Contentsquare's take on analytics and cookie consent

Effective Date: August 25th, 2022

Contentsquare's take on analytics and cookie consent

What are Contentsquare’s cookies and what are they used for?

Contentsquare only uses “first-party” analytics cookies, which are cookies we create ourselves that are placed on a visitor's device directly by the websites they visited to analyze how a visitor interacts with that particular website. These insights allow our customers to improve their visitors' experience online and optimize their website performance.

What is the current European legal and regulatory framework for cookies in the analytics industry?

The ePrivacy Directive, passed in 2002 and amended in 2009, regulates the use of cookies and similar technologies. It mandates that websites’ operators use cookies only if EU visitors have given their prior consent. However, it also provided an exception: cookies essential to delivering the services that visitors have requested do not require visitors’ prior consent. This exception allows the use of cookies without the visitors’ prior consent if (1) the cookie is used solely for “carrying out the transmission of a communication over an electronic communications network” or (2) the cookies are strictly necessary to provide a service which is “explicitly requested by the visitor.”

The European Union countries and the United Kingdom have implemented this ePrivacy Directive in their national law. The General Data Protection Regulation (GDPR) which came into effect on May 25, 2018, has clarified the conditions for obtaining consent with respect to cookies identifiers, which are deemed as personal data under the GDPR (e.g. “cookie ID”). Data Protection Authorities have published guidance on the use of cookies and similar tracking technologies to recall the current legal framework.

Please see below a summary of the cookies framework in Europe:

	France	Italy	Germany	Spain	United Kingdom
Applicable law and guidelines	French Data Protection Act Cookies guidelines	Personal Data Protection Code Cookies guidelines	Telecommunications Telemedia Data Protection Act (TTDSG) Cookies guidelines	Law on Information Society Services and Electronic Commerce (LSSI) Cookies guidelines	Privacy and Electronic Communications Regulations (PECR) Cookies guidelines
Prior consent for use of cookies required?	Yes.	Yes.	Yes.	Yes.	Yes.
Exemptions for analytics cookies?	Yes, if the following conditions are met: Cookies are be limited to the sole purpose of audience measurement of the website/application on behalf of the website/application operator only; Cookies do not allow the tracking of the visitor’s browsing through different websites/applications; Cookies are used only to produce anonymous statistical data; or Cookies are not combined with other data processing or transmitted to third parties.	Yes, if the following conditions are met: Direct identification of the data subject through the use of analytics cookies must be prevented; Analytics cookies are used solely for the production of aggregated statistics and in relation to a single website or mobile app; and Third parties providing web measurement services to website operators do not combine the minimized analytics data with any other data (such as customer records or statistics concerning visits to other websites), nor forward such data to other third parties.	No. Cookies used for analytics purposes are not likely to meet the “strictly necessary” exemption.	No. Cookies used for analytics purposes are not likely to meet the “strictly necessary” exemption.	No. Cookies used for analytics purposes are not likely to meet the “strictly necessary” exemption.

What should we expect from the upcoming ePrivacy Regulation?

On February 10, 2021, the Council of the European Union announced that it adopted a consolidated version of the ePrivacy Regulation that will be negotiated by the European Parliament and European Commission. The ePrivacy Regulation covers in particular the handling of cookies and similar tracking technologies used on websites and apps. The ePrivacy Regulation was originally proposed in January 2017, but after five years of negotiation the final text has still yet to be agreed on. Once enacted, the ePrivacy Regulation will replace the current applicable legal regime to cookies, the ePrivacy Directive mentioned above, and will complement and in some places override the General Data Protection Regulation (“GDPR”). The European Council’s position is that the use of cookies and other similar tracking technologies is only allowed if the visitor has provided an explicit and specific consent or for specific purposes as laid out in the ePrivacy Regulation. Although the ePrivacy Regulation is still in debate, it is also important to note that there seems to be a consensus that the use of cookies for audience measurement will be exempted from requiring visitor’s prior consent. Since Contentsquare uses only first-party cookies for the sole purpose of audience measurement as part of the services we provide to our customers, we think that the use of Contentsquare solution should be exempted from visitor’s prior consent.

Our position

In our current legal environment, where data protection regulations and legal requirements are constantly in motion, we understand and relate to our customers' concerns from all around the world and in particular from Europe. Any drastic change in their practices, specifically when it comes to their use of our analytics cookies and reliance on the analytics information we provide, may have a significant effect on the accuracy of the analyzed data and their ability to clearly view a visitor’s journey through their website or mobile application.

We believe that web and mobile app analytics information, and analytics cookies (first-party) as its conduit, are an essential and necessary part of any service and business growth. By its nature, online commerce faces a fundamental obstacle that retail stores do not: understanding customer traffic within their store. The ability of website and mobile app owners to see and understand its customers’ and visitors’ needs and concerns is significantly impaired by the lack of inherent visibility that a brick-and-mortar retail store manager so easily possesses just by looking at their floor. This is where the use of accurate and dependable online behavior analytics information comes into play and bridges that gap. Without detailed and consistent customer behavior analytics information, no business, whether online or retail, will survive the end of the year.

Our recommendation

Ensure your customers’ and website/app visitors’ personal data are processed lawfully in compliance with applicable laws;
Make sure your online privacy statements and policies are complete and provide a clear and transparent view of your data practices and processes, including, but not limited to information on any third-party tools you are using in your website (which, if you are a customer of ours, includes our solution);
Refer to regulations, data protection authorities guidance, and any other publications on this topic in order to gain a better understanding of the current legal environment and requirements;
Be involved in discussions with other leading companies in your industry for common and best practices, interpretations, and ideas;
Consult with your legal and privacy advisors in order to determine which privacy compliance scheme is best suited to your website or mobile app, your industry, and your approach.

What is Contentsquare doing for you?

- Transparency: we are transparent about our privacy practices and will provide you with any information you request concerning our privacy compliance program.

Protection: we respect the privacy and security needs of our customers’ and their visitors’ personal data that we process as part of our services.

Assistance: we are happy to assist you with your own compliance needs and requirements, whether by guidance or by tools to achieve such compliance.
Proactive approach: our commitment to our customers goes beyond the provision of services to our customers. We are committed to push beyond mere compliance.

Contentsquare also provides you with the following privacy-related features that enable you to be compliant with data protection laws:

Cookieless;
Exemption Mode (France only).

Feel free to reach out to the Contentsquare Privacy Team (privacy@contentsquare.com) for any questions, concerns or requests.

The information provided on this webpage does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this webpage are for general informational purposes only.