We recently addressed the topic of online compliance to understand what aspects we cannot overlook to protect users' sensitive data and not incur unpleasant penalties.
We return to this topic to tell you about an update, a new requirement mandated by the Privacy Authority. Did you know that you must now also keep detailed track of your users' expressed preferences for the use of Cookies?
In this article we will explain not only what the Cookie Preference Registry is, but we will also try to shed light on the use of Cookies more generally.
If you do not have a Preference Registry you are violating the GDPR.The Cookie consent you acquire will not be considered valid, so you can risk penalties and fines of up to 20,000,000 euros.
power2Cloud as an iubenda partner can activate the Cookie Preference Registry in a short time on your site, eCommerce or Mobile App. Read on to learn more.
What this article is about:
What is the Cookie Preference Registry
Allowing users to express their consent for the use of Cookies is no longer enough, it is now mandatory to register these consents as well, and to do so in the right way.
If required, your company must be able to prove at any time that the user who visited your site actually offered consent (the burden of proof will be on the Data Controller).
Here is what the registry must include:
- Who provided consent;
- When and how the individual user's consent was acquired;
- The consent collection form presented to the user when collecting consent ;
- A reference to the legal documents and conditions in place at the time the consent was acquired.
In order to be compliant with regulations, complete information must be kept: the user's unique identifier along with the date-certified with a time stamp-when the form was filled out, a copy of the version of the form itself, the legal documents used at the time the user gave consent.
We don't want to discourage you, but this is not an activity you can do manually and occasionally or without specific technical skills.
power2Cloud is helping many businesses like yours manage the legal aspects with iubenda. It is a solution chosen by more than 80,000 customers in more than 100 countries to comply with all regulations, including GDPR.
With the iubenda Consent Solution, for example, power2Cloud can help you easily record, manage and export evidence of consent for any of your users at any time.
How to enable Cookies?
After sharing the update regarding the Consent Registry, let's take a step back. Maybe you have an eCommerce, you're involved in marketing automation, but you don't know the data protection guidelines in detail. What are Cookies, how should they be enabled and configured?
Cookies are text files that are saved in the memory of the user's browser when browsing online; they allow the issuing site, but also third parties, to recognize the user and aspects related to the user's characteristics, preferences and behavior.
You can imagine why they are useful: they allow a site to recognize a user's device to improve the browsing experience, while at the same time helping to ensure that the advertising content displayed online is on target with the user's interests.
What is the difference between first-party and third-party cookies:
- First-party cookies are created and used only by the site owner. The information collected and stored serves a variety of purposes and is usually not shared with third parties. They allow saving preferences, such as language or products added to the shopping cart, even between sessions.
- Third-party cookies on the contrary are created by companies other than the one that owns the site the user is visiting and most often are used for research purposes, statistics or to propose relevant and personalized advertisements.
If reading this article made you realize that you are not compliant, if you already have an advocate assisting you but it has been a while since you have updated your policies, or simply want to know in detail all the iubenda features, you can consult with our team.
GDPR and Cookie Law, the requirements for European legislation
You will well understand that the processing of user data and the installation of tracking technologies necessarily require you to follow current regulations, a topic that is as complex as it is sensitive, not least because they change from country to country.
If you operate in the European Union territory or target European users, check that your site is compliant not only with GDPR but also with the Cookie Law (ePrivacy Directive).
Regarding Cookies the European legislation obliges you to:
- set up a cookie policy
- Show a cookie banner when a user first visits your site
- Store evidence of your users' preferences , as required by the GDPR
- Block non-technical cookies (such as those from Google Analytics, AdSense etc.) before consent is given
- Release cookies only after collecting consent (prior consent).
In response to this need, here are two iubenda solutions that we recommend because they can help you right away:
- Cookie solution iubenda (for GDPR, ePrivacy/Cookie Law, CCPA) is a comprehensive solution for complying with the provisions of the European law on processing by cookies. power2Cloud can create a fully customizable cookie banner in just a few clicks, collect consent from your users to install non-technical cookies, and configure preemptive blocking for those that require consent.
- Consent Solution iubenda(GDPR, LGDP, General Privacy Laws) helps you store and manage your users' proof of consent and privacy preferences. You can get a detailed record of consents collected, including when consent was given and by whom.
What happens if you are not GDPR compliant?
What happens if your site does not comply with the GDPR? You can face fines of up to 20 million euros or up to 4 percent of annual worldwide sales, whichever is greater. It doesn't end there, your company may be affected by:
- Periodic data protection audits;
- official recalls if the violations were first encountered;
- Invalidation and total and permanent blocking of your databases/databases containing non-compliant data (for the erroneous manner of collection and/or maintenance)
- liability damages.
