At the end of June, the CNIL served formal notice on some forty players who still do not make it possible to refuse cookies as easily as to accept them. 80% of the players concerned have complied. The CNIL will continue its controls and will pronounce the necessary corrective measures against illegal practices.
On 29 June 2021, the President of the CNIL issued a formal notice to some forty organizations publishing high-traffic sites and having practices that contravene the legislation on cookies. They had until 6 September to comply. To date, 30 organizations have complied, four have requested a delay due to technical or operational constraints and four have not yet responded.
Requests for extensions are currently being reviewed and will only be granted if they are properly justified. Organizations that have not responded face financial penalties of up to 2% of their turnover, as do any actors whose practices do not comply with the rules on cookies.
New monitoring campaigns are currently being prepared. Like the previous ones, they will continue to target national and international private actors, but also public bodies whose websites generate significant traffic. In addition, special attention will be paid to political party websites due to the presidential elections in 2022. Checks will continue to focus on the possibility of refusing cookies as simply as accepting them, but also on the effective respect of this choice.
With these actions, the CNIL is continuing to implement its plan for the overall compliance of players targeting French Internet users. The repressive policy currently being implemented by the CNIL, which was initiated at the end of 2020 with major sanctions imposed on major digital players, is an extension of the support phase that led to the adoption of guidelines and a recommendation on 1 October 2020.
Between 2020 and 2021, the CNIL adopted around 70 corrective measures (formal notices and sanctions) in relation to non-compliance with the legislation on cookies. In 60% of the cases, these measures concerned organizations whose parent company is located outside France.
These measures mainly concerned large private actors from a wide range of economic sectors.