Setting trackers correctly
One of the main criteria for assessing the compliance of a website is the time at which trackers are deposited: are they submitted before the visitor has interacted with the CMP (and therefore before they have explicitly given their consent) or afterwards?
The different categories of trackers
1️⃣ Trackers subject to consent
The majority of cookies are subject to consent. They are very diverse and can be used for targeted advertising, sharing content on social networks, or tracking visitor activity on a website.
It is possible that certain trackers requiring consent in principle may be exempted, but this only concerns certain specific categories of trackers described in the rest of this article.
2️⃣ Trackers that are exempt from consent because they are “strictly necessary”
- Technical trackers, which enable the website to function correctly (e.g. to ensure that all elements are displayed as they should be).
- Consent banner trackers, which allow to record the visitor's cookie preferences for a period of 6 months.
- In some cases, audience measurement trackers, allowing to understand how users use the website and check that it is working properly. They are not all, nor always, exempt from consent!
3️⃣ Trackers exempt from consent following specific parameter settings
Here we will distinguish two sub-categories: trackers exempt from consent due to specific settings, and audience measurement vendors exempt from consent according to the CNIL.
-
Trackers exempt from consent due to specific settings:
-
Consent Mode v2 tracers when set to advanced mode, i.e. Google Analytics and Google Ads. When set to advanced mode, Google tags are loaded before the CMP is displayed. Advanced mode thus enables Google to collect aggregated data before knowing the user's choice. The behavior of Google tags is described on this page.
-
Other analytics trackers that operate in a similar way to CoMo v2, such as Shopify Analytics, still collect “essential” information without consent, as indicated on this page.
⚠️ Please note: regulatory authorities have not yet ruled on the validity of these specific settings offered by third-party vendors. Insofar as these trackers sometimes enable data to be collected before the user has made a choice, we recommend that you check with your legal advisor whether or not it is possible to activate the advanced mode or other similar settings on your website. We will update this documentation in line with any instructions that may be issued by the relevant authorities.
-
Consent Mode v2 tracers when set to advanced mode, i.e. Google Analytics and Google Ads. When set to advanced mode, Google tags are loaded before the CMP is displayed. Advanced mode thus enables Google to collect aggregated data before knowing the user's choice. The behavior of Google tags is described on this page.
-
Audience measurement trackers exempt from consent according to the CNIL: Some audience measurement trackers can be set up to anonymize the information they collect. As a result, the French data protection authority (CNIL) has assessed that the following trackers can be exempted from consent if they comply with the settings indicated by the CNIL.
⚠️ Please note: other audience measurement trackers may be exempt from consent, if they meet all exemption criteria specified by the CNIL. We therefore recommend you check with your legal advisor whether or not you can avoid having to obtain consent for an audience measurement tracker that is not on this list:
🚨 Warning: the configuration guides are only available in French
-
Analytics Suite Delta solution from AT Internet in the version available on 30 March 2021 and covered by this configuration guide
-
SmartProfile solution from The Net Solution Partner in version 21 and covered by this configuration guide
-
Wysistat Business solution from Wysistat in version 12.1 and covered by this configuration guide
-
Piwik PRO Analytics Suite solution from Piwik PRO in version 15.2.0 and covered by this configuration guide
-
Abla Analytics solution from Astra Porta in version 1.9 and covered by this configuration guide
-
BEYABLE Analytics solution from BEYABLE in version 1.0 and covered by this configuration guide
-
etracker Analytics solution (Basic, Pro, Enterprise) from etracker in the version available on 4 August 2021 and covered by this configuration guide.
- Retency Web Audience solution from Retency in version 1.0 and covered by this configuration guide
-
Nonli solution from Nonli in version 2.0 and covered by this configuration guide
-
CS Digital solution from Contentsquare in version 10 and covered by this configuration guide
-
Matomo Analytics solution from Matomo in version 4 and covered by this configuration guide
-
Wizaly solution from Wizaly SAS in version 12 and covered by this configuration guide
-
Compass solution from Marfeel Solutions in version 1.0 and covered by this configuration guide
-
Statshop solution from Web2Roi in version 1.8 and covered by this configuration guide
-
Eulerian solution from Eulerian Technologies in version 6 and covered by this configuration guide
-
Thank-You Marketing Analytics solution from Thank-You (version 2.0) as described in this configuration guide
-
eStat Streaming solution from The Médiamétrie in its JavaScript/TypeScript versions: 7.2.2; Apple: 6.0.0; Android: 6.0.0 and covered by this configuration guide
-
Commanders Act consent module in version 10.0 and covered by this configuration guide
-
Alphalyr Analytics solution from Alphalyr in version 1.1 and covered by this configuration guide
-
Analyse solution from Admo.tv in version 3.1 and covered by this configuration guide
-
AdPerformance solution from Realytics in version 3 and covered by this configuration guide
- NPAW Suite solution from NPAW in version 6 and covered by this configuration guide
-
Analytics Suite Delta solution from AT Internet in the version available on 30 March 2021 and covered by this configuration guide
How do you know if your trackers are correctly configured?
Using our Shake compliance scanner, your trackers will be classified in three different ways:
-
Well-configured vendors, which means that they have been deposited after the visitor has given their consent, or that they are exempt from it.
-
Badly configured vendors, which means that they have been deposited before the visitor has given their consent, even though they are not exempt from this requirement.
-
Trackers whose configuration can be specific, as previously mentioned. If one of them is in this category, this means that Shake detects that it has been submitted before the visitor has given their consent. No problem if you have opted for the specific configuration that exempts them from consent, but if this is not the case, it means that there is a bad configuration.