On April 2, 2021 the French Data Protection Authority (the “Commission Nationale de l’Informatique et des Libertés” or “CNIL”) published its intent to start auditing websites for compliance with cookie regulations. This publication comes following a large number of developments and actions taken by the CNIL to further improve and guide organizations through cookie compliance. The CNIL had issued several recommendations, guidelines and cookie tools to raise awareness on the importance of this topic, with a final set of guidelines published on October 1, 2020 following public consultation rounds (“Cookie Guidelines”). The CNIL had determined that a 6-month grace period would apply following publication of the Cookie Guidelines. This grace period ended on April 1, 2021 and the CNIL now expects companies to be compliant with its recommendations and guidelines. The CNIL has confirmed that it may make use of the totality of its corrective powers to remedy non-compliance with the rules, including issuing (public) sanctions. In light of the increase in scrutiny on cookies in the EU (and the US pursuant to certain state laws), organizations with websites / platforms operating in the EU (and U.S.) may want to reconsider their cookie practices and start carrying out cookie audits.

(more…)