiarized the usual hackneyed, or defer to the usual services pay, as well as write misstatements, proving he does not even give a quick read the rules.

Although not a lawyer (I challenge many lawyers, non-experts, to fully understand the abortion that was produced), preferring to trust myself that not the first stranger who writes on the web, I tried to understand what was written in the provision of’8 May 2014 in materia di cookie e privacy, It came into force on 2 June 2015. I do not guarantee to be able to understand perfectly the norm, but I have an idea.

In essence: must ask for your consent before (First, not after, as they are doing some users, adopting methods used in other countries!) install cookies that are not purely of “session”.

I refer you to the official, on the site of the guarantor, to see what differences there are between Technical cookie, analytical cookies, cookie profiling (third party or not), and so on.

Using both sharing buttons di Facebook/Twitter/Google , is google adsense, both the maps of Google Maps, both videos Youtube, is google analytics: according to the interpretation of the last days, these services installed cookie profiling (Third Party, as the provider of such services is not me). According to the Guarantor, you can not install these cookies, without the user's informed consent, through informative short (banner), and wide information (policy).

On the other hand, the Guarantor agrees that you can not have full control over third-party cookies (Then, not installed directly from the site, but by third party service, such as share buttons / like).
Carryover from http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/3118884

Those involved: publishers and “third parts”

Another element to consider, for the correct definition of the matter in question, It is subjective. It should, namely, take account of the different subject that installs cookies on the user's terminal, depending on whether it is the same site manager that the user is visiting (which can be synthetically indicated as “publisher”) or of a different site that installs cookie through the first (c.d. “third parts”).

Based on the findings of the public consultation, it is considered necessary that this distinction between the two aforementioned individuals is taken into due account in order to correctly identify their roles and responsibilities, with reference to the release of the information and the acquisition of the consent of the users online.

There are many reasons why it is not possible to put the editor in chief the obligation to provide the information and obtain the consent to the installation of cookies on its website for those set up by “third parts”.
First, the publisher should always have the tools and the economic and legal capacity to assume the obligations of third parties and should therefore also be able to verify each time the correspondence between the statements by third parties and the purposes they actually pursued the ' Use of cookies. This is made very difficult by the fact that the publisher often do not know directly all third-party cookies that install through its website and, Then, even the logic underlying the relative treatments. Also, often between the publisher and third parties stand in the way persons who perform the role of dealers, resulting in fact very complex for the publisher control on the activity of all involved.

Cookies third parties may, then, in time be modified by third party providers and would be impractical to ask publishers to keep track of these changes even further.

It should also take account of the fact that often the publishers, which include individuals and small businesses, They are the most “weak” relationship. Instead, when the third party are usually large companies are characterized by considerable economic weight, normally they serve a plurality of editors and may be, compared to the individual publisher, also very many.

It is therefore considered that, also because of the reasons indicated above, you can force the publisher to enter the home page of their website also the text of the information relating to cookies installed through it by third parties. This would lead, however, a general lack of clarity of the information released by the publisher, while making extremely tiring for the user to read the document and therefore the understanding of the information contained therein, thereby thwarting even the desire for simplification provided for by. 122 Code.

Similarly, as regards the acquisition of consent for cookies profiling, cut need-for the reasons given above distinguishing between the respective positions of publishers and third parties, it is believed that publishers, with which users establish a direct relationship with the access to its site, necessarily take on a dual role.

Such subjects, in fact, on the one hand are data controllers as cookies installed directly from your site; other, unable discerned a co-ownership with the third-party cookies that install themselves through them, it is considered proper to consider them as a kind of technical intermediaries between them and the users. And it is, Then, in that capacity that, as will be seen below, They are called to work in this resolution, with reference to the release of the information and the acquisition of the online users' consent with regard to third-party cookies.

These are solutions that, to date, I adopted, and that will be in use until further notice:

Removing Google Map “embeddate” the site.

These maps generate cookie profiling third party, that can not be blocked in advance. Instead of Google Map, I entered the direct links to maps, so take the user directly to Google servers, avoiding the creation of these cookies.

Embed YouTube videos made by version “no cookie” Youtube (youtube-nocookie.com).

Sufficient to install the plugin for WordPress “EU Tube User Privacy“, which will provide the version “no cookie” videos of Youtube.

Anonymisation of the data collected by Google Analytics

“It Seems” that the rule can be “interpreted” in such a way to consider the cookie (Third Party) profiling of Google Analytics like a cookie analytic third party.

To do this, is sufficient tarnish the last part of the IP address users, making them, Then, unrecognizable, and collecting the data in aggregate form.

Let's modify our code Google Analytics, by putting the line:

 ga('set', 'AnonymizeIp', true);

just before:

 ga('send', 'pageview');

Button lock sharing (Twitter/Facebook/Google ), Lock Analytics tracking code, block commenting system Disqus, as long as the user does not express his consent the installation of these cookies.

