When you browse the web, sites use cookies to collect information about your online activity. These tracers can pose confidentiality and security problems. In fact, they can be used to gather sensitive information about web users.
What is a cookie?
This is a connection cookie. It takes the form of a file automatically stored on a device by the web browser. It is associated with a domain, i.e. all the pages of a single website. It generally ends with a .com or .fr extension. On subsequent contacts with the same domain, the cookie is returned directly. The aim? To avoid users having to re-register each time they log on.
Tracers were originally created to ensure that browsing sessions ran smoothly. They were used, for example, to keep track of users' shopping baskets. This use quickly evolved into advertising tracking, making the cookie a technology widely exploited by the digital advertising ecosystem.
Today, cookies have several uses:
- Recognize visitors by memorizing their customer ID on the merchant site;
- Targeted advertising;
- Advertising tracking;
- Gathering statistical data ;
- Collect personal data for the purpose of tracking user behavior;
- Traffic analysis ;
- Save shopping cart contents.
Some of these uses are necessary to ensure the smooth operation of functions requested by users or to establish communication. Consequently, they are exempt from consent. Others, not falling within these criteria, require the express consent of Internet users before any reading or writing.
What are the different types of cookies?
Third-party cookies
As a reminder, internal or proprietary cookies make it possible to track Internet users only on the website that deposits them. Third-party cookies, on the other hand, make it possible to track user behavior on all sites that use them. They are used to :
- Track web users as they move from site to site;
- Collect or deduce information from their visits, such as their age, place of residence or consumer habits;
- Create and enrich a profile of these users, likely to be detailed and intrusive;
- Offer them ads with a high probability of interest, with a view to generating a purchase.
Third-party cookies are created by other websites, then deposited on domain names other than that of the main website. Third parties thus have access to some of the content (ads, images) on the web page.
Session cookies
Session cookies are temporary cookies. Stored inside the browser's memory, they expire at the end of the current session: once users leave or log out of the website. Note that some browsers restore sessions when they are restarted. In this case, session cookies may last indefinitely.
This type of cookie is mainly used by online stores. Session cookies enable them to keep track of products placed in the shopping cart during the same shopping session.
Persistent cookies
Persistent cookies are stored on the device's hard disk for a certain period of time. They remain active even after the session has ended. They contain login information, account numbers, contact details and so on. They save users time by eliminating the need to re-enter data each time they use the site.
Persistent cookies work by defining an expiration date or period. Determined in advance by the advertiser, it is renewed each time a new session is opened. It is possible to delete this type of cookie manually. For example, via web browser settings or extensions.
Supercookies
Supercookies are also known as " zombie cookies ". Their use is based on third-party methods such as fingerprinting. They enable the identifier used to track users to be regenerated, even when it is deleted. Supercookies can be deleted:
- Or voluntarily by the Internet user;
- Or through the privacy protection features of web browsers.
Good to know: How does fingerprinting work?
Also known as "fingerprinting", fingerprinting is a probabilistic probabilistic technique. It consists in uniquely identifying users, using the technical specifications of their web browsers. The devices used by Internet users to connect provide information to the server. This may include screen size or operating system. If there are enough of them, they can be used to distinguish visitors from one another and track them in the same way as cookies. Unlike cookies, this method is difficult to oppose, except by using techniques that are not easily accessible. For example, an extension that randomly modifies the parameters transmitted by the web browser.
Cookie laws and regulations
Visit GDPR
The uses to which cookies are put must be presented to users when they make their choice. An initial description can be reduced to a concise presentation of the objectives pursued by the tracers. This is the first level of information. It must be followed by a more precise description (second level of information).
Internet users must approve the deposit of cookies by means of a clear positive act. This takes the form of an "I accept" button in a cookie banner. Any silence on the part of visitors must be interpreted as a refusal. No cookies that are not essential to the proper operation of the website can then be placed on their smartphone, PC or tablet.
The "Refuse all" button can be integrated at a similar level and format to the "Accept all" button. You offer website visitors a clear and simple choice.
You can also allow them to refuse cookies by closing the cookies banner.
The ePrivacy Directive
Still in draft form, the ePrivacy regulation has several major objectives:
- Guarantee the protection of citizens' rights and freedoms in the provision and use of electronic communications (telephone, internet, television). In particular, the right to privacy and the protection of personal data;
- Protect the rights and freedoms of legal entities when providing or using telephone, Internet or television services;
- Ensuring the free circulation of data within the European Union (EU);
- Clarifying and supplementing the General Data Protection Regulation (GDPR). The e-privacy regulation can be seen as a lex specialis in relation to GDPR ;
- Harmonize the rules laid down by GDPR concerning the use of cookies.
5 best practices in cookie management
- Establish a clear privacy policy
If you collect personal data, GDPR requires you to draw up a privacy policy. This document sets out the various measures put in place to guarantee data security. By being transparent and clear, you can reassure users about how their personal information is handled.
- Obtain user consent (no forced consent)
Article 7 of GDPR prohibits the practice of "bundling". bundling ". This consists in "forcing" users to consent to the processing of their personal data. For example, by making it conditional on the provision of a service for which the use of their data is not necessary.
- An easy-to-understand cookie banner
The cookie banner must be visible, prominent and complete. It should be written in terms that are simple and understandable to all users.
- Respecting users' rights
Right of access, right to portability, right to notification, right to oblivion... Internet users whose data is collected have various rights. They can exercise these rights by contacting the data controller. The data controller's contact details must be mentioned on the sites visited and in the contracts concluded.
- Regularly ask for consent
According to the CNIL, users can "forget" their consent. They also have the right to change their minds. It's a good idea to check at regular intervals whether or not they still agree with the decision they made the first time.
The importance of managing cookies
Since 2017, various web browsers have restricted the use of cookies for advertising. In 2024, Google will be the last to ban their use on Chrome. However, this does not mean that web users will no longer be tracked on the internet. Advertisers can use alternative targeting methods. These include fingerprinting, single sign-on, unique identifiers and cohort targeting. For advertisers, it's vital toanticipate this cookie-free future, which is fast approaching.
For optimal cookie management, it is essential to be familiar with the different categories of cookies. Laws and directives regulate the use of cookies on websites. Compliance with them is an obligation for all organizations handling personal data, whether on their own behalf or not. In addition to respecting best practices, the management of cookies requires a certain ability to adapt. With the disappearance of third-party cookies on the horizon, the urgent need is to find reliable alternatives.
Data Assets, LookAlike, retargeting... Dataventure offers a wide range of cookieless solutions. Would you like to become " GDPR friendly "? We can support you from A to Z in developing your PRM strategy and collecting profiles opt-in. Contact us to find out more.
