Since March 31st, 2021, the French Data Protection Authority (the “CNIL”) has conducted a first wave of investigations to actively check that websites and apps are respecting the French Cookie Consent guidelines. At least twenty organizations have been sent a draft decision, which could result in fines if no appropriate measures to comply have been taken within a month. More inspections are expected in the coming months.
We’ve created the short list below to help you understand these requirements and meet them with minimum effort.
Are you or your users based in France? Then the CNIL requirements apply to you.
The 5 most important facts about the French Cookie Consent guidelines, and how iubenda can help you.
You must allow your users to choose freely between giving and declining their consent to cookies. Both choices must be equally conspicuous and users should not be pressured to give their consent. Your Cookie Banner must, therefore, include BOTH an “Accept” and a “Reject” button.
You need to use iubenda’s Cookie Solution:
Users should not be prompted to express their consent choices too often. Therefore, regardless of whether a user has given or denied consent to cookies, the CNIL considers that such choice should be stored for 6 months, before users are asked again.
The 6-months-period is considered as a best practice and not as a hard requirement.
You need to list the categories of cookies you’re using (strictly necessary, basic interactions & functionalities, experience enhancement, measurement and/or targeting & advertising) on the first layer of your cookie banner.
Customize the banner content in the “Advanced view” of the configurator (more info in our advanced guide) and mention the categories of cookies you’re using. Please note that we’re going to publish very soon a 1-click option to allow you to seamlessly meet this requirement.
The CNIL plans to publish a list of analytics tools that do not require consent under French legislation. These analytics tools and their associated cookies will be exempt from the above consent requirements.
If you’re using iubenda and you’re subscribed to our newsletter, you only need to wait for our email about the list of analytics tools that do not require consent under French legislation. We’ll inform you as soon as the CNIL publishes this list.
The CNIL requires that websites provide a means to withdraw consent at a later stage.
We provide the option of placing a widget on your website. Our default wording informs users about their right to withdraw consent at any time.
Then you only need to make sure your configuration is tweaked according to our instructions above.
Make sure to also check out our Cookie Consent Cheatsheet for a clear overview of the French cookie consent regulations. Curious if the French regulations are stricter than those of other countries? You can find that out, too.