As part of its global strategy to ensure compliance with its new cookies mandatory guidelines, and as announced in its priority control themes for 2021, in May 2021 the CNIL issued formal notices to over twenty organizations (including international actors in the digital economy and some public bodies) for not enabling users to accept or refuse cookies using equally easy steps. These organizations all remedied the identified breaches within the month granted, but the CNIL has identified and sent formal enforcement notices regarding the same issue to a further 40 non-compliant organizations in the meantime.

Which industry sectors were impacted?

In its announcement of its most recent action, the CNIL notes that the organizations contacted are from a range of industry sectors, namely:

  • Four major platforms in the digital economy;
  • Six major hardware and software editors;
  • Six companies selling consumer goods online;
  • Two major players in the online tourism industry;
  • Three car rental companies;
  • Three major players in the banking sector;
  • Two major local authorities;
  • Two online public services; and
  • One energy company.

When must organizations comply by?

The concerned companies have until September 6, 2021 to comply.

What is the risk of sanction?

The CNIL expressly noted that these formal notices are likely to lead the CNIL to grant fines of up to 2% of the turnover if not complied with.

What about future action?

The latest formal notices are only the beginning of the CNIL’s work. The CNIL has announced that other verification and corrective measures campaigns will be carried out in the autumn.