CNIL Enforces Cookie Compliance with Issuance of Second Series Formal Notices
Regardless of the first set of warnings in May, some organizations are still not compliant with the regulatory requirements on cookie consent management. “This situation is not acceptable” the CNIL announced. This has resulted in the CNIL’s president issuing new formal notices to 40 companies that have from July 19th until September 6th, 2021, to comply.
Who are the 40 Companies Affected by the CNIL Cookie Compliance Notices?
Without explicitly calling out the names of the companies and organizations concerned, the CNIL listed the following types of companies that received notices:
- 4 major platforms in the digital economy
- 6 major manufacturers of computer hardware and software
- 6 companies selling consumer goods online
- 2 major players in online tourism
- 3 car rental companies
- 3 major players in the banking sector
- 2 major local authorities
- 2 online public services
- An energy company
Companies will face fines up to 2% of their revenues
The Commission has insisted that these measures are complementary to the ongoing procedures before its restricted formation (body in charge of imposing sanctions). As a result, they could lead to heavy fines of up to 2% of the company’s revenue.
Since the CNIL controls are permanent, companies must comply to avoid heavy repercussions. In the fall, other verification and corrective measures will be carried out to ensure the respect of French internet users’ privacy. The CNIL has carried out extensive work for the past two years, which culminated on October 1, 2020, with the adoption of Guidelines and a Recommendation. Companies then had six months to comply with them as the deadline was April 1, 2021.
Reminder of Initial CNIL Cookie Compliance Recommendations
The CNIL’s recommendations published on October 1, 2020, provides more context on how the CNIL expects companies to handle cookies and other electronic communication data in France.
The CNIL has put forward the following guidelines and recommendations:
- ‘Soft opt-in’, browsing the website, no longer constitutes the expression of valid consent, and the deposit of cookies other than those strictly necessary for the functioning of the service are conditioned to a clear positive act from the user,
- A ‘Refuse All’ button is recommended, from the first layer of information,
- The purpose must be clearly presented from the first layer of information,
- Visitors should be provided with a mechanism to update their preferences and withdraw their consent at any time, for example by using a static button to access the cookie settings,
- Visitors should have access to an up-to-date and structured list of actors using the trackers,
- Organizations, including their third-party actors, must be able to demonstrate at all times the validity of the consents collected to use the trackers,
- Some trackers, such as authentication cookies, traffic statistics cookies or cookies that limit the presentation of free content, are not subject to consent.
Do the CNIL guidelines concern your website?
Any website or mobile application that targets French users (e.g., offering content in French, or shipping or buying in France) is subject to French cookie requirements. Consequently, if your international website or mobile application targets (among others) the French market or users, you must ensure that you comply with the requirements set forth by French law and CNIL guidelines and recommendations.
Let CookiePro Help
Despite where you are in your cookie compliance journey, CookiePro is here to help. Our CNIL Cookie Consent Toolkit provides resources to understand the CNIL recommendations and helps you implement compliant cookie banners. Download your toolkit today to fast-track your compliance program with a comprehensive set of tools and resources, including tips and checklists, pre-configured templates, and your first domain free.
- eBook: CNIL Cookie Compliance: What Has Changed?
- Whitepaper: CNIL Recommendations: Practical & Legal Guide
- Checklist: Cookies & CNIL: Guidelines and Setup Checklist
- Step-by-Step implementation guides
- 24/7 support with both implementation and ongoing maintenance