Thanks to the European Cookie Directive, the recording of user data is only permitted if the user consents. The procedure ofopt-in is therefore mandatory, at least for tracking cookies. Find out the current state of the regulations here.
What does the European directive say about cookies?
In the European Union, the directive 2009/136/EC aims to guarantee and strengthen the protection of personal data. The Cookie Directive essentially provides that visitors to a website are informed about the use of cookies in a simple and understandable way and must consent to their storage.
According to this directive, only cookies strictly necessary to the operation of the site can be deposited without prior consentparticularly when they are essential to a service explicitly requested by the user. This includes, for example, session cookies, used to remember the chosen language, login credentials or the contents of the shopping cart. In the past, some multimedia content could also use Flash cookies, which are now obsolete.
For the use of most cookies, website operators therefore need the consent visitors. This concerns all cookies that are not technically necessary for the operation of the service offered, in particular advertising cookies used for retargeting (or retargeting), analytics and social media cookies.
Domain name
Your domain in one click
- 1 Wildcard SSL certificate per contract
- Included Domain Connect feature for simplified DNS setup
Current content of the European Cookie Directive
With the Cookies Directive, the European Union protects personal data of Internet users. A distinction is made between technically necessary cookies and non-necessary cookies:
- THE technically necessary cookies : there are cookies that are absolutely necessary for the functioning of a website; for example, saving login data, shopping cart or language choice. These are session cookies, which are deleted when the browser is closed.
- THE cookies not technically necessary : on the other hand, text files not used for the proper functioning of the website but collecting other data are considered unnecessary. These include:
- Tracking cookieswhich collect data such as geolocation or browsing behavior.
- Targeting cookies (targeting), which adapt advertisements to the Internet user.
- Analytics cookieswhich provide information about the behavior of Internet users on a website.
- Social media cookieswhich link a website to platforms such as Facebook, Twitter and others.
According to the European Cookie Directive, necessary cookies can be installed from the start of the session, i.e. even without prior consent of the user. However, Internet users must give their consent before cookies record unnecessary data. Thus, the European directive on cookies requires, according to the majority interpretation of the text, an opt-in solution for unnecessary cookies. In this case, cookies are not installed from the start, but only when the user agrees to the data storage.
Implementation of the European directive on cookies in France
Aware of the complexity of the legal framework, the National Commission for Information Technology and Liberties (CNIL) devotes part of its website about it. It specifies to whom the obligation to collect consent applies, which cookies are concerned, and regulates audience measurement solutions exempt from consent. Since the rules were updated in 2021, venues must ensure that the user is clearly informed of the purposes of the trackers and that refusing cookies is as simple as accepting them. The CNIL continues to carry out checks and support professionals to ensure compliance. In 2025, discussions around the ePrivacy regulation could further strengthen these requirements, particularly in terms of centralized management of consent and the protection of minors from advertising targeting.
Web Hosting
Flexible, efficient and secure web hosting
- SSL certificate and DDoS protection
- Data backup and restoration
- 24/7 support and personal advisor
What are cookies? What data is collected?
Cookies, sometimes called « trackers » in French, are text files that the browser places on the user's computer when they visit a website. They save the data relating to a website visitwhich improves the user experience. To cite a few examples, a browser remembers connection information and identifiers, including preferred languages, which allows Internet users to not have to constantly configure their program. Despite the practicality, critics of this system point out that cookies are incompatible with a strict privacy policy. Tracking and targeting cookies, in particular, are often criticized by privacy advocates.
A cookie generally contains a expiration date and a randomly generated unique identifierallowing a device to be recognized on subsequent visits. In principle, these files do not directly contain personal data, but may allow their collection if, for example, the page asks for an identifier or if the cookie is linked to a user account.
Cookies and data protection: what does the future hold?
For years, the EU has been trying, with the ePrivacy Regulation, to create uniform rules relevant within all member countries. However, it is not known whether this regulation, which should be adopted in addition to the GDPR, will actually be implemented.
As long as the ePrivacy Regulation is still in the idea stage, cookies fall under the influence of personal data defined in the chapter 1 of the GDPRto the extent that they collect data that allows a user to be identified in one way or another (identification number, user profile, etc.).
Please consult the legal notices in force on this article.
