France: Everything You Always Wanted To Know About Cookies" (Not Biscuits Of Course...)

What are cookies, anyway?

A cookie is a temporary text file stocked on your hard drive under the request of a server managing the website you are currently visiting. Such cookie holds great information on your navigation and helps the server to recognize you from one internet page to another. In the end, cookies facilitate your navigation but also provide precious data to its sender regarding you and your navigation.

Why so useful?

To make it simple, cookies will make your navigation quicker, simpler and, in theory, more enjoyable.

For example, thanks to cookies, you do not need to always re-write your identifiers when you connect yourself on a website. Not only that, a cookie is also useful when you purchase goods on the internet. These little text files memorize the content of your electronic basket from the beginning of the purchase procedure until the final payment.

On another level, cookies are a great tool in terms of online behavioural advertisement. Indeed, as cookies hold information stocked on terminal equipments and left by a website on the internet user's terminal, it gives websites the opportunity to recognize internet users. Thanks to these cookies, you can build an internet user's particular profile from the web pages visited by such internet user and therefore offer him or her targeted advertisement. As such, you can provide efficient promotions or offers depending on the profile of your internet user targets.

Why so feared though?

Firstly, there is a general misunderstanding on their use: many assimilate cookies to spywares such as Trojan horses. And for quite a long time now, cookies suffered from a very bad reputation simply related to the massive amount of information they can collect on internet users, some being afraid that these tools were too much of a dent into the protection of Internet users' privacy. But as long as you respect the regulations applicable to cookies, their use is perfectly legal.

Opt-out before the Telecom package transposition

Before the transposition of the European Directive of November 25 2009 in the French regulation, the opt-out system prevailed concerning the installation of cookies. As a result, the use of cookies was authorised as long as internet users were informed of the conditions applicable to the storage of data and as long as they had the possibility to refuse such storage.

In practice, such information was generally found in the websites' General Terms of Use.

Opt-in from now on

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

According to the Ordinance dated August 24, 2011 on electronic communications, any internet user shall receive, from the treatment manager or its representative, clear and complete information, except if such information has previously been provided, on:

• The purpose of any action undertaken to access, by electronic transmission, information already stored in its electronic communications terminal equipment, or to record information in such equipment (targeted advertisement, etc.);
• The means offered to the internet user to refuse such action.

In any event, the internet user's express agreement must be obtained before one may install cookies in the user's system. The internet user's approval shall be provided freely once the necessary information on the cookie's purpose (for instance, advertisement) and the possibility to refuse such cookies, even subsequently, have been stated.

Please note that such approval can result from appropriate settings of its navigator or from any other system placed under the internet user's control. However, the settings of a navigator may be considered as consent to receive cookies only if such settings do allow the user to choose specifically which cookies he/she wishes to accept. A navigator which would accept generally all cookies regardless of their purpose will not be considered as evidencing the user's consent.

Please note that such opt-in requirement will apply even if the cookie does not collect personal data.

It is the entity in charge of processing the data collected by the cookie which is liable to provide the necessary information to the Internet user. However, this information may be provided by a third party appointed by the person in charge of the processing.

However, the use of some cookies is exempted from this express consent requirement, when these cookies:

• have the exclusive purpose to allow or facilitate the electronic communication;
• are strictly necessary to provide an online communication service on the express request of the internet user.

So, in practice, how does it work?

To get the internet user's express consent, different solutions can be used including boxes to tick when the internet user subscribes to an online service, a pop-up which would include a formal request for consent or a simple banner on the top of a web page (like on www.ico.gov.uk).

Remember that changing the General Terms of Use will not be sufficient to consider that the internet user's approval has been requested. Indeed, the consent shall be express.

Please note that your responsibility will be engaged if cookies were to be set on your website by third parties, especially space brokers. As a consequence, we recommend that you anticipate such issue by dealing with it in the contracts to be signed with your partners.

We hope this general information has been helpful to you. Of course, there is a lot more to be said about cookies but we know that your attention is already requested on other topics. However, if you are really interested and want to know more, do not hesitate to contact us as we will be happy to assist you with this or any other related service.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.