COOKIES. CONSENT. COMPLIANCE
Schedule a Demo
secure privacy badge logo
Regulations
EUROPE
GDPR (EU) UK DPA (United Kingdom) FADP (Switzerland) NewDPA (Norway)

View All

North America
PIPEDA (Canada) CCPA/CPRA (California) CPA (Colorado) VCDPA (Virginia)

View All

Middle East
PDPL (UAE) DIFC DPA (Dubai) PDPL (Saudi Arabia) KVKK (Turkey)

View All

Asia
PIPA (South Korea) NewPIPL (China) Data Privacy Act 2012 (Philippines) PDPA (Singapore)

View All

Central and South America
LGPD (Brazil) DPL (Colombia) Personal Data Protection Law (Argentina) LSPDP (Panama)

View All

Africa
POPIA (South Africa) Law no.09-08 (Morocco) LPDP (Egypt) DPA (Kenya)
Oceania
APP (Australia) Privacy Act (New Zealand)
Features
Cookie BannersPreference CenterCookie & Website ScannerConsent LoggingData Subject Request FormsCookie PolicyPolicy CenterLegal Templates70+ Language Support
Cookie Banners
Integrations
HubspotWordpressMagentoAdobe Tag ManagerWixShopifyDrupalGoogle Tag ManagerWeeblySquarespaceWebviewSitecoreUmbracoJoomlaBigcommerceGoogle Consent ModeAdobe LaunchTealium IAB TCF v2.2
Hubspot badge
Pricing
Partner
Resources
BlogSupportContact UsDocsRequest DemoTraining & CertificationGDPR Website Scanner
November 5, 2021

What Are The CNIL Cookie Guidelines?

Commission Nationale Informatique & Libertés is the French data protection agency. What is CNIL? How to deal with it? Learn about it here!

What Is CNIL?

CNIL stands for Commission Nationale de l’informatique et des Libertés, which is the French national data protection authority. CNIL France was created by the French Data Protection Act of 6 January 1978 as an independent administrative authority responsible for ensuring the protection of personal data in computer files and processing operations, both public and private.

They have the power to enforce the data protection laws in France, which means they enforce:

  • French Data Protection Act 
  • GDPR
  • ePrivacy Directive

They receive complaints about non-compliance of businesses and may issue fines in the case of violations of the laws.

Aside from that, the CNIL published guidelines regarding certain data protection questions in order to clarify the subject matter and help businesses comply easily. The cookie guidelines are one of those documents.

Why Was CNIL Founded?

CNIL was created as a response to public protests against the SAFARI program which was a plan designed by the French government to identify each French citizen with a specific number and, using that unique identifier, to interconnect all government records. This program created fears on the part of the public that the entire French population would soon be recorded in files. This led to the creation of CNIL in order to ensure that any developments in information technology would remain respectful of privacy, individual rights and public liberties.

To Whom Do CNIL Cookie Guidelines Apply To?

CNIL cookie guidelines apply to you if your business:

  • Is based in France and french territories overseas
  • Collects and/or processes personal data of citizens and residents of France and french territories overseas

Basically, these are the same applicability principles as in the GDPR.

What’s The CNIL Stance On Cookie Walls?

Similar to the EDPB, CNIL also forbids cookie walls.

Cookie walls are mechanisms denying users access to the website content without accepting the cookies and other tracking technologies. When presented with a cookie wall, the user has the choice between accepting the cookies and leaving the website.

Obtaining consent that way is not free. It is conditional, and therefore, is not valid.

How To Comply With The CNIL Cookie Guidelines?

Using a cookie consent management solution is a good practice that brings peace of mind.

Secure Privacy’s CNIL solution is compliant with the CNIL and GDPR Cookie Guidelines.

What’s The Commencement Of The Enforcement Of CNIL Cookie Guidelines?

You have to comply with these guidelines starting from March 2021. That’s the end of the transition period allowed by the CNIL.

After that, the agency will start with corrective measures. According to the plans announced, they could issue fines for serious infringements of the guidelines.

How Secure Privacy Helps Businesses Comply With CNIL’s Cookie Guidelines

Secure Privacy comes packed with enterprise-level features that help you fully comply with CNIL’s cookie guidelines and the GDPR overall.

The main features are;

  • Advanced ongoing website scanning which allows you to know all types of cookies you have on your website
  • highly customizable and stylish cookie consent banners with a universal preference center for users to opt-in and opt-out of the cookies and other tracking technologies
  • Unique cross-domain consent capability that allows your users to manage their cookie preferences across different domains in a single step
  • A privacy policy generator that gives you an automated way to create your cookie notice to meet GDPR disclosure requirements
  •  Over 70 languages supported
  • Logs and consents tracking in real-time to ensure you maintain records of the consent you receive from users in case it is requested by CNIL
  • A future-proof GDPR compliance solution that also helps you comply with CCPA in California and LGPD in Brazil.

If you would like to receive additional information about Secure Privacy and GDPR Cookie Consent compliance or to have our data protection expert carry out a quick ‘check-up’ of your website, cookie consent banner, or your cookie policy, book a call today.

Alternatively, you can sign up for your free trial of our complete GDPR compliance solution.

Schedule a call to learn more

image

Data Broker Registration Explained (2026): How to Register Under U.S. Privacy Laws

Data brokers occupy a peculiar position in the privacy landscape: they are often the most consequential handlers of personal information that consumers have never heard of. A person may carefully manage what they share with their bank, their employer, and the apps on their phone — and still find their name, home address, income range, health interests, and browsing behavior for sale across hundreds of databases they never interacted with.

  • Legal & News
  • Data Protection
image

EU AI Act Implementation Sprint: A 90-Day Playbook for Enterprise Compliance

The EU AI Act is no longer a regulation on the horizon. Prohibited AI practices have been enforceable since February 2025. General-purpose AI obligations have applied since August 2025. And on 2 August 2026 — five months from now — the full weight of high-risk AI system requirements under Annex III comes into force, bringing with it a penalty structure that exceeds even the GDPR: up to €35 million or 7% of global annual turnover for the most serious violations, and up to €15 million or 3% for non-compliance with high-risk obligations.

  • AI Governance
image

React Native Consent SDK: Implement Mobile Consent Management

Adding a consent banner to a React Native app is straightforward. Implementing consent management that actually controls data collection — where no third-party SDK fires a network request before the user has responded, where consent state persists correctly across sessions, and where every decision is logged for regulatory audit — is a different engineering problem.

  • Mobile Consent