CNIL updated FAQs on cookies guidelines: Deadline to comply ends on 1st of April

On 18 March 2021, the French data protection authority CNIL released Questions and Answers to aid organizations to comply with its amended guidelines on the use of cookies and similar tracking technologies. Organizations have time till 1st of April, after which the CNIL will be empowered to take enforcement actions against organizations failing to comply with its requirements on cookies.

Let’s look into some key points highlighted by the CNIL in its recently released Questions & Answers.

1. Simple navigation of the user or relying on the browser settings of the user does not constitute valid consent to the use of cookies or other similar tracking technologies.
2. Trackers used for audience measurement are exempt from obtaining the user’s consent, provided they are strictly necessary for the provision of the service requested by the user, are used only to produce anonymous statistical data, do not allow the tracking of the navigation of the user, and do not allow the data to be cross-checked with other processing or for the data to be transmitted to third parties.
3. Website publishers must always inform users about the use of all cookies, including cookies for which user’s consent is not required.
4. Website publishers are recommended to retain users’ choices for a period of six months, to not ask them to consent again and again, and from page to page. This recommended retention period may vary depending on the nature of the website and the specificities of its audience.
5. It is essential to obtain the user’s consent to allow third parties, via social network buttons, to place or read trackers on the user’s terminal equipment.
6. Users must be informed of the identity of data controllers (including joint data controllers), any third-parties with whom their data is intended to be shared, the purposes of the use of cookies, the possibility of withdrawing consent at any time, and the consequences of accepting and refusing the use of cookies. All of this information must be complete, visible and presented in a manner that is not misleading for users.
7. Each purpose of cookies must be highlighted in a short title on the cookie banner, accompanied by its brief description. Details of the purposes of the use of cookies may be made available to the user under a drop-down button or a hypertext link, taking the user to the second information layer where a detailed description of purposes is available.

Figure 2 - Details of the purposes are available by clicking on a hypertext link on the first level of information

8. The CNIL emphasizes that it must be as easy to withdraw consent as it is to give it. This requires organizations to ensure the following:

• Users have easy access to manage their cookie preferences via a link bearing a descriptive name such as “manage my cookies” at any time.
• Alternatively, users have access to a configuration module that is accessible on all pages of the website by means of a static cookie icon, located for example at the bottom left of the screen.
• “Accept all” and “Reject all” buttons are on the same information layer of the cookie consent banner.
• “Accept all” and “Reject all” buttons are of the same size, shape, and color to not mislead users.

Figure 3 - The possibility of consenting in a granular manner can be offered on a second level of information via a button "customize my choices" inserted on the same level of information (first level) as the buttons allowing to "accept all" and to “refuse everything”.

9. The use of cookie-walls is not completely prohibited. However, their lawfulness must be assessed on a case-by-case basis.

Organizations must take immediate steps to comply with the afore-mentioned CNIL’s requirements. Securiti’s Cookie Consent Management Solution can help you build a CNIL compliant cookie consent banner, captures users’ consent, and automates revocation fulfillment.

Ask for a DEMO today to understand how Securiti can help you comply with the CNIL’s cookie consent requirements with ease.