# Consent cookies exemption For its own operations, our Consent Module sets 1st party cookies to store the [user's consent](https://doc.commandersact.com/features/consent-management/knowledge-base/consent-cookie) and to report anonymous consent statistics. These cookies are necessary for the proper functioning of the collection of consent and the reporting of anonymous statistics. To this regard they are exempt from the obligation of consent. ### Consent storage cookies Consent storage cookies differ depending on the banner template used: * **standard templates**: TC\_PRIVACY & TC\_PRIVACY\_CENTER * **IAB TCF templates** (local storage) : TC\_PRIVACY\_IAB\_VENDORLIST & TC\_PRIVACY\_TCF ### Cookie for anonymous statistics and consent proof (TCPID) A 1st party cookie is set to be able to collect anonymous statistics of consent: TCPID.\ This cookie is also used as a unique identifier to provide proof of consent when required (for auditing or when requested by the user).\ We have worked together with the CNIL France to design the setting and processing of this cookie to strictly comply with the rules of the RGPD and in particular the [rules](https://www.cnil.fr/fr/cookies-et-autres-traceurs/regles/cookies-solutions-pour-les-outils-de-mesure-daudience) enacted by the CNIL in 2019. {% hint style="success" %} If for any reason you wish to block this cookie before consent, please use the following code in your first custom js block of the web container. The cookie will still be created after the consent action to provide a proof of consent. ``` if (tC.getCookie("TC_PRIVACY") == "") { tC.privacyCookieDisallowed = true; } ``` {% endhint %} {% hint style="danger" %} Using this JavaScript snippet will negatively impact your Consent Analysis report. The number of 'banner views' will no longer be calculated reliably, as this metric is created using the TCPID cookie value. {% endhint %} ### When are cookies exempt from consent? In order to be exempt from consent in accordance with article 82 of the Data Protection Act, these tracers must: * have a purpose strictly limited to measure the audience of the site or application (performance measurement, detection of navigation problems, optimization of technical performance or its ergonomics, estimation of the power of the necessary servers, analysis of content consulted) for the exclusive account of the publisher * be used to produce anonymous statistical data only Conversely, to be exempt from consent, **these tracers** **must not**: * lead to a cross-checking of the data with other processing or the data to be transmitted to third parties * do not allow the aggregate tracking of the user's navigation across different applications or websites. Any solution using the same identifier across several websites (for example via cookies placed on a third-party domain loaded by several websites) to cross, split or measure a unified coverage of a content is excluded. #### CNIL recommendations To put in place solutions that respect people's rights, the CNIL also recommends that: * **users are informed** of the implementation of these tracers, for example via the privacy policy of the site or the mobile application * **the lifespan of the tracers is limited** to a period allowing a relevant comparison of audiences over time, as is the case with a period of 13 months, and that it is not automatically extended on new visits * the information collected through these tracers is kept for a maximum period of **25 months** * the above-mentioned retention periods are subject to **periodic review** in order to be limited to what is strictly necessary * for FR market : link the Consent Statistics to a category of cookies which can be turn off by the users on 'refuse all' * for FR market : if you decide to do not link the Consent Statistics to a cookies category, you will be must to provide to your users another way to be Optout of Consent Statistics. We provide an [FR implementation guide](https://doc.commandersact.com/features/consent-management/knowledge-base/consent-cookies-exemption/implementation-guide-for-exempted-consent-statistics-fr-market) for Optout statistics, as recommended for CNIL compliance A subcontractor can provide a benchmark service to multiple publishers if: * the data is collected, processed and stored independently for each publisher * tracers are completely independent from each other\\