On Twitter the other day, an indie maker asked me an interesting question that I’d like to address in this blogpost:
In the European Union, two texts coexist and rule the collection of pixels and cookies on websites: E-privacy and the GDPR (when collecting personal information). If your website is visited by European residents or if you’re based in the EU, you most likely need to comply to their rules.
🍪 A cookie is a small file stored by a server in the computer, tablet, mobile phone of a website visitor and associated with a web domain. There are multiple use cases for a cookie, it can serve to:
Some are essentials to provide the website to visitors, some are requested by them. Every other cookie requires consent as they are not strictly necessary and can invade the privacy of visitors at times.
👾 While a pixel is an alternative tracking method to cookies, traditionally implemented as a 1x1 pixel image embedded in the website but invisible to the visitor. The loading of this image, whose name contains a user ID, informs the server on which it is hosted that the tracked visitor has visited a website page.
He’s been using Plausible Analytics, a cookie-free solution, to measure the audience of its website for a while now. He wanted to go further and implement a Facebook pixel to track conversions from Facebook ads and optimize his ads by retargeting visitors who have already taken some action on the website 🎯
The use of this cookie is not « essentiel » and is a lot more invading than a simple audience measurement.
Under EU laws, Plausible Analytics and other privacy-friendly analytics tools (like Matomo, Simple Analytics, Compass, Wizaly, etc.) when used correctly, don’t require consent, either because:
However, when the Facebook pixel or any other pixel enters the game, consent of the visitor is no more an option, it’s a necessity. So if my Twitter friend wasn’t required to collect its visitors’ consent until then, he now has to do it if he wants to stay compliant and respect its visitors’ privacy. And especially their freedom to choose if they want to be tracked or not.
Don’t even think of using pre-ticked boxes, they’ve been forbidden for a while now 🙈 is the first thing I would advise him.