Cookie & RGPD

Hello everyone,
Currently (in version 4.x) Mautic uses 4 tracking cookies:

  • mautic_device_id
  • mautic_referer_id
  • mtc_id
  • mtc_sid

Mautic tracks visitors to the website. To do this, it assigns a unique identifier to each new visitor and deposits this identifier in the cookie “mautic_device_id” on your browser.
Expiry time of the cookie: 1 year

This cookie stores an identifier depending on the last landing page you visited.
Expiration time: the current session

This cookie stores the Mautic contact ID of the current visitor.
It is not used for visitor tracking. It allows the website to know the current visitor when using a REST API call.
Expiration time: the current session

This cookie is deprecated. It stores the same information as “mautic_device_id”.
It is still present to ensure backward compatibility.
It will disappear in a future version.
Expiration time: the current session

My idea would be to be able to deactivate the mtc_id and mtc_sid cookies directly via the Mautic configuration page.
Indeed, in Europe, in order to comply with the RGPD, a complete notice must be produced to explain precisely the role of each cookie.
In most cases we don’t need mtc_id and mtc_sid cookies, being able to make them inactive will simplify the compliance process for companies.

I think that all companies operating in Europe and wishing to comply with the RGPD will benefit from having the ability to disable these two cookies from Mautic.

What do you think about this idea?