CNIL begins investigating cookie banners

The French Data Protection Authority CNIL will enforce a number of basic requirements concerning the use of cookies and other trackers. Here’s how to get ready for inspection.
Table of Contents
This year the CNIL will direct its attention to the use of cookies and other trackers.
In addition to regular inspection following complaints, the CNIL has chosen three priority themes related to the daily concerns of the French public.
The main themes for 2020 are health data, geolocation of local shops, and cookies/other online tracking technologies.

Theme: compliance with cookies and other trackers

The CNIL already announced this theme in the summer of 2019.
It aims to ensure full compliance by websites when using cookies or other tracking technologies to track French citizens’ online behavior for the purpose of marketing, advertising, and user profiling.
For many years, it has been article 82 of the Informatique et Libertés law (ePrivacy Directive 2002), which has been enforcing a number of basic requirements for obtaining valid consent, e.g., obtaining consent before setting cookies, informing users of data processing, etc.
With the advent of the GPDR and the updated French cookie guidelines of 2019, the CNIL will continue throughout 2020 to ensure that the basic requirements of consent are complied with.

What are the requirements for consent to cookies?

In July 2019, the CNIL released an updated guideline for obtaining valid consent to cookies.
In the guidelines, CNIL clearly states that consent must be free. It must be informed, explicit and unambiguous to be valid.
Simply continuing to browse, scroll down, or swipe through a website or application can no longer be viewed as valid consent to cookies.
The user must actively give consent and be offered the possibility to reject tracking by cookies.
Moreover, website owners and operators must prove that they have obtained consent.
Therefore, they are obliged to store consents for 5 years if the CNIL carries out an inspection.

How to obtain valid consent to cookies?

To collect valid consent, you need a cookie consent solution (banner) which:
  • Informs your visitors of cookies (who owns them; their purpose; lifespan)
  • Provides your visitors with the option to decline cookies (and tracking)
  • Holds back cookies before consent is obtained
  • Does not assume consent with pre-ticked boxes
  • Collects and stores consent for 5 years (in case of inspection by DPA).

Start collecting valid consent

Collecting valid consent from your users is not difficult. With Cookie Information’s Consent Solution set up on your website, you’ll never have to worry about cookie rules and GDPR again.

Try our consent solution for 30 days [for free!]

What do you get?
Cookie Information’s Consent Solution offers you a highly customizable consent pop-up for your website.
The pop-up integrates perfectly with your website UX design and is completely ePrivacy and GDPR compliant.
Features of the solution:
  • GDPR valid consent pop-up (to collect user consent)
  • Privacy controls (options for your user to decline cookies)
  • Cookie Policy (valid policy for privacy transparency)
  • Deep scan (of your website cookies)
  • Storage of Consents for up to 5 years (as required by law)
  • SDK implementation options (for blocking cookies prior to consent)
  • Compliance Dashboard (complete overview of cookies, consents, and acceptance rates).

New recommendations by CNIL in 2020

In 2020, the CNIL will issue a recommendation to guide operators through the operational application of the new cookie requirements.
It will allow a 6 months grace period which will give companies the necessary time to comply with the requirements put forward in the cookie guidelines of 2019.
The CNIL announces that at least 20% of formal inspections in 2020 will be carried out within the three themes.
Make sure you are ready before the end of the grace period. Book a meeting with a compliance expert to ensure your GDPR cookie compliance.