French agency for companies to audit their sites & apps for cookie compliance

Stine Mangor Tornmark
Written by
Stine Mangor Tornmark
February 18, 2021

The French Data Protection Authority (the “CNIL”) announced on February 4th that it has sent letters emails to approx. 300 organizations to remind them about the new cookie rules and the need to audit sites and apps to comply with those rules by March 31, 2021.

The reason is that CNIL updated its cookie guidelines in October 2020 and companies were given 6 months to comply with the new cookie guidelines.

If you have a French website (.fr) or a website in French we recommend that you make sure that your cookie pop-up and policy complies with the French rules before April 1st. CNIL has announced that it will carry out inspections to enforce the Guidelines after that transition period.

Some of the most important things to look for when reviewing your cookie compliance:

  • The cookie pop-up must explain the purposes for which cookies are set on the users’ devices.
  • General information such as “this site uses cookies” or “cookies are used to improve the efficiency of the services we offer to you” isn’t sufficient.
  • Users must be able to accept or refuse cookies with the same ease. If the cookie pop-up includes an “Accept All” button, you must have a “Reject All” button on the same level and in the same format as the “Accept All” button.
  • The CNIL also made it clear the mere presence of “Accept All” and “Cookie Settings” buttons aren’t sufficient.
  • Make sure that non-essential cookies are blocked until the user gives consent.