On April 1st, the French Data Protect Authority, the CNIL, will begin to enforce its latest cookie guidelines. The CNIL’s enforcement of this cookie guidance may range from warnings to fines of up to €20 million or 4% of annual global revenue.
Download the CNIL Cookie Compliance Toolkit
Any organization operating in France or targeting French data subjects must ensure their cookie banner complies with the CNIL cookie recommendations before the deadline. This may seem like a daunting task but with OneTrust’s CNIL Cookie Compliance Toolkit, compliance became a whole lot easier. Sign up today to accelerate your CNIL compliance journey with a complete set of tools and resources to get up and running. The toolkit includes tips, a checklist, preconfigured template, and your first domain free.
CNIL cookie guidelines
On October 1st, the CNIL published updated guidelines on the use of cookies and other trackers. The CNIL will continue to enforce its previous cookie recommendations until April 2021. After that, the CNIL will begin to enforce the new recommendations against non-compliant organizations.
These recommendations will provide more context on how the CNIL expects companies to handle cookies and other electronic communication data in France.
The CNIL has put forward the following guidelines and recommendations:
- Browsing the website (“Soft opt-in”) no longer constitutes the expression of valid consent, and the deposit of cookies other than those strictly necessary for the operation of the service is conditioned to a clear positive act on the part of the visitor,
- A ” Reject All ” button is recommended on the first layer
- Purposes must be presented clearly on the first layer
- Visitors should be provided with a mechanism that allows them to update their preferences and withdraw their consent at any time, for example by using a static button to access cookie settings,
- Visitors should have access to an up-to-date and structured list of vendors using trackers,
- Organizations, including their third-party vendors, must be able to justify at any time evidence of the validity of the consents collected to use the trackers,
- Some trackers, such as cookies for authentication, traffic statistics, or restricting viewing to free content, are not subject to consent.
Are the CNIL guidelines relevant to your website?
Any website or mobile applications that target French visitors (e.g., offering content in French, or shipping/buying in France) is subject to CNIL cookie guidelines. Therefore, if your international website or mobile application targets (among others) the French market or users, you must ensure that you comply with the requirements set forth by French law and the guidelines and recommendations of the CNIL.
CNIL cookie consent toolkit
OneTrust is here to help you implement your cookie banner based on the CNIL updated guidelines – ahead of the enforcement deadline.
No matter where you are in your compliance journey, our toolkit offers resources to understand the CNIL guidelines and support to implement cookie banners in line with the CNIL’s latest recommendations.
Resources include:
- Download the eBook: CNIL Cookie Compliance: What Has Changed?
- Review the Whitepaper: CNIL Recommendations: Practical & Legal Guide
- Complete the Checklist: Cookies & CNIL: Guidelines and Setup Checklist
- Access Step-by-step implementation guides and 24/7 implementation support
Get started today with your first domain for free when you download our CNIL Cookies Toolkit or request a demo. OneTrust will support your organization to ensure your CMP is compliant with the CNIL guidelines before the April 1st deadline. Don’t forget to register for our webinar to learn more.
