Mandatory consent, which may be withdrawn at any time. Protections also towards the users who are not registered. Whoever works on Internet shall provide the users with clear and complete information, require and obtain the data subjects’ consent, which may be withdrawn at any time, and offer concrete protections also to those who do not have a specific account to access the services provided. These are the main measures and rules established by the Italian data protection Authority through the “Guidelines on personal data processing for profiling purposes” (the “Guidelines”).
The rules provided for by the Guidelines shall apply to all subjects providing online services (such as, search engine, e-mail, online maps, social networks, e-payment, cloud computing) and that are established on the Italian State’s territory.
Please, find below a brief recap concerning the Guidelines’ provisions:
- Protection for each user: companies shall protect the privacy of both registered users and users who do not have a specific account to access the services provided;
- Information notice: the information notice on the data processing shall be clear, complete, exhaustive and well visible, starting from the first web page;
- Consent: the processing of users’ personal data must be carried out only in presence of the users’ informed consent.
Such consent may be given through the modalities and criteria provided for by the Guidelines;
Data retention: it is necessary to establish an ad-hoc period of data retention proportioned to the specific purposes of the processing.