In this regard, two main categories can be identified:
a. Technical Cookies
Technical cookies are those used exclusively with a view to "carrying out the transmission of a communication on an electronic communications network, or insofar as this is strictly necessary to the provider of an information society service that has been explicitly requested by the contracting party or user to provide the said service." (see Section 122(1) of the Personal Data Protection Code).
They are not used for further purposes and are usually installed directly by the data controller or the website manager. They can be grouped into:
-
browsing or session cookies, which allow users to navigate and use a website (e.g. to purchase items online or authenticate themselves to access certain sections);
-
analytics cookies, which can be equated to technical cookies insofar as they are used directly by the website manager to collect aggregate information on the number of visitors and the pattern of visits to the website;
-
functional cookies, which allow users to navigate as a function of certain pre-determined criteria such as language or products to be purchased so as to improve the quality of service.
User's prior consent
is not necessary to install these cookies.
b. Profiling Cookies
Profiling cookies are aimed at creating user profiles. They are used to send ads messages in line with the preferences shown by the user during navigation. In the light of the highly invasive nature of these cookies vis-à-vis users' private sphere, Italian and European legislation requires users to be informed appropriately on their use so as to give their valid consent. These cookies are referred to in Article 122(1) of the Personal Data Protection Code where it is provided that "Storing information, or accessing information that is already stored, in the terminal equipment of a contracting party or user shall only be permitted on condition that the contracting party or user has given his consent after being informed in accordance with the simplified arrangements mentioned in section 13(3) of the Personal Data Protection Code".
Session Cookies and Persistent Cookies
Session cookies, which contain information that are used in the current session of the browser, are automatically deleted at the end of the session (when the browser is closed) and are never kept beyond the time necessary for the use of the site itself.
Persistent cookies, which are used to maintain usefull information between the access to the site that occur over time, for technical reasons or to improve navigation on the site, are not however ever deleted on logout and have a duration (expiry) that is set by the site itself and which can vary from a few minutes, up to several years.
First-party Cookies and Third-party Cookies
You must consider the different subject that installs cookies on the user's terminal, according if it is the manager of the site viseted by the user (which may be briefly referred to as "publisher") or a different site that installs cookies through the first one ("third-party" cookies). According to that, we can have:
-
first-party cookies, which are created and readable from the same site that created them;
-
third-party cookies, which are created and readable from external domains to the site and whose data are stored by the third party.