Iubenda logo
Start generating


Table of Contents

The French cookie consent requirements

Since March 31st, 2021, the French Data Protection Authority (the “CNIL”) has conducted a first wave of investigations to actively check that websites and apps are respecting the French Cookie Consent guidelines. At least twenty organizations have been sent a draft decision, which could result in fines if no appropriate measures to comply have been taken within a month. More inspections are expected in the coming months.

We’ve created the short list below to help you understand these requirements and meet them with minimum effort.


Do the new requirements apply to you?

Are you or your users based in France? Then the CNIL requirements apply to you.

How can you meet these requirements?

The 5 most important facts about the French Cookie Consent guidelines, and how iubenda can help you.

1. “Accept” and “Reject” buttons

You must allow your users to choose freely between giving and declining their consent to cookies. Both choices must be equally conspicuous and users should not be pressured to give their consent. Your Cookie Banner must, therefore, include BOTH an “Accept” and a “Reject” button.

How to solve this with iubenda?

You need to use iubenda’s Privacy Controls and Cookie Solution:

  • Simply tick the “Explicit Accept and Customize buttons” and “Explicit Reject button” checkboxes in the Privacy Controls and Cookie Solution configurator.

2. Third-parties

All third-parties whose cookies are consent-based must be individually mentioned in your Cookie Policy and links to these companies’ Privacy and Cookie Policies must also be included.

How to solve this with iubenda?

You need to use iubenda’s Privacy and Cookie Policy Generator:

  • First, you need to generate/update your Privacy Policy, so it includes all the services your site is running (use our Site Scanner, it will tell you immediately any services you may need to add to your policy).
  • Then, simply click on “Activate cookie policy” within the Privacy and Cookie Policy Generator: your Cookie Policy will be generated automatically based on the configuration of your Privacy Policy.

3. Cookie consent preferences

Users should not be prompted to express their consent choices too often. Therefore, regardless of whether a user has given or denied consent to cookies, the CNIL considers that such choice should be stored for 6 months, before users are asked again.

The 6-months-period is considered as a best practice and not as a hard requirement.

How to solve this with iubenda?

  • The default validity for the iubenda Privacy Controls and Cookie Solution is 12 months, but if you want to shorten it and adhere to the CNIL’s suggestion, you can scroll to the bottom of our Privacy Controls and Cookie Solution configurator’s “Advanced view”, and set the cookie expiration to 180 days.

4. Purposes

You need to list the categories of cookies you’re using (Necessary, Functionality, Experience, Measurement and/or Marketing) on the first layer of your cookie banner.

How to solve this with iubenda?

Customize the banner content in the “Advanced view” of the configurator (more info in our advanced guide) and mention the categories of cookies you’re using. Please note that we’re going to publish very soon a 1-click option to allow you to seamlessly meet this requirement.

5. Analytics tools that do not require consent

The CNIL plans to publish a list of analytics tools that do not require consent under French legislation. These analytics tools and their associated cookies will be exempt from the above consent requirements.

How to solve this with iubenda?

If you’re using iubenda and you’re subscribed to our newsletter, you only need to wait for our email about the list of analytics tools that do not require consent under French legislation. We’ll inform you as soon as the CNIL publishes this list.

6. Withdrawing consent

The CNIL requires that websites provide a means to withdraw consent at a later stage.

How to ensure this with iubenda?

We provide the option of placing a widget on your website. Our default wording informs users about their right to withdraw consent at any time.

Withdrawing consent with iubenda

Meet the CNIL’s requirements now in the easiest way!

Using iubenda already for both your Privacy and Cookie Policy and Cookie Consent?

Then you only need to make sure your configuration is tweaked according to our instructions above.

Have users in France but not using our solutions yet?

Start using our Privacy and Cookie Policy Generator and Privacy Controls and Cookie Solution to create your Cookie Policy & Cookie Banner and easily meet these Cookie Consent requirements.

Cookie Consent Cheatsheet

Make sure to also check out our Cookie Consent Cheatsheet for a clear overview of the French cookie consent regulations. Curious if the French regulations are stricter than those of other countries? You can find that out, too.

See also