June 17, 2021

Volume XI, Number 168

Advertisement

June 17, 2021

Subscribe to Latest Legal News and Analysis

June 16, 2021

Subscribe to Latest Legal News and Analysis

June 15, 2021

Subscribe to Latest Legal News and Analysis

June 14, 2021

Subscribe to Latest Legal News and Analysis
Advertisement

Cookies: New Awareness Campaign by the French Supervisory Authority

The French Supervisory Authority has set 31 March 2021 as the end of the “reasonable period” to bring websites and mobile applications into compliance.

Following the adoption and publication of its updated guidelines along with practical recommendations on the use of cookies on 1 October 2020 (see our alert on the subject here), the French Supervisory Authority (CNIL) reaffirmed on 4 February 2021 the need for private and public players to comply with the new obligations regarding cookies and other tracers (together, Cookies).1

To make its action plan on online advertising effective and in view targeting of the deficiencies witnessed in both the public and private sectors, the CNIL set a specific deadline for the implementation of its recommendation: 31 March 2021.

The CNIL first addressed more than 200 public stakeholders through awareness-raising letters, notably by email, to remind them of the rules applicable regarding Cookies and to encourage them to comply with these rules prior to the start date.

This reminder to public bodies is also intended to guide all private companies, particularly on the mechanism implemented for collecting users’ information through placement of Cookies on their devices prior explicit consent. Whether it is a dedicated window or a banner, this mechanism must detail each distinct purpose for which these Cookies are expected to be used, and it cannot consist of mere general information on the existence of these Cookies. Furthermore, according to the CNIL, each user must be able to easily set his or her preferences in terms of Cookies, and the consent mechanism must not tend to favor the indiscriminate acceptance of all Cookies, in particular via systems offering users either to click on a “setting” tab or to accept all Cookies (see our previous alert on the rules applicable to Cookies).

In order to increase the effectiveness of this awareness campaign, the CNIL has set up an observatory to periodically analyze the Cookie-dropping practices of the top 1,000 websites in France. This analysis focuses more specially on the Cookies used on the users’ landing pages.

Based on the results of this analysis, the CNIL notified several French websites with large audiences that were using more than six third-party Cookies on their websites without prior consent.


See the CNIL press release of 4 February 2021 (in French)

Copyright 2021 K & L GatesNational Law Review, Volume XI, Number 54
Advertisement
Advertisement
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement
Advertisement

About this Author

Claude-Étienne Armingaud, KL Gates, Paris, data protection lawyer, commercial contracts attorney
Partner

Claude-Etienne Armingaud’s practice focuses on the representation of public and private companies in the area of information technologies and intellectual property law. Mr. Armingaud provides counsel to his clients at all stages of their corporate life cycle and in wide-ranging transactions, including in connection with litigation compliance matters, intellectual property protection and development, data protection strategic operations, and other commercial contracts.

Mr. Armingaud regularly advises start-up companies in matters relating to...

33-0-1-58-44-15-16
Associate

Clara Schmit is an associate in the firm’s Paris office. She is a member of the commercial technology and sourcing practice group.

She advises clients in matters related to information technology, intellectual property and data protection law. Ms. Schmit has expertise in industries of media and telecommunications, e-commerce, advertising, health, online services and luxury.

She advises French and international clients on issues relating to:

  • The compliance with and implementation of the European data protection framework, including the General Data...
33.1.58.44.15.11
Advertisement
Advertisement