• EN
    • DE
  • Login
Consent Management Platform
Consent Management Platform (CMP) Usercentrics
  • ProductsHolistic Consent Management Software
    • Website Consent Management
    • Mobile Consent Management
    • AMP Consent Management (BETA)
    • Smart Data Protector
    • Automatic Privacy Policy
  • Solutions
    • GDPR
    • CCPA
    • CMP for Publishers
  • Pricing
  • Resources
    • Developer Documentation
    • Videos
    • FAQ
    • Knowledge Hub
    • Whitepaper
    • Webinars
    • RFI Template
    • What’s new?
  • Partner
    • Find a partner
    • Become a partner
    • Tech Partner
    • Expert Partner
    • Reselling Partner
    • Referral Partner
  • Company
    • About us
    • Career
    • Press
    • Events
    • Contact
  • GET STARTED NOW
  • Menu
GDPR & Cookies
June 29, 2020 | 2 min read

Cookie Walls can’t be legally forbidden French CNIL says

Resources
Knowledge Hub
Cookie Walls can’t be legally forbidden French CNIL says

Table of contents

Show more Show less

On 19 June 2020, in response to complaints filed, the Conseil d’État (‘the French Council’ and highest administrative court) ruled that the French Data Protection Authority (‘CNIL’) could not legally prohibit “cookie walls” for websites and mobile apps in its official guidelines. 

Ban on Cookie Walls taken down 

The French Council stated that the CNIL exceeded its legal powers (based on ‘soft-law’ i.e. mare recommendations) by placing a ban based on the unique requirement of free user consent to the placement of cookies and similar trackers, set out in the General Regulation on Data Protection (GDPR).

The result of the decision was the annulment of paragraph four in Article 2 of the CNIL’s decision approving the Guidelines (4 July 2019) and CNIL having to pay the applicants €3,000 under the Code de justice administrative – Article L761-1.

What exactly is a cookie wall? 

A cookie wall is a barrier that puts the user in a “take it or leave it” situation. If the user wants to access the information on the website he or she is forced to accept cookies to continue using the website (opt-in). If the user refuses to opt-in he or she is  denied access to the website.

Provisions in Guideline upheld: Cookie Information and Unbundled Consent 

On the other hand, the French Council did not accept the applicants complaints on the fact the Guidelines imposed specific procedures for companies to obtain consent. 

The provision stating companies should give users specific information on the purpose of processing was maintained as it is based on preexisting legal requirements: companies are still responsible to comply with all provisions in the GDPR, including needing legitimate interest or consent to process data. Thus the CNIL has not imposed a new information obligation unjustified in law. 

Also, applicants try to argue on the ability to bundle several consent together which was also not approved by the Council (granularity required still maintained) as, following the first point, acceptance has to be specific to the purpose of the processing. However, it is important to remember companies are still allowed to offer the option to users of providing one consent for all purposes. 

 

Users have to have a choice. As long as users have several options to accept or withdraw consent, having the possibility to grant the company consent in a granular way, consent is considered appropriate and in line with GDPR.

Next steps 

All things considered, the CNIL published a statement in response to the French Council’s decision accepting to modify the Guidelines with the clarification on the cookie wall ban. 

On top of that, after September 2020, the Guidelines will endorse suggestions on the ways of collecting consent to cookies. They will be in force in March 2021, following a six month transition period to give companies the opportunity to adapt their cookie settings. 

 

Official Links to full decision (only available in French): 

  • Press release
  • Decision
  • CNIL Statement

Related Articles

5 Tips for Handling Cookies Correctly in Live Chat Supportlive-chat_userlike
November 23, 2020
6 min read
GDPR & CookiesUsercentrics Best-Practices

5 Tips for Handling Cookies Correctly in Live Chat Support

Cookies aren’t just for tracking user behavior and displaying ads. They’re part of nearly every online tool, such as...

Read more
Brexit and the ICO Guidelines on Cookie Consent: How to be compliant after the transition periodBrexit - Article
August 13, 2020
5 min read
GDPR & Cookies

Brexit and the ICO Guidelines on Cookie Consent: How to be compliant after the transition period

The end of the Brexit transition period is quickly approaching – and publishers are wondering if their data strategy...

Read more
GDPR Cookies Checklist: Your Toolkit for ComplianceGDPR Checklist | Usercentrics
July 2, 2020
3 min read
ePrivacy & Privacy PolicyGDPR & Cookies

GDPR Cookies Checklist: Your Toolkit for Compliance

Uncertain about how to become compliant with GDPR and the ePrivacy Directive? We’re here to help. Future-proof your marketing strategy...

Read more

Next Steps

Scan your website

Scan your website

Check your privacy compliance
Request a demo

Request a demo

Schedule for free
Get started

Get started

See our pricing

Legal Update

Always up-to-date: With our legal update, we keep you up to date with the latest trends around data protection.

Products

  • Website Consent Management
  • CMP for Publishers
  • Mobile App Consent
  • Automatic Privacy Policy
  • Smart Data Protector
  • AMP Consent Management (closed beta)

Resources

  • Whitepaper
  • Case Study
  • On Demand Webinars
  • Live Webinars
  • Knowledge Hub
  • RFI Template
  • Videos
  • FAQ
  • Developer Documentation

About Us

  • Who we are
  • Career
  • Press
  • Events
  • Contact

Our Mission

Helping companies to achieve compliance in harmony with their marketing strategy.

Legal

  • Legal Notice
  • Privacy Policy
  • Terms and Conditions

Address

Usercentrics GmbH
Sendlinger Straße 7
80331 Munich
Germany

© Copyright 2021 Usercentrics

This website and all services provided by Usercentrics are not intended for users and companies outside of the European Union, U.K. or Switzerland.

50 million Euro fine upheld for Google due to GDPR breach 50 million Euro fine upheld for Google due to GDPR breach GDPR Checklist | UsercentricsGDPR Checklist | Usercentrics GDPR Cookies Checklist: Your Toolkit for Compliance
Scroll to top