The CNIL is doubling the wagers: after announcing around twenty formal notices in May, the National Commission for Informatics and Freedom is now announcing about forty, still relating to the subject of the acceptance of cookies.
In its press release, the committee indicates that “some organizations are still not in compliance with the legislation on cookies” and explains having decided to adopt new “formal notices against some forty organizations with non-compliant practices ”. These have a period running until September 6 to comply with the requirements of the CNIL.
Among the organizations concerned by these new formal notices, none is directly mentioned. But the Commission details their sectors of activity: “four major platforms of the digital economy, six major manufacturers of computer hardware and software, six online retailers of consumer goods, two major players in online tourism, three vehicle rental companies, three major players in the banking sector, two large local authorities, two online public services and one energy player ”are thus concerned. The Commission recalls that in the event of failure to comply with the imposed deadline, it reserves the right to penalize the offending companies, with fines which may amount to 2% of turnover.
At the end of 2020, the Commission published a set of guidelines aimed at clarifying the conduct to be taken with regard to the deposit of cookies by Internet users. The reference text in this area remains the GDPR. For the CNIL, one of the requirements of the GDPR is that online service providers who wish to place a cookie on a user’s browser must offer a clear option allowing the refusal of this same cookie.