The French Data Protect Authority, the CNIL, is pursuing its global strategy to ensure compliance of companies that use cookies. In a press release published on Monday, July 19, the Commission announced a second series of formal notices targeting approximately forty companies whose websites and cookie banners still do not comply with the recommendations and guidelines that came into force on April 1, 2021. The second series of notices have been issued after the first series in May 2021, issuing notices to at least twenty companies. The CNIL aims to continue its controls and will adopt, if necessary, new corrective measures against companies that do not comply with its latest recommendations and guidelines. 

Despite the first set of warnings in May, some organizations are still not compliant with the regulatory requirements on cookie management. According to the CNIL, “This situation is not acceptable”. As a result, the president of the CNIL has decided to issue new formal notices to 40 companies that have from July 19 until September 6, 2021, to comply.   

Sign up today for OneTrust’s CNIL Cookie Compliance Toolkit  

Which organizations are affected by these notices?  

Without revealing the names of the companies and organizations concerned, the CNIL listed the following types of companies that received notices:  

Companies face fines of up to 2% of their revenues 

The Commission insists that these measures are complementary to the procedures underway before its restricted formation (body in charge of imposing sanctions). They could lead to heavy fines of up to 2% of the company’s revenues.  

CNIL controls are permanent, and companies must comply to avoid heavy repercussions. Other verification and corrective measures will be carried out in the fall to ensure the respect of French Internet users’ privacy. The CNIL has been carrying out rigorous work for the past two years, which culminated on October 1, 2020, with the adoption of Guidelines and a Recommendation. Companies have had six months to comply with them (the deadline was April 1, 2021).  

 Reminder of the recommendations published on October 1, 2020  

The CNIL’s recommendations provide more context on how the CNIL expects companies to handle cookies and other electronic communication data in France.  

The CNIL has put forward the following guidelines and recommendations:   

 Are the CNIL guidelines relevant to your website?  

Any website or mobile application that targets French visitors (e.g., offering content in French, or shipping or buying in France) is subject to French cookie requirements. Therefore, if your international website or mobile application targets (among others) the French market or users, you must ensure that you comply with the requirements set forth by French law and CNIL guidelines and recommendations.  

How does OneTrust help?  

Wherever you are in your compliance journey, OneTrust’s toolkit provides resources to understand the CNIL recommendations and helps you implement compliant cookie banners. Download your toolkit today to fast-track your compliance program with a comprehensive set of tools and resources, including tips and checklists, pre-configured templates, and your first domain for free.   

Resources include:    


Relevant Resources : 

Read the blog post: OneTrust CNIL Cookie Guidelines Toolkit

Watch the webinar: CNIL Issues Fine for Emails Sent without Consent

Read the blog: France: CNIL’s cookies guidelines and recommendations enter into force