The Amended Guidelines
The new Guidelines now take a softer approach towards cookie walls: while not banning cookie walls altogether, the CNIL emphasizes that cookie walls are likely to undermine the freedom of users to consent. Their lawfulness must be assessed on a case-by-case basis. In any event, if a cookie wall is used, the information provided to the user must clearly indicate the consequences of his choices and, in particular, the impossibility of accessing the content or service without consent.
The Guidelines also provide, inter alia, the following:
- Navigation of a website does not constitute valid consent under the GDPR, as consent must involve a clear affirmative action by the user;
- Users must be able to withdraw consent at any time.
CNIL’s Recommendation constitutes a practical guide for professionals, providing information on compliance with the legal framework when using cookies or other trackers.
The Recommendation includes practical examples concerning, among others, how information could be provided to users before obtaining their consent or how to design the interface for obtaining user consent. On this point, the CNIL points out that the mechanism allowing a user to express a refusal to consent should be accessible on the same screen and with the same ease as the mechanism allowing the user to express consent. Thus, an “accept all” button should be at the same level and in the same format as a “refuse all” button (you can read about the implications of this position for ad tech actors under the supervision of the CNIL in the paper I have co-authored with Damien and Dimitrios).
In terms of the timeline for compliance with the framework on cookies and other trackers, the CNIL expects all actors concerned to ensure that their practices comply with the requirements of the GDPR and the ePrivacy Directive by the end of March 2021.
(Image source: Search Engine Journal)