CNIL adopts new guidance on cookies

Photo by twinsfisch on Unsplash

On July 4, 2019, the Commission Nationale de l’informatique et des Libertés (CNIL), the French Data Protection Authority (DPA) adopted new guidelines on cookies and other tracking devices (“Guidelines”). According to the press release, the scrolling down or swiping through a website or application is no longer viewed as a valid expression of consent to the implementation of cookies; tracking services will have to prove that they have obtained consent.

The CNIL adopted the Guidelines without waiting for the adoption of the ePrivacy regulation, currently under discussion. The Guidelines will be followed by a new recommendation, which will specify the practical techniques for obtaining a valid consent.

There will be a 6 months consultation “with professionals and the civil society” to draft a recommendation, followed by a 6 weeks public consultation. The final recommendation will be published in the first quarter of 2020. The CNIL foresees a six months period of adaptation to allow stakeholders to implement the new rules.

Meanwhile, the CNIL adapted its website by removing the cookie banner, avoiding any tracking device until the user has actively consented by going on the cookie management module or directly on content pages.

On July 3, 2019, the UK Data Protection Authority, the Information Commissioner Officer (ICO), also published a new guidance on the use of cookies. See here.


The press release Cookies and other tracking devices: the CNIL publishes new guidelines is available at…

More information on the ICO’s guidance on cookies is available at…


For more information on how EU cookie rules apply to your company: Francesca Giannoni-Crystal and Federica Romanelli



Originally published on Technethics on july 2019

Leave a Reply

Your email address will not be published. Required fields are marked *