Replay Master Class: Reconciling Tracking Performance and Respect for Privacy

Cookie legislation: the GDPR and the CNIL strike hard

The author

Eric Dumain


Published on


4 minutes

Cookie legislation: the GDPR and the CNIL strike hard

After the control campaign launched in April, the CNIL has announced a second series of formal notices targeting "some forty" recalcitrant actors. These companies and organizations have until September 6 to comply with the RGPD (or General Data Protection Regulation). What about this legislation on cookies? The RGPD and the CNIL are hitting hard.

Formal notice: which companies are targeted?

Among the 40 or so organizations targeted by the CNIL's new control campaign are:
  • 4 major platforms of the digital economy
  • 6 major hardware and software manufacturers
  • 6 companies selling consumer goods online
  • 2 major players in online tourism
  • 3 car rental companies
  • 3 major players in the banking sector
  • 2 major local authorities
  • 2 online public services.

Reminder: CNIL controls

The CNIL must carry out checks on companies working on personal data processing. Its objective: to regulate the use of personal data, guarantee the collection of consent and ensure compliance with the GDPR.

The GDPR: eternal support for CNIL control

The GDPR makes it possible to control and guarantee compliance with the guidelines for companies in charge of processing or managing data. The CNIL therefore gives formal notice to the managers of sites and applications to ensure the compliance of processing with the GDPR. 

According to her, cookies account for 20% of the problem of GDPR non-compliance in web environments. In order to use this tracking technology, it is essential that users are able to give their consent beforehand - and above all freely.

The decision of the CNIL

At the end of May, the CNIL had already announced some twenty formal notices, targeting in particular "major companies in the digital economy".

The regulator had also indicated that it had found breaches on other websites and was considering multiple sanctions.

This new control campaign and these new measures are in addition to the procedures underway before the CNIL's restricted formation (the body responsible for imposing sanctions) and are likely to result in fines of up to 2% of the company's turnover.

Focus: 2020 controls

As a reminder, in 2020, the CNIL had pronounced 14 sanctions and 49 formal notices for a total of €138.5 million in fines (compared with eight sanctions, 42 formal notices and €51.4 million in fines in 2019).

It is clear that the pace is accelerating with information from individuals (9.7 million visits to the CNIL website, i.e. +21%), complaints (13,585 in 2020) and personal data breach notifications.

No company is safe!

The frequency of website updates (technology, tracking, content, campaigns, promotions...) exposes brands to the risk of infringement, making spot audits potentially dangerous in a particularly heavy and complex technological environment.

The Data On Duty solution

To help companies become compliant and data responsible, Data On Duty has designed the SaaS Privacy Manager solution. This tool monitors cookie compliance, browsing data storage and transport security on no less than 51 criteria, regardless of whether consent has been ignored, refused or accepted.

This solution not only saves you time, but also allows you toidentify, correct and maintain the GDPR compliance of your sites and web ecosystems.

It's up to you to keep your sites compliant over the long term. It's the ideal way to build trust and gain the consent of your consumers.

Don't wait any longer, the Data On Duty team helps you secure your GDPR compliance.

You will also like...

S’abonner à la Newsletter

Don't miss any Data On Duty content and stay up to date with all the latest Data Privacy and Data Governance news!