But what is a «cookie»?

If the mere mention of this word brings to mind the smell and taste of a round biscuit studded with chocolate chips, forget your crunchy, gourmet memories, as the computer version has a very different purpose.

A cookie is a small file created and stored on the internet user's device (computer, telephone, etc.). Cookies are placed when an internet user visits a website or application, and their purpose is to store information about the internet user for use during a subsequent connection.

Cookies can be placed by the website itself (in which case the site's servers generate a cookie under the site's domain name) or by third-party organisations such as advertising networks (in which case the cookie is generated by servers external to the site).

Essential for allowing the site to function properly, cookies can have different purposes such as personalising pages, analysing site audience, calculating the performance of an advertising campaign or advertising retargeting.

It is precisely to allow Internet users to get a clearer picture of the cookies placed during their visit to a site, but above all of the organisations that collect and use the information (purposes), that the CNIL has wished to introduce a more stringent legal framework for companies operating sites and applications.

These recommendations not only allow for the concrete application of the GDPR but, more importantly, for the transposition of the European «ePrivacy» directive into French law.

The CNIL speaks of trackers and other cookies because there are other means, techniques, for identifying an internet user and these other means, techniques, are also covered by the CNIL's recommendations;

In October 2020, the CNIL published amended guidelines and recommendations to clarify the use of cookies and other tracers by companies and thus provide a framework for obtaining internet users' consent. Companies have until 31 March 2021 to comply.

In concrete terms, these are recommendations aimed at giving users more control over online trackers, of which cookies are a part. Thus, companies must comply with the following points prior to depositing any tracker/cookie on a user's device:

  • To clearly and simply provide information about the purpose of the cookies deployed and the company collecting the data.
  • Allow users to refuse the deposit of trackers/cookies as simply and quickly as accepting them.
  • Do not place any cookies other than those necessary for the site's operation until the user has explicitly accepted the placement of other cookies by taking action.

This is generally permitted and implemented using consent management tools such as cookie banners, which appear when a user visits a website or app.

If you are affected by these recommendations, the first thing to do is therefore to check that your websites and internet applications meet these new requirements. If you think this is not yet the case, don't panic, SmartProfile concretely offers you in an infographic 5 steps to bring you into compliance with the cookie regulations:


  

To summarise

  1. Auditing your websites and internet applications 

Conducting an audit is a real necessity for businesses. This first step is a guarantee of safe and rapid compliance. It's a useful time to clean up all your stored data and also an opportunity to refine your management and, obviously, to implement effective measures requiring the measurement of the impact of cookies and other trackers during your own browsing.

  1. Identify treatments and providers

This register allows you to keep track of the entire compliance process. This essential step is therefore a good way to record, understand, and control personal data. It is therefore essential to keep it up to date as you proceed with your GDPR compliance efforts.

  1. Adapt your consent management tool

With the new GDPR rules, remember to update your consent management tool. As indicated above the article, internet users can now refuse trackers just as easily as they accept them. The tool you use must meet all the conditions of a cookie banner.

  1. Inform your visitors clearly

Internet users must be informed and give their consent prior to the deposit and reading of certain trackers. Your consent and cookie management tool must allow your visitors to identify all trackers, processing operations, and service providers using them. Furthermore, refusal must be as visible as acceptance. More concretely, the graphic representation of the two «accept all» and «reject all» buttons must be similar.

  1. Test the proper functioning

The final step is to check that your website's consent is being taken into account. Consent tools merely make consent information available for developers and service providers to retrieve this information to allow or block the use of trackers.

If compliance by 31 March 2021 for your internet sites and applications is an obligation for you in order to avoid sanctions from the CNIL, it is also a necessity for giving internet users back control over their personal data.

This remains a win-win approach where by playing the game of transparency on the data collected, you will allow internet users to feel more secure in knowing the importance of respecting data privacy. This will thus strengthen the trust built with internet users, users who will be more inclined to accept that their data is used wisely, by the right organisations... QED

Process the potential of your data
and make the right decisions to take action.

You might also like