Cookies equally easily accepted or refused: CNIL orders 20 organisations to comply

01 June 2021

On 18 May 2021, the Chair of the CNIL issued formal notices to organisations that do not allow Internet users to refuse or accept cookies as easily. These organisations include international actors in the digital economy and several public bodies. They have been given one month to comply.

As announced in April 2021, the CNIL has initiated online investigations to identify possible breaches in relation to cookies. These checks revealed that a number of organisations do not make it equally easy to accept or refuse cookies.

As a result, the Chair of the CNIL has decided to issue formal notices to twenty organisations whose practices do not comply with the legislation on cookies. These decisions are part of the overall compliance strategy initiated by the CNIL over the past two years, which culminated on 1st October 2020 with the adoption of guidelines and a recommendation.

The formal notices were sent mainly to large companies in the digital economy. They have one month to comply and face monetary penalties of up to 2% of their turnover if they fail to do so. Public bodies are also concerned by these formal notices.

This is the first campaign of investigations and corrective measures since the deadline to comply with the new rules on cookies. Similar actions will be carried out in the coming months, in the context of the CNIL's priority areas of investigation in 2021.

As a reminder, in December 2020, the CNIL's restricted committee fined Google and Amazon 100 million euros and 35 million euros for their cookie practices. In the context of these decisions, which were adopted before the end of the adaptation period, the compliance of the information banners with the new cookie rules was not examined. However, during the investigation of the injunctions issued by the restricted panel, these companies were reminded that accepting cookies must be as easy as rejecting them, which the CNIL will ensure.