What Are The CNIL Cookie Guidelines?
Commission Nationale Informatique & Libertés is the French data protection agency. What is CNIL? How to deal with it? Learn about it here!
What Is CNIL?
CNIL stands for Commission Nationale de l’informatique et des Libertés, which is the French national data protection authority. CNIL France was created by the French Data Protection Act of 6 January 1978 as an independent administrative authority responsible for ensuring the protection of personal data in computer files and processing operations, both public and private.
They have the power to enforce the data protection laws in France, which means they enforce:
- French Data Protection Act
- ePrivacy Directive
They receive complaints about non-compliance of businesses and may issue fines in the case of violations of the laws.
Aside from that, the CNIL published guidelines regarding certain data protection questions in order to clarify the subject matter and help businesses comply easily. The cookie guidelines are one of those documents.
Why Was CNIL Founded?
CNIL was created as a response to public protests against the SAFARI program which was a plan designed by the French government to identify each French citizen with a specific number and, using that unique identifier, to interconnect all government records. This program created fears on the part of the public that the entire French population would soon be recorded in files. This led to the creation of CNIL in order to ensure that any developments in information technology would remain respectful of privacy, individual rights and public liberties.
To Whom Do CNIL Cookie Guidelines Apply To?
CNIL cookie guidelines apply to you if your business:
- Is based in France and french territories overseas
- Collects and/or processes personal data of citizens and residents of France and french territories overseas
Basically, these are the same applicability principles as in the GDPR.
What’s The CNIL Stance On Cookie Walls?
Similar to the EDPB, CNIL also forbids cookie walls.
Cookie walls are mechanisms denying users access to the website content without accepting the cookies and other tracking technologies. When presented with a cookie wall, the user has the choice between accepting the cookies and leaving the website.
Obtaining consent that way is not free. It is conditional, and therefore, is not valid.
How To Comply With The CNIL Cookie Guidelines?
Using a cookie consent management solution is a good practice that brings peace of mind.
What’s The Commencement Of The Enforcement Of CNIL Cookie Guidelines?
You have to comply with these guidelines starting from March 2021. That’s the end of the transition period allowed by the CNIL.
After that, the agency will start with corrective measures. According to the plans announced, they could issue fines for serious infringements of the guidelines.
How Secure Privacy Helps Businesses Comply With CNIL’s Cookie Guidelines
Secure Privacy comes packed with enterprise-level features that help you fully comply with CNIL’s cookie guidelines and the GDPR overall.
The main features are;
- Advanced ongoing website scanning which allows you to know all types of cookies you have on your website
- highly customizable and stylish cookie consent banners with a universal preference center for users to opt-in and opt-out of the cookies and other tracking technologies
- Unique cross-domain consent capability that allows your users to manage their cookie preferences across different domains in a single step
- Over 70 languages supported
- Logs and consents tracking in real-time to ensure you maintain records of the consent you receive from users in case it is requested by CNIL
- A future-proof GDPR compliance solution that also helps you comply with CCPA in California and LGPD in Brazil.
Alternatively, you can sign up for your free trial of our complete GDPR compliance solution.
CPRA Data Retention
Unlike other data protection laws, such as the GDPR of the EU, the CPRA does not prevent you from collecting personal data freely without asking anyone. However, it doesn’t allow you to keep it longer than needed. This article will delve into the CPRA requirements for data retention.
CPRA and Employee Data: What You Need to Know
Under the CPRA, employee personal information is any information that could be used to determine who a person is and how they work. California employees have all the same rights guaranteed by the California Privacy Rights Act as any other consumer. Learn all you need to know about CPRA and Employee Data here.
Your users have the right to know what personal information is being collected about them, and they may contact you with a request to get information about how you handle personal information, ask you to delete it, transfer it to another company, or do something similar. Under the CPRA, you are obliged to respond to them. In this article, we explain how to comply with such consumer requests and the CPRA.