BLOG | Cookie Compliance | April 07, 2021

The CNIL Countdown: French Cookie Guidelines Enter Into Force

On October 1st, the French Data Protection Authority (CNIL) published a final version of its practical Recommendations on using cookies and...

Post Featured Image

On October 1st, the French Data Protection Authority (CNIL) published a final version of its practical Recommendations on using cookies and other tracking technologies in compliance with the ePrivacy Directive and the General Data Protection Regulation (GDPR). The guidelines state companies had until March 31, 2021, to comply with these revised guidelines.

On March 18, 2021, CNIL published an FAQ to further explain its guidelines and recommendations on cookies and other tracking technologies. The publication of the FAQ corresponds with the end of the grace period for complying with the guidelines and recommendations ending in March 2021.

The CNIL is very clear on its dedication to ongoing audits related to cookies. Phase 1 of these audits began in October 2020 with mostly online inspections of websites to assess compliance with the previous CNIL cookie guidelines. However, during Phase 2, which will begin in April 2021, CNIL plans to enforce its audits by assessing compliance with the new guidelines and recommendations. Attention to cookie compliance is a necessity for any business active in the French market.

Key Principles Reiterated

Certain key principles of the new guidelines and recommendations were reiterated including:

  • the requirement to inform the data subject of the purposes of the collection of their personal data
  • the necessity of a clear and positive action, and that the absence of a response should be considered a rejection of the use of non-essential cookies; and
  • the recommendation to integrate a ‘Refuse All’ option, instead of a preference management option on the same information layer as an ‘Accept All’ option

Regarding cookie walls, CNIL continues to hold the position that it will assess legality on a case-by-case basis to ensure whether the data subject’s consent was freely given. They will also continue to remain alert for any possible alternatives to the use of cookie walls in such cases.

CNIL outlined some of its recent enforcement efforts, such as providing further practical guidance and tools, to support public and private sector professionals affected by its new guidelines and recommendations. Additionally, they intended to raise awareness by sending letters and emails to approximately 200 public bodies which encouraged them to audit their websites and mobile applications to ensure compliance with the new provisions.

Lastly, CNIL announced it will carry out investigations, possibly resulting in formal notices and public sanction procedures, into compliance with new rules on cookies and other trackers. This is expressed as in line with the pre-existing requirements under the General Data Protection Regulation (GDPR).

CookiePro wants to ease your CNIL cookie compliance journey. Wherever you are, our toolkit offers resources to understand the CNIL guidelines and support to implement cookie banners in line with the CNIL’s latest recommendations.

Signup today to get a complete set of free tools and resources to get you up and running, including tips and checklists, pre-configured templates, and your first month free!

You Might Also Like


Requirements of LGPD Consent & Privacy-Focused Design

View Resource
Infographic | 2 minutes

Cookie Consent Around the World

View Resource

Malta Cookie Consent Requirements

View Resource
Knowledge Article | 15 minutes

GDPR Terminology & Definitions

View Resource
Onetrust All Rights Reserved