The Commission points out that the laws on the protection of privacy do not target a particular technical solution. Thus, even if the actors of the advertising market focus a lot on cookies in their communication, any form of tracking requires compliance with the rules.
“ The CNIL has observed the development of several alternatives to the use of third-party cookies which can be classified into four categories ”, she indicates. It lists the fingerprinting calculation, the re-internalization of cookies via CNAME cloaking (which can pose security problems), identifiers or unified connection (which does not exempt from free and explicit consent), targeting by cohort, etc.
It therefore recalls “ that the development of alternative techniques to“ third-party ” cookies cannot be do so at the expense of the right of individuals to the protection of their personal data and their privacy. Their use must be done in compliance with the principles resulting from the regulations in force, namely the GDPR but also the “privacy and electronic communications” directive (known as “ePrivacy”) which aims to specifically protect the communications of individuals and its transposition into French law in the Data Protection Act ”.
It specifies that the user must always maintain control over personal data, whether shared or not, and that interfaces offered must “ allow and facilitate the exercise of all the rights of persons ” in a user-friendly manner.
In recent months, it carried out several bursts of checks. This new clarification seems to be a call to order before new procedures, as publishers and advertisers still often try to play with the yellow line to comply with the rules while maximizing their chances of continuing to track Internet users.