Cookie banners have gained momentum on the internet. It is undeniable that a certain mistrust of the users has expanded and increased in the past years, as users fear that their online activities, as part of their privacy, might be tracked by websites keen on collecting personal data.

In this respect, in accordance with article 5 of the Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector, the holders of websites have no other choice than obtain prior consent of the users before the latter can access the website,

In order to be compliant the cookie banner needs to be explicit and clear as for the kind of cookies used and their characteristics (essential, functional, « session », permanent, etc..).If not the holders of websites may be liable and exposed to legal sanctions, i.e. a term of imprisonment going from 8 days up to one year, a fine of € 251.00 up to € 125,000.00 and even the shutdown of the website.

What does Cookie stand for and what does it aims at?

A Cookie is a small chunk of information, exchanged between the device of an online user and a computer server, enabling the server of the website to gather statistical data pertaining to the attendance and the usage of a website.

In practice, the Cookie saved on the user’s device is essential for the production of anonymous statistics, aiming in fine to make the website experience more comfortable for the user. Some so called persistent cookies, may save the usage and options chosen by the user (such as the language, region, etc.) in order to improve the next website experience.

In this regard it is strictly forbidden to use social plugin cookies in order to track the behavior of a user through other websites or to save the data of non members without prior consent of the latter.

Cookie banner and Consent of the user

Users shall consent to the processing of personal data via Cookies, prior to the gathering of personal data.

A Cookie banner is therefor compulsory in order to obtain a clear, explicit and unequivocal consent of the user, which will have to be able to accept or decline the usage of cookies.

This Consent may only be binding, if the user has the possibility to validly exercise a choice and is not set under pressure should it refuse to give its explicit Consent.

It is recommended to reveal the Cookie banner, prior to the usage of Cookies, i.e. already on the homepage, which has to provide the category of used Cookies and therefor allow the user to manage the Cookies in accordance with his needs and preferences.

The user who disagree to give his consent regarding a Cookie requiring his approval shall still be able to use the service. However, this does not apply, if a cookie is needed for the proper functioning of the website, and a refusal would impact the use of the website.

Some cookies are however exempt of approval.

According to article 5, paragraph 3 de la Directive concerning the processing of personal data and the protection of privacy in the electronic communications sector, it is allowed to use a “Cookie” without the explicit consent of the user in the following two cases:

  • “for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communication network “, or
  • “as strictly necessary in order to provide an information society service”.

 Usefulness of cookie policy

As a banner could be considered as unsatisfactory in order to fully inform the user as for the aim of Cookies, it most of the time refers to a more broaden Cookie policy which can properly inform the user at the time the latter needs to give his approval on the usage of cookies.

A Cookie policy is essential to any website using Cookies and must figure on the homepage of the website, so that the user may conveniently take notice of it.

A tab “legal notice” or “cookie policy” located on the bottom of the website is provided for this purpose.

More specifically, the “cookie policy” aims to inform the user on:

  • the categories of cookies used by the server of the website,
  • the storage time of the collected data (session, permanently), as well as
  • the solutions in order to limit or enable the use of cookies on a device.

According to the CNIL (“Commission Nationale Informatique et Libertés”), the maximal data storage time shall not exceed 13 months.

In conclusion, cookies are a way for the owners of websites, to understand the usage of a website, to improve the functionality and the content of it and to offer services that are in accordance with the needs of the users. The publication of a compliant cookie banner is henceforth a necessary evil, in order not to be exposed to legal sanctions and especially to avoid users losing interest in the website.

MARTIN AVOCATS SARL remains at your disposal, should you need any kind of assistance with the analysis of your website and its compliance with the directive.