Is this the end of cookies? Many press articles may have led you to believe that browsers will block them all. Therefore, no need for a banner or a consent interface. And yet no, because you will use other tracking technologies or first-party cookies that remain subject to the requirements of the CNIL. We explain why. This is today’s legal news.
The programmed death of third-party cookies…
There you go! You read it in the press.
It’s the end of… third-party cookies. What is that?
When you visit a website, it loads cookies deposited, in particular by third-party solution providers, advertisers, or audiences, via their domain names.
This allows you to track your browsing on all visited sites.
However, Mozilla’s Firefox, Brave, and Apple’s Safari browsers block tracking third-party cookies by default. Google plans to follow suit for its Chrome browser as part of a two-year action plan.
Which cookies are affected?
- First of all. This threatens web publishers who rely on online advertising and have entrusted the monetization of their spaces to one or more third-party agencies. Retargeting campaigns operated by advertisers also seem more uncertain.
- Third-party audience measurement cookies deposited by your solution providers.
On the other hand, it should not be affected:
- Audience cookies deposited by in-house solutions installed directly on your servers;
- Internal technical cookies (user authentication, language preferences management…).
Why manage the GDPR compliance of your website?
You may have deduced from the press articles that the legal regime relating to trackers no longer concerns you.
Mistake.
And here’s why:
- Depending on browser developments, the cookie will indeed be replaced by other tracking technologies. Local storage, device fingerprinting… The advertising use of these trackers will require the consent of your internet users.
- Despite the end of third-party cookies, you may still want to use your provider’s audience measurement solution. You can migrate the provider’s cookies to first-party cookies to preserve your statistics. However, you must still comply with the rules governing this type of cookie. For example, visitors browsing a simple showcase site must be informed that an audience measurement cookie is deposited. And they will be able to object to it.
- You can also decide to measure your site’s audience yourself. The obligations above remain applicable to you.
- Want to internalize the advertising agency activity and remove all third-party modules from your site? Your agency can use advertising cookies only if the site has a consent management solution. Their deposit will be possible for users who have authorized it.
- Are you considering no longer buying third-party data? Fine. To personalize your advertising solicitations or the editorial display of your site, you will now rely on navigation data collected directly from your audience. The cookies you use for this purpose will be subject to the prior agreement of your visitors.
Conclusion: Apply a cookie management policy on your websites
Mainstream press articles should not mislead you: browsers will block only third-party cookies by default.
Naturally, this changes a lot of things. This will lead you to abandon certain activities and internalize others. And also to evolve your infrastructure to allow your providers to deposit first-party cookies on your behalf.
Whatever alternative solutions are put in place, the CNIL’s requirements for trackers remain applicable.
To make your site compliant, you need to provide your site with the following:
- An information section on cookies;
- A cookie management interface.
This is recommended whether or not you deposit cookies requiring prior approval.
