The CNIL, the French Data Protection Authority, has announced that, as of the 14th December 2021, it has issued 30 new formal notices to companies for non-compliance with the legislation on cookies. Since May 2021, 60 organisations that do not allow Internet users to refuse cookies as easily as to accept them have received formal notices.
Find out more about this new set of corrective measures on the blog.
CNIL recommendations
At the beginning of 2020, the CNIL published the broad outlines of its project, and then published its final recommendations in October 2020 (we talked about this on our blog and during a dedicated webinar).
In these recommendations, the CNIL underlined the importance of having a real choice of consent for Internet users, and underlined that these recommendations are addressed to:
- all types of companies: small, large, French, foreign, public, private;
- all types of devices and digital trackers: computers, laptops, tablets, smartphones, since they all use technologies for tracking Internet users.
New formal notices
Recent investigations carried out by the CNIL have revealed the persistence of numerous bad practices in terms of cookies. The investigations have shown that:
- cookies subject to consent were automatically deposited on the user’s terminal before acceptance by the user, upon arrival on the website;
- information banners are still not compliant because they do not allow the user to refuse the deposit of cookies as easily as to accept them;
- information banners offer the user a means of refusing cookies as easily as accepting them, but the proposed mechanism is not effective because cookies subject to consent are still deposited after the refusal expressed by the user.
This new set of corrective measures aims to ensure online users’ data protection and to promote the creation of a win-win relationship based on transparency of the information between digital actors and Internet users.
Admeet provides several solutions to enable companies to meet CNIL’s requirement
Admeet helps you to comply with the GDPR
Website and application publishers need to comply with the GDPR and to respect the CNIL’s recommendations. At Admeet we help you do this, thanks to:
1. Collection of valid consent
Admeet’s cookie banner allows you to collect your users’ valid consents in accordance with the CNIL’s requirements. It provides users with easy access to all information concerning cookies and other tracking technologies (name of the cookie, owner and its purpose) in a global or granular way, offers them the choice between “accept” and “refuse”, and gives them the possibility of changing their mind at any time.
2. A dedicated area to the management of cookies and other tracking technologies
The Internet user must be able to access his/her consents and to be able to withdraw them easily from the website with a few clicks and at any time, without having to enter the browser settings. Thanks to the “Cookie Management” tab at the bottom or top of the website, the user can change his/her mind.
This area should be accessible throughout the browsing process, regardless of the page the user is on.
3. Managing the withdrawal of consent
The GDPR specifies that individuals must be able to withdraw their consent as easily as they gave it. This implies that Internet users must be informed of the modalities for withdrawing their consents so that they can go back on their choices at any time. Internet users must have access to the cookie banner throughout the duration of their navigation on the website.
4. Proof of consent
The CNIL will verify that consent has been obtained in accordance with the four principles of a valid consent: informed, free, specific, unambiguous.
This means that you must keep and be able to provide proof of your users valid consents.
Start your compliance
Admeet enables you to comply with the CNIL’s recommendations on web & mobile.
Let us help you!