"Façade cookies — if you get audited, you're in trouble": Stefano Castelli's experience

Stefano Castelli has been a web consultant in Bologna for nearly 30 years — since 1998. After an early career at two of Bologna's leading web agencies specialised in the public sector, he co-founded his own agency and today works as an independent professional with a network of collaborators. He directly manages around 70 sites for his clients — hosting, security, updates, Privacy — and for about thirty of them he handles Privacy compliance on an ongoing basis.

There's one detail that sets him apart from most Italian web consultants: he is one of the few ISO-certified Web Accessibility Experts in Italy. He attended the first high-level university master's programme on digital accessibility back in 2004, and recertified in 2022. And it's precisely out of this dual expertise — accessibility and Privacy — that the most interesting editorial framework of the whole interview emerges: what Stefano calls the "holy trinity" of professional web work.

The "holy trinity" of professional web work

Cybersecurity, digital accessibility and Privacy. Three different technical and regulatory disciplines, but with one shared founding principle: minimising data exposure. Cybersecurity protects data from unauthorised access. Accessibility is grounded in minimising the data required from users. Privacy regulates the same principle by law. Treating them in isolation — as most operators do — means leaving structural gaps. Treating them in an integrated way is what separates a serious consultant from a plugin installer.

From the "façade plugin ordeal" to a vertical Privacy partner

The path that led Stefano to My Agile Privacy® begins, as it does for many other resellers, with an "ordeal" — a string of attempts between free WordPress plugins that didn't actually block trackers, and paid solutions which, for small e-commerce sites, demanded unsustainable costs (five or six hundred euros a year for sites that weren't Amazon). The encounter with My Agile Privacy® came through "serendipity", as he calls it: a colleague from another Bologna web agency told him "the My Agile guys are very good". A test on a complex site (multilingual e-commerce, Google Tag Manager, Analytics, Google Ads) turned the trial into a progressive migration, all the way to joining the official reseller programme.

What he appreciates on the technical side

The interview brings out the technical points that made the difference for his work: data proxification (selective acquisition and forwarding, rather than wholesale transfer), real preventive blocking of scripts before consent is given, the granular, almost atomic control over individual categories, and the centralised updates that spare him from personally chasing every evolution of the European legal framework.

The luxury brand case

The most memorable moment of the interview involves a specific client — a luxury brand with extremely strict compliance guidelines that required custom development. Stefano couldn't solve it on his own. He opened a ticket with the helpdesk, Daniele — founder of My Agile Privacy® — stepped in directly, and within a week the case was closed. "They got me out of trouble." It's exactly the kind of support that, for an independent professional working with enterprise clients, makes the difference between accepting and declining a project.

Who this interview is for

For independent professionals, web consultants, WordPress developers and small-to-medium web agencies — what Stefano calls the My Agile Privacy® "sweet spot": teams of up to seven or eight people, where developing in-house vertical Privacy expertise is neither economically nor operationally feasible, and where a specialised partner that evolves with technical and regulatory change becomes a strategic choice, not a cost.

And for anyone who still wonders whether it's worth moving from "façade" compliance — banners that display a choice but block nothing — to real compliance, the kind that holds up under serious scrutiny.

We thank Stefano Castelli for the time and depth with which he shared his experience.