The Cnil cannot ” legally prohibit (…) ‘cookies walls’, a practice which consists of blocking access to a website in the event of refusal of cookies ”, said the Council of State in a press release. “By deducting such a prohibition from the sole requirement of a free consent of the user to the deposit of tracers laid down by the European Data Protection Regulation (RGPD), the CNIL exceeded what it could legally do”, the statement continued.
A ” adaptation period “
The Council of State also stressed that site editors do not need to request specific consent for each use of data by the Internet user, who can give overall consent. On the other hand, the consent of “The user must be preceded by specific information” for each of these uses, he insisted. The Council of State had been seized by the Geste, the union of publishers of content and online services, and other professional associations: the latter oppose the new guidelines adopted by the Cnil in 2019, after the entry into force of the new European data protection regulation (GDPR) a year earlier.
Cookies allow site publishers to accumulate data on Internet users, which can then be resold, in particular for targeted advertising purposes. However, the Council of State did not follow the publishers on their other grievances on these guidelines, notably concerning the recommended retention period for cookies. The CNIL is due to publish its “recommendation” (a practical guide for applying the guidelines) shortly. The first penalties for non-compliance with these instructions will only occur after a “Adaptation period” six months, the time that publishers update their sites.