These (and other) service generate analytical cookies or third-party profiling (with the due considerations made just above, per Google Analytics).

To block the installation of these cookies until, as per instructions of the Guarantor, the user did not click on the button del banner, He has not carried out a “scrolling” of pages, or has not made a click on any element of the page, I used the great plugin EUCookieLaw, written by disponibilissimo Diego La Monica.

We download the following files only:

EUCookieLaw.js
eucookielaw.css
eucookielaw-header.php

Nota bene: if you used only WordPress, you can use EUCookieLaw version WP-plugin, downloaded at this address: Click.

You can read a guide in English, that explains in detail all the settings, page GitHub developer but, for practical, It reports the basic configuration that I use, and that allows you to lock in advance AdSense, Disqus, Facebook, Twitter, google analytics, Youtube, cookie di Google Font. The code, Also, sets a cookie for a period of one year the user's computer, in such a way that the warning will no longer appear in the following months.

On top of your code, insert these lines in PHP:

define('EUCOOKIELAW_DISALLOWED_DOMAINS', '.Google com;.google.it;.google-analytics.com;fonts.googleapis.com;.doubleclick.net;stats.g.doubleclick.net;doubleclick.net;.googlesyndication.com/pagead/;.twitter.com;www.youtube-nocookie.com;www.youtube.com;.facebook.net;.facebook.com;.facebook.it;.disqus.com ');
define('EUCOOKIELAW_LOOK_IN_SCRIPTS', true);
define('EUCOOKIELAW_BANNER_TITLE', 'Informativa sull\'utilizzo dei cookie');
define('EUCOOKIELAW_BANNER_DESCRIPTION', 'This site uses cookies technical and profiling (Third Party), to improve your browsing experience, and send you advertising in line with your preferences. <a href="/privacy_cookie_policy.html" target="_blank">On this page<\/A> puoi leggere l\'informativa estesa</A> or opt out of all or some cookies.<br>Clicking <I>"Ok"</I>, scrollando page, or by clicking on an item, acconsenti all\’uso di tali cookie.<br><br>This website needs 3rd party profiling cookies for providing a better user experience. By clicking on <I>"Ok"</I> or by scrolling the page, you accept such cookies. Click <a href="/privacy_cookie_policy.html" target="_blank">here<\/A> to read more or opt-out.');
define('EUCOOKIELAW_BANNER_AGREE_BUTTON', 'OK');
define('EUCOOKIELAW_DEBUG', false);
define('EUCOOKIELAW_BANNER_AGREE_LINK', '?__eucookielaw=agree');
require_once ('eucookielaw-header.php');

Right after, enter the file eucookielaw.css, the file EUCookieLaw.js, and their settings:

<script type="text/javascript" src="EUCookieLaw.js"></script>
<script type="text/javascript">
        new EUCookieLaw({
            message: 'This site uses cookies technical and profiling (Third Party), to improve your browsing experience, and send you advertising in line with your preferences. <a href=\"/privacy_cookie_policy.html\" target=\"_blank\">On this page<\/A> puoi leggere l\'informativa estesa</A> or opt out of all or some cookies.<br>Clicking <I>"Ok"</I>, scrollando page, or by clicking on an item, acconsenti all\’uso di tali cookie.<br><br>This website needs 3rd party profiling cookies for providing a better user experience. By clicking on <I>"Ok"</I> or by scrolling the page, you accept such cookies. Click <a href=\"/privacy_cookie_policy.html\" target=\"_blank\">here<\/A> to read more or opt-out.',
            show banner: true,
            bannerTitle: 'Informativa sull\'utilizzo dei cookie',
            agreeLabel: 'OK',
            reload: true,
            duration: 364,
            agreeOnScroll: true,
            agreeOnClick: true
        });
    </script>
<link type="text/css" rel="stylesheet" href="eucookielaw.css" />

As you can see in the text, I refer to the text of the cookie and privacy policy site, that is inserted compulsorily. in my case, the policy is in the root of the site, and his name is privacy_cookie_policy.html

By clicking on policy, the user can inquire of the types of cookies that will be installed, and will eventually block them. It's up to you to write a proper policy, and to comply with the services on your site.

In definitiva, This should suffice to appease the hunger of unusual privacy, for some time, It seems gripped Italy, and avert the risk of fines that can exceed centromila Euro.

You can check operation, using development tools like Firebug, and going tab “cookie”.

It goes without saying that the code is provided AS IS, and I take no responsibility for any use, Improper or less, of this solution, or on the full compliance of this solution to the instructions of the Guarantor.

Use this solution on my website (to date, 8/8/15, ed), and all your feedback is indeed welcome. 🙂

Edit: point out the explanations of the Guarantor, published later in the day, IL 5 June 2015

Those involved: publishers and “third parts”

Customers who bought this also ...

6 Comments »