CNIL begins cookie investigations
The reasonable period of time to bring all websites and mobile apps in France into compliance with the latest rules and guidelines on cookies cannot exceed March 31st, 2021, the French Data Protection Authority CNIL states in new press release.
The authority encourages both private and public sector websites to get their cookie consent solutions, or cookie banners, tested to see if they comply with the newest CNIL guidelines and the General Data Protection Regulation (GDPR).
A majority of public sector websites affected
As part of its action plan, the CNIL wish to inform a number of public institutions directly by mail. The motivation is to encourage them to quickly carry out an audit of their websites and mobile apps in order to initiate actions to meet CNIL requirements for cookies and personal data processing.
The CNIL has observed that the vast majority of websites in the public sector do not fully comply with the legal provisions relating to the use of cookies.
The CNIL draws attention to the need to initiate certain actions as quickly as possible:
- The cookie banner
- A valid cookie banner must inform of which cookies a website uses, what data they collect and who collects the data. Banners that only presents users with ”This site uses cookies” or similar are not in compliance with the cookie rules.
- Users must be able to refuse cookies as easy as it is to accept.
- The CNIL requires all cookie banners to implement a ”Reject” or ”Deny all” button next to the ”Accept all” button giving users a real choice. The mere presence of a ”Configure” button in addition to the ”Accept all” button is no longer allowed in the requirements.
Private company websites also under investigation
In parallel with the actions towards the public sector, the CNIL has also set up an investigation on the cookie practices of the top 1000 French private websites with the highest number of visitors.
The investigation will regularly analyze whether these websites place cookies on the users’ devices (computers, phones) before valid consent is obtained.
The CNIL will make these websites aware of the risks incurred in the event of non-compliance with the guidelines.
The French Data Protection Authority reminds both private and public sectors to meet the requirements imposed by the GDPR in terms of obtaining valid consent to cookies.
The amending guidelines on the use of cookies were adopted on October 1st, 2020 and the grace period – set to six month – expires on March 31st, 2021.
How to comply with requirements before March 31st, 2021?
First thing first, the CNIL encourages all French websites to get a cookie and consent audit on their website.
There are many ways to do that, but if you want to bring any value to an audit, we suggest you get an in-depth and personal audit of your website.
We can do that for you. No strings attached.
Free cookie compliance check by Cookie Information
Secondly, go through a checklist to see if you can improve your current solution to meet the requirements.
Checklist for collecting
valid consent to cookies
- Does your website have a cookie banner?
- Does it give users the possibility to reject cookies as easy as it is to accept?
- Can your user get information about the cookies you use; what data the cookies collect; and who collects the data?
- Does your Consent Solution/cookie banner store your users’ consents so you can document consent to the CNIL?
If you can say YES to all of this, then you’re probably fine. If not, then let us help you.
Cookie compliance doesn’t have to be something that breaks either your budget or your back.
Or try our professional cookie Consent Solution for websites and apps. You get FULL access for 14 days for free.
Start your free trial
No credit card needed
