In addition to regular inspection following complaints, the CNIL has chosen three priority themes related to the daily concerns of the French public.
The main themes for 2020 are health data, geolocation of local shops and cookies/other online tracking technologies.
Theme: Compliance with cookies and other trackers
This theme was already announced by the CNIL in the summer of 2019.
It aims to ensure full compliance by websites when using cookies or other tracking technologies to track French citizens’ online behavior for the purpose of marketing, advertising and user profiling.
For many years, it has been article 82 of the Informatique et Libertés law (ePrivacy Directive 2002), which has been enforcing a number of basic requirements for obtaining valid consent, e.g. obtaining consent before setting cookies, informing users of data processing etc.
With the advent of the GPDR and the updated French cookie guidelines of 2019, the CNIL will continue throughout 2020 to make sure that the basic requirements of consent are complied with.
What are the requirements for consent to cookies?
In July 2019, the CNIL released an updated guideline for obtaining valid consent to cookies.
In the guidelines, CNIL clearly states that consent must be free, it must be informed, explict and unambiguous to be valid.
"Consent must be
freely given, informed,
explicit and unambiguous".
Simply continuing to browse, scroll down or swipe through a website or application can no longer be viewed as valid consent to cookies.
The user must actively give his or her consent and be offered the possibility to reject tracking by cookies.
Moreover, website owners and operators are required to prove that they have obtained consent.
Therefore, they are obliged to store consents for 5 years in case the CNIL carries out an inspection.
How to obtain valid consent to cookies?
Obtaining valid consent requires:
CHECKLIST - VALID CONSENT
To collect valid consent, you need a cookie consent solution (banner) which:
- Informs your visitors of cookies (who owns them; their purpose; lifespan)
- Provides your visitors with the option to decline cookies (and tracking)
- Holds back cookies before consent is obtained
- Does not assume consent with pre-ticked boxes
- Collects and stores consents for 5 years (in case of inspection by DPA).
start collecting valid consent
Collecting valid consent from your users is not difficult. Actually, with Cookie Information’s Consent Solution set up on your website, you’ll never have to worry about cookie rules and GDPR again.
Try our Consent Solution for 30 days [for free!]
What do you get?
Cookie Information's Consent Solution offers you a highly customizable consent pop-up for your website.
The pop-up integrates perfectly with your website UX design and is completely ePrivacy and GDPR compliant.
Features of the solution:
- GDPR valid consent pop-up (to collect user consents)
- Privacy controls (options for your user to decline cookies)
- Deep scan (of your website cookies)
- Storage of Consents for up to 5 years (as required by law)
- SDK implementation options (for blocking cookies prior to consent)
- Compliance Dashboard (complete overview of cookies, consents and acceptance rates).
New recommendations by CNIL in 2020
In 2020, the CNIL will issue a recommendation to guide operators through the operational application of the new cookie requirements.
It will allow a 6 months grace period which will give companies the necessary time to comply with the requirements put forward in the cookie guidelines of 2019.
The CNIL announces, that at least 20% of formal inspections in 2020 will be carried out within the three themes.
Make sure you are ready before the end of the grace period. Book a meeting with a compliance expert to ensure your GDPR cookie compliance.