Impending sweep day to verify compliance with guidelines on cookies
During the week of September 15–19, 2014, France’s privacy regulator, the Commission Nationale de l’Informatique et des Libertés (CNIL), is organizing a “cookies sweep day” to examine compliance with its guidelines on cookies and other online trackers.
Starting in October 2014, the CNIL will also be conducting onsite and remote inspections to verify compliance with its guidelines on cookies.
Depending on the findings of the sweep and inspections, the CNIL may issue warnings or financial sanctions to non-compliant websites and applications.
Investigations gaining momentum
France is not the only country stepping up its data privacy efforts. Parallel sweeps to the one conducted by the CNIL in September 2014 will be undertaken simultaneously by data protection authorities across the European Union. The purpose of the coordinated action is to compare practices on the information given by websites to internet users and the methods to obtain their consent for cookies.
Compliance made simpler through CNIL guidelines
EU Directive 2002/58 on Privacy and Electronic Communications imposes an obligation to obtain prior consent before placing or accessing cookies and similar technologies on web users’ devices, an obligation incorporated into French law by Article 32-II of the French Data Protection Act.
Not all cookies require prior consent by internet users. Exempt are cookies used “for the sole purpose of carrying out the transmission of a communication over an electronic communications network” and those that are “strictly necessary for the provision of an information service explicitly requested by the subscriber or user.”
Under the CNIL guidelines, owners of websites may not force internet users to accept cookies. Instead, the users must be able to block advertising cookies and still use the relevant service. Internet users can withdraw their consent at any time, and cookies have a [...]