Cookies are small text files that are sent to the user's terminal equipment (usually to the user's browser) by visited websites; they are stored in the user's terminal equipment to be then re-transmitted to the websites on the user's subsequent visits to those websites. When navigating a website, a user may happen to receive cookies from other websites or web servers, which are the so-called "third party" cookies. This happens because the visited website may contain items such as images, maps, sound files, links to individual web pages on different domains that are located on servers other than the one where the page being visited is stored.
Cookies are present as a rule in substantial numbers in each user's browser and at times they remain stored for long. They are used for several purposes ranging from IT authentication to the monitoring of browsing sessions up to the storage of specific information on user configurations in accessing a given server, and so on.
In order to appropriately regulate these devices, it is necessary to distinguish them by having regard to the purposes sought by the entities relying on them, as there are no technical features that allow differentiating them. From this standpoint and for the purposes of this decision, cookies may be distinguished into two major group: "technical" cookies and "profiling" cookies.
- Technical Cookies
Technical cookies are those used exclusively with a view to "carrying out the transmission of a communication on an electronic communications network, or insofar as this is strictly necessary to the provider of an information society service that has been explicitly requested by the contracting party or user to provide the said service." (see Section 122(1) of the Code).
They are not used for further purposes and are usually installed directly by the data controller or the website manager. They can be grouped into browsing or session cookies, which allow users to navigate and use a website (e.g. to purchase items online or authenticate themselves to access certain sections); analytics cookies, which can be equated to technical cookies insofar as they are used directly by the website manager to collect aggregate information on the number of visitors and the pattern of visits to the website; functional cookies, which allow users to navigate as a function of certain pre-determined criteria such as language or products to be purchased so as to improve the quality of service.
Users' prior consent is not necessary to install these cookies, whilst information under Section 13 of the code has to be provided in the manner considered to be most appropriate by the website manager – if only such cookies are relied upon.
- Profiling Cookies
Profiling cookies are aimed at creating user profiles. They are used to send ads messages in line with the preferences shown by the user during navigation. In the light of the highly invasive nature of these cookies vis-à-vis users' private sphere, Italian and European legislation requires users to be informed appropriately on their use so as to give their valid consent.
These cookies are referred to in Article 122(1) of the Code where it is provided that "Storing information, or accessing information that is already stored, in the terminal equipment of a contracting party or user shall only be permitted on condition that the contracting party or user has given his consent after being informed in accordance with the simplified arrangements mentioned in section 13(3)."
- Non-Persistent Cookies
Cookies that are stored in the temporary memory of the device, normally expires with session end, will not be present at next browser start-up, if necessary will be downloaded again. Usually those are technical cookies.
- Persistent Cookies
Cookies that are stored in the physical media of the device, will be present at next browser start-up. Usually those are profiling cookies.
Cookies may however be eliminated with specific procedures in each browser.
An additional element to be taken into account in order to put this issue against the appropriate backdrop has to do with the entities involved. That is to say, account should be taken of the entity installing cookies on the user's terminal, which may be the manager of the website visited by the user – which can be referred to as the "publisher" for the sake of convenience – or the manager of another website that installs the cookies by way of the former – which is a so-called "third party".
Publisher cookies, are usually created and read by the site who created them.
Third party cookies, are created and read by external domains and data are stored by third party.
Below are the links with the procedures provided by main browser for disabling cookies: