Skip to main content


The reasonable period of time to bring websites and mobile applications into compliance with the new rules on cookies should not exceed 31 March 2021. The CNIL wished to raise awareness again among private and public organizations through a campaign of sending letters and emails, the opportunity to remind the presence of tools and practical advice on cnil.fr.

As part of its action plan on online advertising targeting, the CNIL considered it reasonable to grant a period of six months from the publication of the amending guidelines and the recommendation on the use of cookies for the actors concerned to comply with the new rules thus clarified. As the new rules were adopted on October 1, 2020, the adaptation period granted will end on March 31, 2021.

Cookie Consent Manager | Take a 2 week free trial

Take a 2 week free trial for our paid plans or create a free account …

Create an accountView our plans

A large majority of public sector websites concerned

As part of its support and consulting mission, the CNIL wanted to contact a number of public bodies to encourage them to quickly audit their websites and mobile applications in order to take action, if necessary, and as quickly as possible, to meet the requirements of the regulations.

200 local authorities, ministries and government operators have received awareness-raising letters and emails. The CNIL also relied on certain public sector network heads (Association of French Mayors, Assembly of French Departments, Regions of France, Réseau Déclic, Conference of University Presidents, SupDPO) to ensure wide distribution of this campaign.

Indeed, the CNIL has noted that the vast majority of public sector websites do not fully comply, to date, with the legal provisions relating to cookies.

The CNIL has thus drawn attention to the need to take certain actions as soon as possible:

  • The cookies banner, appearing in particular on the home page of a website, must detail the purposes for which these cookies are deposited on users’ devices. Indeed, the mere presence of general information such as “This site uses cookies” or “Cookies are used to improve the efficiency of the services offered to you” is not sufficient.
  • The user must be able to accept or refuse cookies with the same degree of simplicity. The CNIL has had the opportunity to recall that the integration of a button “Refuse all” on the same level and in the same format as the button “Accept all” allows to offer a clear and simple choice for the Internet user. It is also possible, for example, to explicitly offer the user the possibility of refusing trackers by closing the cookie banner. On the other hand, the mere presence of a “Set” button in addition to the “Accept all” button tends, in practice, to dissuade refusal and therefore does not make it possible to comply with the requirements set by the RGPD.

Are your an agency, webdesigner or another reseller?

Earn 30% commission, take a look at our reseller model or contact us for numbers larger than 500 clients

Calculate your revenue

Deposition of cookies without prior consent: a hundred or so private actors informed by the CNIL (French Data Protection Authority)

In conjunction with the publication of the guidelines and recommendation concerning the use of cookies and other tracers, the CNIL has set up an observatory. The purpose of this observatory is to periodically analyze the cookie deposition practices of the 1,000 sites with the largest audience in France, by analyzing the cookies deposited on the first page viewed by an Internet user consulting them.

The main results and the methodology applied are available on the website of LINC, the CNIL’s Digital Innovation Laboratory.

On the basis of these results and to make them aware of the risks incurred in the event of non-compliance, the CNIL has decided to send letters to websites with large audiences in France that deposit cookies from more than 6 third-party domains without prior consent. In parallel with its action towards public bodies, the CNIL has also reminded them that the reinforcement of the consent requirements set by the RGPD makes it necessary to develop interfaces for collecting the choices of users of applications or websites using tracking techniques (for example when they integrate content from external sources such as social network buttons).

CookieFirst

Get consent before loading third party tracking scripts

CookieFirst aims to make ePrivacy and GDPR compliance easy and quick to implement. The CookieFirst platform offers third-party script and consent management, statistics, periodic cookie scans, automated cookie declaration, banner customization, multiple language options, and more. Avoid large fines and get consent before loading third-party tracking scripts — try CookieFirst!