What companies have to do
Exception: it can re-propose earlier if the conditions of the processing have changed significantly and it is impossible for the manager to know if the cookie has been stored on the user’s device (this can happen if extensions or methods are used to “anonymize” navigation). Some practices, however disused, are prohibited, such as scrolling (when the sites consider cookies accepted if the user scrolls down the page) and cookie walls (the sites force the user to accept cookies to provide him with information or services) .
«It is necessary to adapt quickly. You really risk penalties for cookies, as happened in France where at the end of the year the privacy authority sanctioned Facebook and Google for 60 and 150 million euros “, says Rocco Panetta, lawyer.” In our experience, some Italian companies have adapted in full, others not at all and many others only in part. Partial adaptation is often the result of the use of ready-made solutions », he adds.
How companies must adapt
In short, the advice of the experts is to manually check the adjustment to the individual requests of the Privacy Guarantor; do not rely entirely on automated solutions or software. However, they can be useful. As the lawyer Antonino Polimeni says, «The fastest and cheapest way to adapt is to buy a tool. There are many around, all of quality, but be careful not to fall into the most common misunderstanding: the tools must be configured, they do not work magic ». “There are some companies that sell their tools as if they were legal consultancy, or they sell upgrades that add excessive features that go beyond what is necessary, playing a little with marketing and with the perception of the companies they buy. It is not so. The plugins, the saas, are very useful and indispensable tools for the adaptation, but they must always be submitted to the trusted lawyer or the DPO for the configuration and for the subdivision of cookies into categories. That then turning to lawyers also means making them assume responsibility for any non-compliance, ”says Polimeni.