Users at any time can file a complaint with the supervisory authority and be entitled to compensation for any damages, thus making violators susceptible to being sued.
If illegal activities are found, in addition to the subject of the complaint, for example, an email address, the company may be prohibited from using the entire database in its possession.
What does the iubenda Consent Solution offer?
Let's leave sanctions aside for a moment and return to the solutions mentioned a moment ago, delving into the opportunities offered by the Consent Solution. Here is what it includes:
- allows informing users via a cookie banner and a dedicated cookie policy page (which is automatically linked to the privacy policy and integrates what is necessary for full Cookie Law compliance);
- save preferences on consensus;
- preemptively blocks cookies before consent;
- keeps track of consent and saves the settings for each user for up to 12 months after the last visit to the site, as required by law.
What does the iubenda Cookie Solution offer?
We then come to the iubenda Cookie Solution with which you can easily generate a fully customizable Cookie Banner, configure preemptive cookie blocking and set user consent before releasing cookies.
Depending on the tracking you do of user data and the tools you use, power2Cloud will help you follow all regulations.
Iubenda Cookie solution has several advantages, let's remember some of them:
- Cookie plugin for WordPress, Joomla!, PrestaShop and Magento. Also available is a PHP class
- Optimized to work with all mobile and touch devices
- advanced statistics on consensus
- stores evidence of your users' preferences
- GDPR, CCPA and LGPD ready
- compatible with Google AMP
How to delete Cookies?
The time has come to put ourselves in the user's shoes.
We try to understand not only what our company needs to do to be compliant, but also how these regulations affect those who browse our site.
Transparency is definitely one of the most important aspects, so here is a small recap of the main requirements we need to ensure online:
- Banner display/information;
via the script:
- release of technical cookies,
- Blocking third-party cookies and portions of third-party code that might issue cookies;
- alternatively to the aforementioned blocking, release of cookies that do not profile the user except following the user's consent;
- checks whether the user has already expressed preferences by analyzing whether the user is a first-time visitor or not; saving the user's preferences within a cookie;
- Management and updating of the cookie policy.
If a user wishes to change the preferences they have granted, they should be able to do so at any time, yet many sites have Banner Cookies that do not allow this because they are incomplete and opaque.
Regardless of whether they are more or less compliant, Banner Cookies today are consulted superficially and with little awareness because people are in a hurry to browse content. Many users have not yet understood that accepting everything means giving up their personal data to optimize the platform or paid campaigns.
Deleting cookies, however, is possible on all browsing browsers such as Microsoft Windows Explorer, Mozilla Firefox, Google Chrome, and Apple Safari. Just select Settings, usually under Privacy and Security, and delete them. Of course, the action must be resumed as often as you wish to do so.
The same operation must be repeated on the cell phone, usually by accessing the Browsing History. Be careful not to also select passwords, in which case saved browsing credentials will be permanently deleted.
Why turn to an iubenda partner like power2Cloud
How do you manage online compliance? power2Cloud advises you not to burden your eCommerce platform or site with third-party plugins that are difficult to manage or create pages that you then have to remember to update manually.
Legal requirements are constantly changing, so you need to have documents that meet the latest requirements, generated using the iubenda service. Choose a secure all-in-one solution that does not require large investments with a partner like power2Cloud.
Our team deals not only with Cookie Policy and Banner Cookie, but also with Privacy Policy and Terms and Conditions.
With iubenda we guarantee you constant updates, thanks to a Embedding function and not copy and paste function. Of course, this is not a substitute for legal advice; you can always have your lawyers review the documents generated with iubenda.
One of our accounts is ready to follow you throughout the duration of the service, you can also compare with our team for all the solutions needed for your work with the possibility of integrating them quickly.
Regarding Cookies, the power2Cloud team will help you with some preliminary steps to implement the regulations:
- Identify all categories of cookies installed its your site and their purposes (First-party cookies);
- Identify third parties who, through the owner's site, might send cookies;
- Categorize cookies by processing purpose;
- identify links to the Privacy Policies and Consent Forms of third parties with whom the site owner/operator has agreements to send Cookies from the same site (where available).
In case it does not have direct contact with third parties or in case it is particularly difficult to identify all third parties we will include:
- links to the privacy policies of intermediaries (usually the site's advertising concessionaire) where available,
- link to http://www.youronlinechoices.com/it (limited to services surveyed by that platform, i.e., at present, those of advertising profiling);
- Update privacy policies.
