Securiti Launches Industry’s First Solution To Automate Compliance

View
Contact Us Schedule a Demo

CNIL updated FAQs on cookies guidelines: Deadline to comply ends on 1st of April

cnil cookie guidelines banner
By Maria Khan
Published March 26, 2021

Listen to the content

On 18 March 2021, the French data protection authority CNIL released Questions and Answers to aid organizations to comply with its amended guidelines on the use of cookies and similar tracking technologies. Organizations have time till 1st of April, after which the CNIL will be empowered to take enforcement actions against organizations failing to comply with its requirements on cookies.

Let’s look into some key points highlighted by the CNIL in its recently released Questions & Answers.

  1. Simple navigation of the user or relying on the browser settings of the user does not constitute valid consent to the use of cookies or other similar tracking technologies.
  2. Trackers used for audience measurement are exempt from obtaining the user’s consent, provided they are strictly necessary for the provision of the service requested by the user, are used only to produce anonymous statistical data, do not allow the tracking of the navigation of the user, and do not allow the data to be cross-checked with other processing or for the data to be transmitted to third parties.
  3. Website publishers must always inform users about the use of all cookies, including cookies for which user’s consent is not required.
  4. Website publishers are recommended to retain users’ choices for a period of six months, to not ask them to consent again and again, and from page to page. This recommended retention period may vary depending on the nature of the website and the specificities of its audience.
  5. It is essential to obtain the user’s consent to allow third parties, via social network buttons, to place or read trackers on the user’s terminal equipment.
  6. Users must be informed of the identity of data controllers (including joint data controllers), any third-parties with whom their data is intended to be shared, the purposes of the use of cookies, the possibility of withdrawing consent at any time, and the consequences of accepting and refusing the use of cookies. All of this information must be complete, visible and presented in a manner that is not misleading for users.
  7. Each purpose of cookies must be highlighted in a short title on the cookie banner, accompanied by its brief description. Details of the purposes of the use of cookies may be made available to the user under a drop-down button or a hypertext link, taking the user to the second information layer where a detailed description of purposes is available.
cookie guidelines

Figure 1- The detail of the purposes is available under a drop-down button that the user can activate on the first level of information

cookie guidelines

Figure 2 - Details of the purposes are available by clicking on a hypertext link on the first level of information

8. The CNIL emphasizes that it must be as easy to withdraw consent as it is to give it. This requires organizations to ensure the following:

  • Users have easy access to manage their cookie preferences via a link bearing a descriptive name such as “manage my cookies” at any time.
  • Alternatively, users have access to a configuration module that is accessible on all pages of the website by means of a static cookie icon, located for example at the bottom left of the screen.
  • “Accept all” and “Reject all” buttons are on the same information layer of the cookie consent banner.
  • “Accept all” and “Reject all” buttons are of the same size, shape, and color to not mislead users.
cookie guidelines

Figure 3 - The possibility of consenting in a granular manner can be offered on a second level of information via a button "customize my choices" inserted on the same level of information (first level) as the buttons allowing to "accept all" and to “refuse everything”.

9. The use of cookie-walls is not completely prohibited. However, their lawfulness must be assessed on a case-by-case basis.

Organizations must take immediate steps to comply with the afore-mentioned CNIL’s requirements. Securiti’s Cookie Consent Management Solution can help you build a CNIL compliant cookie consent banner, captures users’ consent, and automates revocation fulfillment.

Privacy Center
Fully Functional In Minutes

Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.

Get Started for FREE
Take a Tour
 

Ask for a DEMO today to understand how Securiti can help you comply with the CNIL’s cookie consent requirements with ease.

Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox

Share

More Stories that May Interest You

CPRA Cookie Consent banner View More

January 1, 2024 post

CPRA Cookie Consent – All You Need To Know [2024 Guide]

The California Privacy Rights Act (CPRA) of 2020 which goes into effect on January 1, 2023, is expected to replace the California Consumer Privacy...

LGPD Cookie Brazil banner View More

November 10, 2023 post

LGPD & Cookies: What Do You Need To Know?

When a person logs on to a website, the server assigns them a distinctive, user-specific identity. This identity is stored on the mobile or...

Opt In vs Opt Out banner View More

August 13, 2023 post

Opt In vs Opt Out Consent: What’s the Difference?

The global hunger for data collection is increasing exponentially. With businesses starting to collect more and more personal data, a rapid emergence in data...

What's
New