Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:


Home / News
Updated guidelines on cookies and other technologies of tracking, privacy online, published by CNIL.

Updated guidelines on cookies and other technologies of tracking, privacy online, published by CNIL.

The 1 October 2020, the French Data Protection Authority (CNIL) has published a revised version of guidelines on cookies and similar technologies, with its recommendations on practical moods in order to obtain users consent to the storage or the use of cookies which are no essential and similar technologies on your devices, as well as a series of FAQ.

On 18 of July, the CNIL published the guidelines in order to specify the use of cookies and similar technologies in France in the lights of the GDPR consent, which should be integrated by recommendations in order to offer guidelines to companies in the actuation of these rules, by offering concrete examples. On 1 January 2020, the CNIL published the first version of its recommendations, which were under public consultation till the last 25 February.

On 19 June 2020, the higher French administrative Court (the “Conseil d’Etat”) had admitted a partial annulment decision of the guidelines.

The Conseil d’Etat had cancelled the disposal of the guidelines which requires a general prohibition on cookie wall which prevent the users that not agree to the cookies use for the access to a website or a mobile app, and the same day of the sentence the CNIL published a declaration in which announced that it was going to see the own guidelines.

Key points of the new guidelines and recommendations include:

user consent to be obtained on each site – The CNIL previously considered it acceptable to request user consent for a group of sites if users were informed of the exact extent of their consent. When non-essential cookies are set by entities other than the web editor, and such cookies allow user activity to be tracked through other sites, the CNIL now strongly recommends that you seek user consent individually for each site.

Information to be provided to users to obtain informed consent: The Guidelines slightly extend the list of information to be provided to users to obtain their informed consent. Users should not only be informed of the identity of the data processor(s), the purpose(s) of the use of cookies and similar technologies and the existence of their right to withdraw consent, but should also be informed at least of how they can accept or refuse cookies and similar technologies and the consequences of such acceptance or refusal.

Ability to refuse cookies with the same ease with which to give consent – Both guidelines and recommendations stress that it must be just as easy to accept or refuse the use of cookies. Consent interfaces that only include the “accept all” and “customise settings” buttons, whereby users can accept all cookies with one click but can reject them with several clicks, are not permissible. If there is an “accept all” button, there must be a “reject all” button of the same size and level on the interface. Alternatively, the consent interface may include a “continue without accepting” link. It must be clear to users how they can refuse cookies.

Users’ rejection deduced from their silence: CNIL had previously recognised the possibility for users to delay their choice and recommended that a “tick” button be placed on the consent interface for this purpose. The CNIL now considers that silence, lack of reaction or action by users (other than a clear positive act expressing their consent) should be interpreted as a refusal to set cookies on their devices.

More flexible consent exemption conditions for analytical cookies – the CNIL has considered that analytical cookies could be exempted from the consent requirement, subject to strict conditions, including the possibility for users to opt-out of such cookies. As a result, very few analytical solutions could benefit from consent exemption. CNIL has now softened these conditions. However, the exemption from consent still applies only to analytical cookies whose purpose is limited to measuring the audience of the site or app only on behalf of the web publisher. These analytical cookies must only be used to produce anonymous statistics and personal data collected through cookies must not be combined with other data or processing activities and must not be shared with third parties.

Cookie wall – The guidelines no longer impose a general and absolute ban on ‘cookie walls’. However, the CNIL believes that this practice may affect freedom of consent in some cases and the legitimacy of the practice must be assessed on a case-by-case basis. Furthermore, if a cookie wall is implemented, users must be clearly informed of the consequences of their choices, in particular the impossibility of accessing the content of the site or app or service if they do not give their consent.

Next steps – The CNIL will allow a transition period of six months to comply with the new rules on the Cookie Law (i.e. until the end of March 2021), after which it may carry out inspections to enforce the guidelines. However, in accordance with the case law of the Conseil d’Etat, the CNIL reserves the right to take action against certain violations, particularly in the case of particularly serious violations of the right to privacy. In addition, during the transition period, the CNIL will continue to investigate violations of the previous Cookie Law. SOURCE: FEDERPRIVACY

Recommended to you

Advanced Research