But what has changed?
Almost all websites use "cookies".
A "cookie" is a string of characters sent by a web server and saved by the web browser when displaying a page.
This string is returned by the web browser to the web server when viewing other pages.
Cookies allow web servers to "follow" visitors.
This monitoring can have several objectives:
- know a user is identified or not;
- make statistics on the number of visits, pages visited, etc. ;
- store a shopping cart;
- register user preferences (display language, etc.);
- offer targeted advertising;
The European directive
Member States shall ensure that the storage of information, or obtaining access to information already stored, in the terminal equipment of a subscriber or user is allowed only if the subscriber or the user has agreed, having received, in accordance with Directive 95/46 / EC, clear and complete information, among others on the purposes of the treatment. This provision shall not preclude technical storage or access intended exclusively to carry out the transmission of a communication over an electronic communications network, or strictly necessary to the supplier for the supply of a service of the information society expressly requested by the subscriber or the user
Transposition into French law
TheArticle 32 of the Law of 6 January 1978 has been modified accordingly (in 2011) and adopts the same principle.
The reminder of the principles
Thus, the cookies deposited by a Web server must, previously, have been explicitly authorized by the user, in particular the cookies aimed at (Deliberation n ° 2013-378 of December 5th, 2013, article 1st):
- targeted advertising;
- the audience measurement between several sites;
- social network tracing generated by "social network sharing buttons";
Reminder of exceptions
If cookies are strictly necessary to a service requested by the user, it is not necessary to ask for authorization (Article 5 (3) of the Directive 2002/58 / EC).
This is particularly the case for a cookie aiming at:
- authentication of a user;
- the management of a shopping basket;
Adding flexibility with the principles
Nevertheless, the CNIL allows some flexibility (article 6, Deliberation n ° 2013-378 of December 5, 2013) with the cookies allowing to manage the measurements of audience. These cookies (ie which make it possible to manage the measures audience) can be the subject of a simple information if:
- the user can oppose a posteriori (and without this opposition being registered on the server side);
- the cookie is only for the audience of the site in question (and no cross-referencing of data must be done);
- the geolocation of the user must not be more accurate than the scale of a city;
- the last octet of the IP address must be masked (or anonymized);
- the lifetime of the cookies must not be more than 13 months (from their first creation on the user station).
The rise of warning signs
As we have seen, these rules are applicable in France since 2011 (date of entry into amendment of theArticle 32 of the Law of 6 January 1978).
It must be recognized that, overall, no site respected them.
The reason is simple: since its deliberation of December 2013 (Deliberation n ° 2013-378), the CNIL has announced that it will carry out a certain number of online checks starting fromOctober 2014...
Web players are therefore seeking to comply in an emergency to avoid sanctions: the adage " there are no mandatory rules without penalty Is once again verified ...