Internet publishers are required to obtain user consent before the deposit of certain cookies, and to provide them with a way to oppose it.
The compliance of a website is not easy: there are rules to respect, and break them can be expensive. Here are the good practices to respect who can help you in the choice of your Cookie management platform.
1. Avoid putting a “Wall Cookies”
You have already come across a “Wall Cookie” when visiting a website. This abusive practice blocks the content of the site as long as you have not granted your consent to the cookie collection. If you click on “Reject cookies”, no content either.
In such a case, since you do not have access to the site as long as you have not clicked on the “Accepting cookies” button, the consent is forced and cannot be a real choice.
In addition, the person who refuses a cookie requiring consent must be able to continue to benefit from the service offered by the site.
Article 41 of the Guidelines du CEPD says it clearly: the “Walls Cookie” do not constitute valid consent. The use of this practice therefore violates European data protection law.
Read too :: End of third -party cookies: prepare for it and adapt
2. The collection of consent before insertion or reading cookies
The CNIL considers that the Internet user must not be able to make any choice when a site to which he connects asks him for his consent.
The interface used to collect thevisitor approval must therefore include a closing cross to close the consent window. Click outside this window to make it disappear can also be possible.
Finally, article 86 of the document, updated by the European body, specifies the question of the scroll or any other action (click) in the event of non -choice of the user. It also cannot be considered as a tacit agreement of the user.
It takes an active approach for consent to be valid: if the user refuses to choose, the site must treat this visitor as an individual who temporarily refused to give his consent (indeed). Very often, the site will once again offer this internet user the acceptance window (or not) of cookies with each visit, until it chooses.
In the same way, adhering to the general conditions of use does not constitute a consent for all the cookies of the site, any more than the creation of an account, nor the fact of being logged.
3. The Internet user consent window must be loyal
For the CNIL, the graphic representation of the “accept” and “refuse” pimples must be similar in order to prevent the visitor from acting in one way rather than another.
Please note: it is therefore not possible to display a huge green button “accept”, next to a simple link without any aesthetics, with “refuse” in tiny in a color close to that of the background.
This practice is similar to rigged interfaces, or Dark Patterns, which aim to manipulate the individual decision.
4. Some exempt cookies
The collection of consent is not compulsory: consent is assumed to be given if a cookie is necessary for the provision of an online service at the express request of the user, or for operations whose exclusive purpose is to allow or facilitate the use of an online service.
Are concerned, cookies:
- Persistent personalization of theUser interface
- To limit free access to paid content
- Of Purchase basket For a merchant site
- Used for the analysis and measurement of the hearing
- Authentication on a service
5. Regularly requests consent
The CNIL mentions that consent “can be forgotten by people”, but also that they have the right to change their mind. You must therefore check at “appropriate” intervals that the visitor always agrees (or not) with the decision he took the first time.
Whether it is the refusal or acceptance of cookies, the CNIL also estimates that the lifespan of cookies accepted by the user must be a maximum of 13 months, and that this lifespan should not be extended during new visits to the site.
If you need help to set up or configure your cookie management platform, call on a developer on our freelance Coder.com!