Cookie Management: Consent and Trackers in E-commerce

Cookie Management: Consent and Trackers in E-commerce

Introduction

Cookie management today constitutes a major issue for any e-commerce site. Between legal obligations, user expectations in terms of data protection and marketing needs, finding the right balance is complex. Since the entry into force of the GDPR in 2018 and the CNIL guidelines published in 2020, the rules governing trackers have been considerably strengthened. Poor management exposes e-retailers to heavy financial penalties (up to 20 million euros or 4% of global turnover) and a loss of consumer confidence. This practical guide helps you bring your e-commerce site into compliance.

Understand the different types of cookies and trackers

• Cookies are not all equal under the law. There are mainly four categories:Strictly necessary cookies ⬥⬥⬥: essential for the operation of the site (shopping cart, user session, authentication). They do not require prior consent.
• Strictly necessary cookies ⬥⬥⬥: essential for the operation of the site (shopping cart, user session, authentication). They do not require prior consent.Functional cookies ⬥⬥⬥: improve the user experience (language preferences, currency). Consent required.
• Analytical cookies ⬥⬥⬥: measure the audience (Google Analytics, Matomo). Consent generally required, except CNIL exemption for certain anonymized configurations.Marketing and advertising cookies ⬥⬥⬥: cross-site tracking, retargeting, social networks (Meta Pixel, TikTok Pixel). Explicit consent required.
• Each tracker collects potentially sensitive personal data: IP address, browsing behavior, purchase history, advertising identifiers. Mapping all the cookies placed on your site is the first essential step in any compliance process.Collect valid consent

Collect valid consent

Consent, to be legally valid, must meet four criteria defined by the GDPR (article 4-11): free, specific, informed and unequivocal. Concretely, your cookie banner must:

Clearly inform

1. the user about the purposes of each category of trackerOffer an equivalent choice ⬥⬥⬥: the “Accept all” and “Refuse all” buttons must also be visible and accessible
2. Allow granular consentby purpose (analytics, marketing, personalization)
3. by purpose (analytics, marketing, personalization)Block the deposit of non-essential cookies
4. before positive action by the userKeep proof of consent
5. and allow its withdrawal at any timeDark patterns (pre-checked boxes, “refuse” button » hidden, scroll constitutes acceptance) are explicitly prohibited by the CNIL. Several major players (Google, Facebook, Amazon) have been sanctioned for non-compliance with these rules, with fines exceeding 150 million euros.

Dark patterns (pre-checked boxes, “refuse” button » hidden, scroll constitutes acceptance) are explicitly prohibited by the CNIL. Several major players (Google, Facebook, Amazon) have been sanctioned for non-compliance with these rules, with fines exceeding 150 million euros.

Set up a Consent Management Platform (CMP)

For e-commerce sites handling a large volume of visitors, the use of a CMP (Consent Management Platform) becomes almost essential. These solutions (Didomi, Axeptio, OneTrust, Cookiebot) automate consent management: regular scanning of cookies, conditional blocking of scripts, logging of user choices, multi-jurisdictional adaptation (GDPR, CCPA, LGPD).

Coupled with Google Consent Mode v2, a CMP makes it possible to maintain consistent audience measurement even when users refuse tracking, thanks to conversion modeling. On the technical side, choose a tag manager (GTM) configured to trigger tags only after consent, and document your cookies policy in a dedicated page detailing the lifespan, issuer and purpose of each tracker.

Conclusion

Rigorous management of cookies is not limited to a regulatory obligation: it constitutes a real lever of commercial confidence. Consumers increasingly value transparency in the use of their personal data. By adopting a proactive approach – regular audit, efficient CMP, clear information – your e-commerce site combines legal compliance and sustainable marketing performance.