The CNIL gives notice to several organizations to comply with the legislation on cookies


The deadline for bringing websites and mobile applications into compliance with the rules on trackers ended on March 31, 2021!

Repealing the first recommendation on cookies & digital tracers of July 4, 2019, the CNIL had given companies time to comply through its deliberation of September 17, 2020 adopting a recommendation proposing practical ways to comply when using “cookies and other tracers”.

The six-month compliance period obtained through the deliberations of September 17, 2020 having expired, the CNIL has taken action.

From now on, in the event that a website plans to record cookies on the user’s terminal, it is mandatory to inform the latter beforehand, and that he/she gives his/her consent according to the following terms and conditions resulting from the deliberation of September 17, 2020 adopting a recommendation proposing practical terms and conditions of compliance in the event of recourse to “cookies and other tracers”:

– The Internet user must, upon his or her first connection to the site, be informed of the existence of tracers through a banner and be able to easily express his or her choice to accept and/or refuse the Cookies integrated on the site through a dedicated tab and/or section;

– If Cookies are used for different purposes, each purpose must be explained one after the other, in a clear and legible manner and must be the subject of a consent by the Internet user, which may be expressed by a checkbox or a switch to be activated;

-The user must be clearly informed of the consequences of his refusal to accept the tracking data integrated into the site;

-The user must be informed of the list of third party companies using cookies on the site;

The user must be able to easily change his choices through a dedicated and quickly accessible tab;

The section relating to cookies, if it includes a box “Accept all” must imperatively have a box “Refuse all” at the same level.

The CNIL had announced it, it has done it: the first campaign of online checks of compliance with the legislation on cookies has taken place. This campaign is part of its deliberations of September 17, 2020, which make up its new global strategy.

As a reminder, this strategy has several components that focus on user consent.

For example, continuing to browse a site should no longer be considered a valid expression of consent. Also, the fact of accepting, refusing or even withdrawing consent must be facilitated.

In this respect, the CNIL recommended, for example, that the interface should offer both an “accept all” and a “refuse all” button, or that the user’s refusal should be kept for a certain period of time so that they are not asked again at each new visit.

In addition to these guidelines and recommendations, the actors concerned had to ensure the good compliance of their practices with the RGPD and the ePrivacy Directive.

It is in this context that the CNIL had given a six-month deadline, i.e. until the end of March 2021, for organizations to consolidate their cookie policy.

On May 25, 2021, the CNIL announced that it had issued a formal notice to some twenty organizations whose cookie settings do not allow Internet users to refuse them as easily as to accept them.

Among the notified organizations are international players in the digital economy and several public organizations, which will have one month to comply. After this period, financial penalties could be as high as 2% of their turnover.

The CNIL has already announced that future verification campaigns, followed if necessary by corrective measures, will take place in the coming months. 

UGGC Avocats and its team specialized in personal data are at your disposal for any questions you may have on this subject.

By the IP/IT team of UGGC Avocats


Cannes 2022: "Transposition of the AVMS Directive", with Anne-Marie Pecoraro, Corinne Khayat and Rodolphe Boissau

After a 73rd virtual edition because of Covid-19 and a 74th edition shifted in July to be organized in person despite the pandemic, the 75th edition of the Cannes Film…

The European Commission adopts a proposal for a Data Act

Watches, thermostats, lights, cameras, TVs, robots, scales… these objects all have in common that they present versions of themselves in so-called connected object versions; and the list is not exhaustive,…

The transfer of audiovisual catalogs

The law n° 2021-1382 of October 25, 2021 relating to the regulation and protection of access to cultural works in the digital era has brought some changes that reinforce the…