On October 1, 2020, cnil released the revised version of cookies and similar technical guidelines in 2019. The revised version also takes into account the gdpr provisions of cookies. What is sinair? Cnil or commission Nationale de l \
Who will be the target of cnil? If your business falls into one of the following categories, you must comply with: Based on France and overseas French territories. Collect and \/ or process personal data of citizens and residents of France and overseas French territories. This is the same applicable principle as gdpr. What are cnil’s requirements for cookie compliance? Users with explicit user consent should allow explicit and positive measures (for example, clicking \
Reject cookie option users must be able to reject cookies as easily as they initially accepted cookies. Revoke consent option users must be able to easily revoke their consent to cookies at any time. The purpose of the cookie before the user agrees, he must clearly inform the purpose of the cookie and the result of accepting or rejecting the cookie. Enterprises seeking consent to prove cookies shall provide users with free, information-based, specific and unambiguous consent and effective collection evidence at any time. Here’s an inpograph that provides quick ideas for cnil’s compliance requirements: How does cnil seek consent to cookies? Cnil and gdpr have similar requirements, requiring users to agree to cookie rendering. As shown in the figure below.
Consent should be free. Users should be free to choose whether to agree to cookies. Consent must be specific. Obtain consent according to the purpose of data collection. That is, if you obtain consent for analytical purposes, collecting data for marketing purposes requires new consent. Consent requests must be clear. This means that you must inform users of your personal information protection practices at the time you request. It is a good practice to notify you that you are using cookies and provide a link to your personal information protection policy. Consent must be clear. The accept and reject buttons must be displayed. It is not enough to display only the accept button. Users must be able to take positive measures on the website. Cookies excluded from cnil’s consent collection cnil requires explicit consent, but specific cookies are not allowed without the user’s consent. The following is a list of cookies excluded from consent collection:
Cookie user interface customized cookie user interface, cookie user interface customized cookie user interface, which is used to generate cookie traffic statistics for remembering shopping cart items on cookie e-commerce websites, so as to limit users’ free access to the requested sample content. How should user silence be interpreted in the key language preference cookie cnil? Cnil believes that consent should only be carried out in positive behavior. Therefore, not taking any measures should be understood as refusing to use cookies. The following are two cases where cookies can be set on the user’s device:
The user agrees with the cookie. Cookies are exempt
(listed above). When should I ask cnil to update my consent? Whether the user agrees or not, the selection displayed by the user should be observed in principle. Therefore, when browsing the website, there is no need to reorganize the selection from page to page. Therefore, it is usually best to save the selection displayed by the network user and do not request it for a period of time. The retention period of the selected content should be evaluated on a case by case basis (related to the characteristics of the relevant website or application and the characteristics of the target user). In general, it is recommended to keep the selection for 6 months.
What is cnil’s opinion on cookie walls? Cookie wall is a website design. Users must accept cookies before accessing website content. The 2019 guidelines completely prohibit the use of biscuit walls. After the French court made the judgment of violating the law, cnil revised the guide to specify that the legitimacy of cookie wall should be evaluated on a case by case basis. If a cookie wall is used, the user must be clearly informed that the content cannot be accessed without consent. Otherwise, the cookie wall or banner advertisement will disappear soon and will not prevent users from accessing the content or induce users to agree.
What is the difference between cnil guidelines and recommendations? Cnil provides guidance and advice. The cnil guidelines for cookies and other trackers will inform users of the applicable laws when interacting with the Internet through interfaces such as smartphones, computers and tablets. This recommendation is intended to guide experts related to the compliance process. Not only can consent be obtained according to the applicable rules, but also examples of practical methods to meet the requirements of Article 82 of the data protection law are provided. What are the consequences of non-compliance and how to implement it? Cnil will impose fines on organizations that violate gdpr or French data protection laws in two ways.
According to the investigation of dissatisfaction with cnil or violation of cnil after declaration, in both cases, the chairman of cnil can appoint a reporter from cnil members other than the members of the restriction Committee and refer to the restriction Committee. The restriction committee is composed of five cnil members and the chairman elected from them. Notify the indicted organization and exchange documents in written procedures between the reporter and the organization. The restricted committee will receive all documents. If the reporter thinks it is useful in the process, you can listen to the sued organization. In this case, you can confirm the hearing through a written report.
The panel can be monitored or non monitored. In terms of monitoring, the sued enterprise or organization must pay up to 4% of the total global revenue or up to £ 20m. From the perspective of non monitoring, there will be warnings, prohibition of regular payment of fines, etc. When will cnil be implemented? As we announced, the compliance period of the new regulations (issued on October 1) shall not exceed 6 months at the end of March 2021 at the latest. Cnil will then perform the audit and take the implementation measures. As usual, operators must ensure compliance with eprivacy directive and general data protection regulations.
How to easily comply with cnil? Using the cookie yes gdpr cookie consent and compliance notification plug-in, you can easily create a cnil compliance journey for the WordPress website. Plug ins are a powerful set of features that make it easy to manage cookies. The plug-in provides the following functions: Automatic cookie check – the plug-in will automatically check cookies on the website. Cookie consent banner – consent banners can be created and customized to meet the requirements mentioned in the legal guide. Detailed consent options – the website informs users to use each type of cookie
