Cookie Consent in the data freedom law
It is necessary to inform users of the presence, purpose and duration of the cookies placed in their browsers, and the means at their disposal to oppose it.
What is a cookie?
Cookies are tracers placed on Internet users’ hard drives by the web hosts of the visited website. They allow the website to identify a single user across multiple visits with a unique identifier. Cookies may be used for various purposes: building up a shopping cart, storing a website’s language settings, or targeting advertising by monitoring the user’s web-browsing.
Which cookies are exempt from the Cookie Consent rule?
France has exempted certain cookies from the cookie consent rule: for those cookies that are strictly necessary to offer the service sought after by the user you do not need to ask consent to user. Examples of such cookies are:
- the shopping cart cookie,
- authentication cookies,
- short lived session cookies,
- load balancer cookies,
- certain first party analytics (such as Matomo (Piwik) cookies),
- persistent cookies for interface personalisation.
Asking users for consent for Analytics (tracking) Cookies
For all cookies that are not exempted from the Cookie Consent then you will need to:
- obtain consent from web users before placing or reading cookies and similar technologies,
- clearly inform web users of the different purposes for which the cookies and similar technologies will be used,
- propose a real choice to web users between accepting or refusing cookies and similar technologies.
You don’t need Cookie Consent with Matomo
The excellent news is that there is a way to bypass the Cookie Consent banner on your website:
If you are using another analytics solution other than Matomo then you will need to ask users for consent. If you do not want to ask for consent then download and install Matomo or signup to a service offering Matomo hosted in the Cloud to get started.
If you are already using Matomo you need to do two simple things: (1) anonymise visitor IP addresses (at least two bytes) and (2) include the opt-out iframe solution in your website (learn more).
Note that these recommendations currently only apply in France, but because the law is European we can expect similar findings in other European countries.
CNIL recommends Matomo
We are proud that the CNIL has identified Matomo as the only tool that respects all privacy requirements set by the European Telecom law.
About the CNIL
The CNIL is an independent administrative body that operates in accordance with the French data protection legislation. The CNIL has been entrusted with the general duty to inform people of the rights that the data protection legislation allows them.
The role and responsabilities of the CNIL are:
- to protect citizens and their data
- to regulate and control processing of personal data
- to inspect the security of data processing systems and applications, and impose penalties
Matomo and Privacy
Future of Privacy at Matomo
Matomo is already the leader when it comes to respecting user privacy but we plan to continue improving privacy within the open analytics platform. For more information and specific ideas see Privacy enhancing issues in our issue tracker.
Learn more in these articles in French [fr] or English:
- [fr] Sites web, cookies et autres traceurs
- [fr] Comment me mettre en conformité avec la recommandation “Cookies” de la CNIL ?
- [fr] Recommandation sur les cookies : obligations pour les responsables de sites ?
- CNIL Starts Controlling Cookie Settings in October 2014
- CNIL recommends Matomo for compliance with data protection laws
To learn more about Matomo, please visit piwik.org,
Get in touch with the Matomo team: Contact information,
For professional support contact Professional Support for Matomo .