On October 1, 2020, the French Data Protection Agency (CNIL) released its 2019 about its 2019 about Cookie and revised version of guidelines of similar technologies. The release of the revised version also takes into account the GDPR regulations on Cookie.
What is cnil?
CNIL or Commission National de L \u0026#39; Informatique et des Libertes (National Information and Liberty Committee) is a French administrative regulatory agency that has the right to implement the data protection law in France. CNIL is responsible for implementing all three laws in the country.
French Data Protection Law
GDPR
Electronic privacy instructions
It also has complaints and fines for illegal acts. that power.
Who will be subject to cnil?
If your business belongs to any of the following categories, you must follow.
French territory headquarters in France and overseas
collection and collection and collection /Or personal data of citizens and residents who handle France and overseas French territory
These applicability principles are the same as that of GDPR.
What are the requirements for COOKIE compliance?
Clear user consent
The user shall express his consent through clear affirmation active action (such as clicking \”I Accept\” on the Cookie banner). User’s inaction, rolling or continuing browsing cannot be considered as consent. Before obtaining a clear consent, Cookies other than Cookies should not be placed in the user’s device.
The option to reject cookies
Users should be able to easily reject cookies as easily as they were initially accepted.
The option of withdrawing consent
Users should be able to easily withdraw the consent of Cookie at any time.
The purpose of cookies
Before agreeing, users must clearly understand the use of cookies and the consequences of accepting or rejecting cookies.
Agree to prove
Provide evidence of effective collection of user freedom, knowledge, specific and clear consent at any time.
The following is an information map that allows you to quickly understand the compliance requirements under CNIL.
How to solicit Cookie’s consent under CNIL?
CNIL and GDPR have similar requirements when soliciting users’ consent of Cookie. They are shown in the figure below.
It must be freely agreed. Users should be free to choose whether to agree with Cookie.
Agree must be specific. For every purpose of data collection, you must get consent. This means that if you have obtained the consent for analyzing the purpose, you need new consent to collect data for marketing goals.
Agree with the request must be fully informed. This means that you must tell users your privacy practice when request. It is a good approach to tell them that you use cookies and provide them with links to your privacy policy.
The consent must be clear. You must show an acceptance and rejection button. Only the ACCEPT button is not enough. Users should be able to take equal rights on your website.
CNIL does not solicit Cookie
Although it is necessary to clearly agree according to the requirements of CNIL, it is exempted from allowing allowing without user consent without user consent. Some cookies. The following is a list of cookies exempt from collecting consent.
COOKIE for authentication through service Remember the cookies of the shopping cart project on the e -commerce website Some cookies for generating traffic statistics
Allow paid websites to restrict the content sample of the content sample requested by the user request for free access to the user request
Store user consent Cookie
User interface custom COOKIE
Language preference cookies
How should you interpret the user’s silence under cnil?
CNIL believes that the consent should come completely from active behavior. Therefore, any inaction must be understood as refusal to use cookies.
The following is two situations you can set up cookies on user devices.
The user has agreed to use Cookie
Cookies belongs Seeking to update consent?
In principle, it is necessary to retain the choice of user expression, whether it is his consent or his rejection. Therefore, when browsing the website, they do not have to re -develop their choices between pages.
Therefore, in general, it is recommended he.
The retention period for selected must be evaluated according to the specific situation (about the nature of related websites or applications and the particularity of its audience). Generally, it is a good approach to choose to keep for 6 months.
What is the evaluation of Cookie Walls? The Cookie Wall is a website design that requires users to accept Cookie before accessing the website content. Although the 2019 guidelines are completely prohibited from using the Cookie Wall. Due to the French court’s ruling on the law, CNIL edited its guidelines, stating that the legitimacy of the cookie wall must be evaluated according to the specific situation. If you use the Cookie Wall, you should clearly inform the user that the content is not allowed without consent. Otherwise, the cookie wall or banner should disappear soon, so it will not interfere with the user’s access to the content or affect the user’s consent in other ways.
What are the differences between the CNIL guide and discussion?
CNIL put forward guidance and suggestions. CNIL’s guidelines on Cookie and other trackers will inform you that you are on the user through a smartphone, Computers, tablets and other interfaces applying laws applicable to the Internet interact with the Internet.
The proposal aims to guide the compliance process of relevant professionals. It provides a practical method for obtaining consent in accordance with the applicable rules, and also meets the requirements stipulated in Article 82 of the Data Protection Law. What are the consequences of incompatibility and how to implement it? CNIL fined organizations that violate the GDPR or French data protection law in two ways.
After complaining to CNIL or reporting illegal behavior
After CNIL investigates
In these two cases, the chairman of CNIL can be in these two cases, and the chairman of CNIL can be in the case of CNIL. A reporter was appointed among CNIL members, except for members of the board and submitted to the restriction committee. The restriction committee is composed of five CNIL members and one of the chairmen selected.
During the written procedure between the reporter and the organization, the organization that was charged was notified, and and offered, and and offered Exchange files. The restricted committee received all documents.
In the process, if the reporter thinks it is useful, he can listen to the charged organization’s opinions. In this case, the written report will confirm the hearing.
Penalties can be supervised or non -supervised. In terms of monitoring, the accused enterprises or organizations will be forced to pay up to 4% or £ 20 million in total turnover of up to 20 million pounds, which will prevail. In non -monitoring terms, there will be warning, mandatory order, and regular payment fines.
When will cnil execute? As it announced, it estimates that the deadline for the new rules (released on October 1) should not exceed six months, that is, at the latest to March 2021. CNIL will subsequently audit and take law enforcement operations. As usual, operators must also ensure that they comply with electronic privacy instructions and general data protection regulations.
How to easily abide by CNIL?
With the help of Cookieyes GDPR Cookie agree and compliance notification plug -in, you can make your WordPress website easily complete the CNIL compliance journey. The plug -in makes Cookie management easier with its powerful function set.
This plugin provides you with the followingFeatures.
AutoCookie Scan – The plug -in will automatically scan your website to find cookies. COOKIE agrees with banners-
You can create and customize the consent banner to meet the requirements mentioned in the legal guide.
Detailed consent options-
By informing the usage of the use of Cookie on each type of Cookie on your website, seek a clear consent of Cookie.
Cookie Agreement Log-
Record your user’s consent of related data, such as Cookie, Date, Time, etc. that agree with.
Automatic script stop- You can enable scripts to prevent Cookie from third-party plug-ins
Privacy policy generator- Easily generated from scratch to generatePrivacy/cookie policy.
Conclusion
After CNIL put forward new guidelines, you don’t have much time to comply with it.Therefore, immediately use the Cookieyees GDPR Cookie to agree and the compliance notification plug -in to start your compliance journey.
