Consent for web cookies, should you review your usage?

It is now mandatory to ask for consent before collecting information. The General Data Protection Regulation (GDPR) in Europe and Law 25 in Quebec have increased the requirements for privacy protection. Should you add an “accept cookies” banner to your site? It is entirely possible to avoid it, if you limit data collection for your organization and advertisers.

Cookies (also called trackers) are tools which, basically, improve the browsing experience by memorizing useful information. However, certain third-party cookies, placed by platforms such as Google or Facebook, go beyond this basic functionality. They track online activities to create detailed profiles, which are then used for ad targeting. This practice raises important ethical questions about privacy and consent. I talk about it at length in this article.

How do you use cookies?

The first thing to do is to check how you use the browser cookies.

  • How often do you analyze traffic to your website?
  • What kind of analysis do you perform?
  • What data do you need to successfully perform this analysis?
  • What decisions do you make following this analysis?

The basic rule remains the same: we limit the collection of data to what is strictly necessary, especially if we do not have many means to protect it.

Having data is useful if it helps you make decisions for your organization. If data is just information, then it is wasteful because it does not help your organization deliver value to its customers.

I am thinking in particular of the collection of data which is not used at the moment but may be used in the future. It’s true that we don’t know the value of this data in the future, but I also don’t know what I will do with it and if I could use it. And they add personal data to protect.

Uses with and without consent of cookies

Authorized use, without consent, because it is considered legitimate (no invasion of privacy):

  • Remember the settings on site: language, country of connection, colors, etc.
  • Maintain access to an authenticated area or to an account (no need to enter username and password each time you access it, this is when you click on “remember me on this computer”)
  • Remember the items put in the basket (useful when browsing is interrupted and resumed later or on another device)
  • Limit the number of free articles or content a person can view or download
  • Remember your cookie preferences
  • Measure the audience anonymously and for technical needs (time spent on the site, number of pages viewed, etc.)
Screenshot of a cookie acceptance window. First option: Continue without accepting. With your consent, we and our 780 partners use cookies or similar technologies to store, access and process personal data such as your visit to this website, IP addresses and cookie identifiers. Some partners do not ask for your consent to process your data and rely on their legitimate business interest. Learn more option. Accept and close option.
This window (n French) is clear, they ask for permission to share your data with 780 other parties. I am not sure I will be able to withdraw my consent easily after having accepted.

Uses subject to consent because they violate privacy:

  • Calculate the time the person spends on the site to display personalized messages after a certain time
  • Differentiate between Internet users: customers connected to their accounts, customers not connected, non-customers to offer them different content
  • Targeted advertising, with Google Ads, Facebook Ads or other solutions

All of these cookies may remain active during the session or for a specific period of time, from a few days to more than a year. But hey, I don’t close my web browser (and therefore my session) every evening. I restart my computer once a week, so my sessions last a week. And on my phone, several months can go by without me restarting it.

How I manage cookies, without consent

In my case, I need to know which pages are most viewed, which have errors, how people arrive on my site (from an article, another site), and the time spent on the site overall. I don’t need to know the socio-demographic profile or the exact location of each person who visits my website, the country and language are enough for me.

I do not make a correlation between the publications I make on social networks and subscriptions to my newsletter or visits to my website. I admit that it’s interesting to follow a person’s journey. She clicks the link in an email at 8:32 a.m., spends 2 minutes reading an article. Then at 12:43 p.m. she resumes reading, because the page had remained open. When she finishes reading, she goes to another site. I’m curious, but not having this information doesn’t hinder my business and my marketing activities.

In fact, I don’t have enough time to do this type of analysis. If I had a big marketing team, maybe I would track this data live and send them a chat window with an individualized promo code. But I think that the majority of sites do not use all the functionalities of these intrusive cookies. We have neither the time nor the technical skills.

A few years ago, when I looked at cookies on my site, I discovered, to my amazement, that Google was collecting this information (and much more) about my visitors and using it for its own purposes. Each individual was followed. I immediately activated IP anonymization and blocked sharing with Google entities. Knowing your country is enough for me. I also anonymized any historical data I had. Europe regularly imposes fines on Google for good reasons.

Following the entry into force of the GDPR, I changed the analysis tool for my website. I moved from the giant Google to Matomo , which is much more respectful of privacy. My data belongs to me and is on my own server. I am now certain that it is not shared.

Understand your situation and make the right decision.

Google Analytics collects a lot of information by default. If you use all dashboards and need accurate data, you should add a cookie acceptance banner to your site.

If, like me, your usage is very limited, you collect information about Internet users, to give it to Google and others, in exchange for a dashboard that you do not use. I did it for many years. When I realized this, I changed.

If like me, you want to avoid cookie banners, you need to review several things on your website:

Web analysis tool (cookie settings). It’s difficult, Google does not provide a procedure for doing this and regularly changes the menus. Your goal is to anonymize IP addresses. 2 bytes are enough: 192.168.xxx.xxx. You will also want to uncheck the options for sharing data with other Google entities.

Third-party cookies from social networks. To prevent social networks from depositing their cookies, you must give up on their services: “Like” buttons, option to post on networks, embedded content (video). Your site will become simpler. For my part, I rarely had direct shares of my site on networks, and I deleted the YouTube videos that I had included, in favor of links to these platforms.

In conclusion

I removed some little-used features from my site. To see the videos I recommend, you have to click on a link. But the benefit of not having acookie banner, because you are not tracked on my site, is much more important in my opinion.

With a strict regulatory landscape and intrusive tools, it is difficult, but possible to protect the data of our Internet users. The cookie acceptance window, as cute and funny as it is, remains an intrusion into private life.