IDC Names Securiti a Worldwide Leader in Data Privacy


CNIL updated FAQs on cookies guidelines: Deadline to comply ends on 1st of April

Published March 26, 2021 / Updated November 22, 2023

Listen to the content

On 18 March 2021, the French data protection authority CNIL released Questions and Answers to aid organizations to comply with its amended guidelines on the use of cookies and similar tracking technologies. Organizations have time till 1st of April, after which the CNIL will be empowered to take enforcement actions against organizations failing to comply with its requirements on cookies.

Let’s look into some key points highlighted by the CNIL in its recently released Questions & Answers.

  1. Simple navigation of the user or relying on the browser settings of the user does not constitute valid consent to the use of cookies or other similar tracking technologies.
  2. Trackers used for audience measurement are exempt from obtaining the user’s consent, provided they are strictly necessary for the provision of the service requested by the user, are used only to produce anonymous statistical data, do not allow the tracking of the navigation of the user, and do not allow the data to be cross-checked with other processing or for the data to be transmitted to third parties.
  3. Website publishers must always inform users about the use of all cookies, including cookies for which user’s consent is not required.
  4. Website publishers are recommended to retain users’ choices for a period of six months, to not ask them to consent again and again, and from page to page. This recommended retention period may vary depending on the nature of the website and the specificities of its audience.
  5. It is essential to obtain the user’s consent to allow third parties, via social network buttons, to place or read trackers on the user’s terminal equipment.
  6. Users must be informed of the identity of data controllers (including joint data controllers), any third-parties with whom their data is intended to be shared, the purposes of the use of cookies, the possibility of withdrawing consent at any time, and the consequences of accepting and refusing the use of cookies. All of this information must be complete, visible and presented in a manner that is not misleading for users.
  7. Each purpose of cookies must be highlighted in a short title on the cookie banner, accompanied by its brief description. Details of the purposes of the use of cookies may be made available to the user under a drop-down button or a hypertext link, taking the user to the second information layer where a detailed description of purposes is available.
cookie guidelines

Figure 1- The detail of the purposes is available under a drop-down button that the user can activate on the first level of information

cookie guidelines

Figure 2 - Details of the purposes are available by clicking on a hypertext link on the first level of information

8. The CNIL emphasizes that it must be as easy to withdraw consent as it is to give it. This requires organizations to ensure the following:

  • Users have easy access to manage their cookie preferences via a link bearing a descriptive name such as “manage my cookies” at any time.
  • Alternatively, users have access to a configuration module that is accessible on all pages of the website by means of a static cookie icon, located for example at the bottom left of the screen.
  • “Accept all” and “Reject all” buttons are on the same information layer of the cookie consent banner.
  • “Accept all” and “Reject all” buttons are of the same size, shape, and color to not mislead users.
cookie guidelines

Figure 3 - The possibility of consenting in a granular manner can be offered on a second level of information via a button "customize my choices" inserted on the same level of information (first level) as the buttons allowing to "accept all" and to “refuse everything”.

9. The use of cookie-walls is not completely prohibited. However, their lawfulness must be assessed on a case-by-case basis.

Organizations must take immediate steps to comply with the afore-mentioned CNIL’s requirements. Securiti’s Cookie Consent Management Solution can help you build a CNIL compliant cookie consent banner, captures users’ consent, and automates revocation fulfillment.

Privacy Center
Fully Functional In Minutes

Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.


Ask for a DEMO today to understand how Securiti can help you comply with the CNIL’s cookie consent requirements with ease.

Maria Khan

Authored by Maria Khan

Maria Khan is a IAPP Certified Information Privacy Professional (CIPP/Europe) and a Certified Information Privacy Manager (CIPM). She earned her LL.M from the University of Michigan Law School, where she received the Michigan Grotius Fellowship, a fully-funded award. Additionally, Maria holds a B.A-LL.B (Hons.) from Pakistan.

Passionate about data privacy, AI governance, and business and human rights, Maria facilitates organizations in evaluating data privacy compliance risks and offers privacy-compliant solutions. She plays a key role in supporting regulatory intelligence within products/software and aiding organizations in meeting compliance efforts. Maria possesses a substantial understanding of global data privacy obligations, particularly in relation to AI governance, consent management, user transparency, digital marketing, cross-border data transfers, and AI risk assessments.

Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox


More Stories that May Interest You

At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.


Gartner Cool Vendor Award Forrester Badge IAPP Innovation award 2020 IDC Worldwide Leader RSAC Leader CBInsights Forbes Security Forbes Machine Learning G2 Users Most Likely To Recommend