Cookies are a reality and can be found on a large majority of websites. Yet, if “accepting” them has become an almost unconscious habit, the way of using them without your knowledge was it, well aware. Focus on this practice and its necessary framework.
What are Cookies on a website?
They are files placed on the hard disk of an Internet user in order to keep some of his information for later connection. They can be placed on an email, a website, an online video game, a mobile application…
But, if at first it was for helping consumers (who could leave a page and return several hours later with always the same information), a drift quickly appeared. Some companies now use these cookies to track people’s behavior. Not surprisingly, the GDPR provides a framework for this practice.
You should be aware that not all cookies identify a person. Thus, under the GDPR, only those who allow this will be submitted to it. In other words all cookies used for analytical, advertising,…
GDPR, Consent and Cookies
For those submit to the GDPR obligations, consent must be sought. Be careful, always remember that the pop-out is not consent!
Moreover, the consent must be the consequence of a real choice (in other words, if the consumer can no longer access the website because he refuses the use of the cookie, it is not a real choice …)
Prior to using the cookie and for any new purpose not specified by the first cookie, real consent must be obtained.
Who is concerned by these obligations?
Of course, the cookie author is submitted to the GDPR obligations, but he is not the only one. Indeed, the CNIL specifies that as soon as there are several actors for the deposit / the reading of the cookie they are all considered as co-responsible (editors of sites / application, advertising agencies, social networks…)
The cookie has a 13 months lifetime. Beyond this time limit a new consent will have to be requested and obtained to be able to continue processing the information.
How to comply?
The CNIL provides the necessary elements to bring cookies into compliance with the GDPR.
First step : user information
When the consumer arrives on a website he must be informed by the appearance of a blindfold of :
- The purpose of the cookies using
- The possibility to oppose to this using and a link to achieve his will
- The pursuit of web browsing is acceptance
Example of blindfold:
“By continuing to browse on this website, you agree to the use of [Cookies or other trackers] to provide you with [For example, targeted advertising tailored to your interests] and [For example, to compile visit statistics]”.
Second step: “for more information”
This is to give the consumer more information and more choices about the cookies using.