Some items on our site have recently moved. Visit our News Hub for selected articles, special reports, podcasts and other resources.
Website owners face cookie-banner fines in France by year's end, CNIL official says
08 September 2021 16:32 by Matthew Newman
Website owners that haven’t followed French guidelines on cookie banners are likely to face fines before the end of the year, an official from the national data protection authority has said.
About 40 companies had until Sept. 6 to ensure that their websites’ cookie banners make it just as simple for users to accept all cookies as to refuse them.
About half of these companies have already responded and have made changes to their websites' cookie banners. Officials at the Commission Nationale de l'Informatique et des Libertés (CNIL) are waiting for replies from other sites to verify whether they are in line with the authority’s guidelines on the EU’s e-privacy rules.
“We will check the replies on Monday to see if they have complied. It’s too soon to say if there will be fines,” Mathias Moulin, director of rights protection and sanctions at the CNIL, told MLex in an interview.*
"The philosophy behind our campaign is to first clarify the rules, then to ensure that the sites conform to the rules, and then we check whether the choices users make are respected," he said.
The French campaign — which began in May with formal notices to about 20 companies — seeks to ensure that companies comply with the EU's rules for online cookies and consent. It follows users' frustration and annoyance that companies make it much more complicated to reject than to accept cookies, which are vital for the online advertising sector.
The CNIL has been cracking down on companies’ compliance with EU rules on cookies. In December 2020, the authority levied a total of 135 million euros ($160 million today) in fines against Google and Amazon for failing to obtain prior consent for placing cookies on the web browsers of visitors to their sites, in violation of France’s Data Protection Act, which implements the EU’s 2002 e-Privacy Directive.
French companies have also been targeted, with French publisher Le Figaro fined 50,000 euros for its failure to obtain consent from visitors to lefigaro.fr before its partners placed advertising cookies on their computers.
Moulin said the CNIL will verify in the coming months that websites that have agreed to clarify their cookie consent banners are following up on users’ requests. Companies that don’t respect users’ wishes may face fines, he said.
The CNIL told the companies — which haven't been named — that their sites must include banners that make it just as simple for users to accept all cookies as to refuse them. The notices follow cookies guidelines that were approved last year but took effect on April 1.
In the latest campaign, about half of these companies have complied with the formal notices, which were sent in July, but the precise number won’t be known until next week, said Moulin.
He said that about 70 percent of the notices were sent to large companies based outside of France. These companies represent diverse sectors of the economy, from rental car companies to e-commerce websites.
"It's not about small French companies for these formal notices. We are interested in putting pressure on large players. These are companies that either have a large number of sites or they are good representatives of the sector," he said.
He said that the CNIL has noticed that companies that have changed their French-language websites have also made changes on their English-language sites after they received formal notices.
* MLex translation from the original French.
26 May 2023 14:59 by Sam ClarkWhen the EU’s General Data Protection Regulation came into force five years ago, some said it would usher in a new era of EU supremacy over Silicon Valley's tech giants, reining in their rampant data-driven power.
24 May 2023 15:39 by Mike SwiftSince the General Data Protection Regulation took effect five years ago this week, more than 40 countries have enacted national privacy laws, most of which drew liberally from the canonical text of the EU law.
23 May 2023 23:47 by Mike SwiftThe count of countries with data protection laws more than doubled to 162 over the past dozen years, a total that includes a wide majority of the world’s nations, with new research suggesting data protection rules are approaching ubiquity.