Blog
The CNIL Orders Website Publishers to Modify Misleading Cookie Banners
December 16, 2024
Want to receive these privacy recaps that matter to consent management, adtech and martech in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.
EUROPE
The CNIL Orders Website Publishers to Modify Misleading Cookie Banners
The French CNIL announced that it ordered several website publishers to modify, within one month, their consent banners that the CNIL found to be misleading. In particular, the announcement cites the following practices by the publishers as misleading and non-compliant:
- “the opt-out option takes the form of a clickable link whose choices of color, character size and font disproportionately highlight the opt-in option compared to the opt-out option;
- “the opt-out option is confused with the information notices because of its location to the point that it is not easily discernible;
- “the opt-out option is attached to other paragraphs without sufficient spacing to visually distinguish the opt-out method of the tracers from all the other information brought to its attention;
- “the acceptance option is presented several times in the banner while the refusal option is only present once, moreover, in non-explicit terms (“I decline non-essential purposes”).”
TAKEAWAY
In its announcement, the CNIL cites a report created by a Cookie Banner Taskforce and adopted by the EDPB in 2023, reflecting the common denominator agreed by supervisory authorities in their interpretation of GDPR and the ePrivacy Directive when handling cookie complaints from advocate noyb; however, the CNIL’s requirements seem to take the EDPB requirements one step further.
For example, the taskforce found that a “a general banner standard concerning colour and/or contrast cannot be imposed on data controllers”, but rather than a case-by-case verification would need to be conducted to determine whether the contract and colours are “obviously misleading.” The only such practice the taskforce could cite as “manifestly misleading” was “an alternative action is offered (other than granting consent) in the form of a button where the contrast between the text and the button background is so minimal that the text is unreadable to virtually any user.” The report does state that it reflects a “minimum threshold”, but, based on the examples given, it appears that the CNIL may impose requirements a step above such threshold.
Want more of the privacy highlights that matter for consent management, adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.
A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.
Latest Blog Posts
The CNIL Orders Website Publishers to Modify Misleading Cookie Banners
December 16, 2024The CNIL orders website publishers to modifying misleading cookie...
What I’ve Learned About Privacy Law as a Marketer for a Privacy Company
December 16, 2024I recently attended a privacy law event that Sourcepoint...
FTC and Sensitive Location Data; New Pen Register Class Actions
December 9, 2024FTC takes action against the sale of sensitive data...
Latest White Papers
E-book: Enterprise Guide To Cookie management & Tracker List Curation
July 1, 2024How to review the tracking tech on your websites...
Benchmark Report: US Privacy Compliance
August 19, 2022The current state of publisher compliance with CCPA, and...
Keep in touch
Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.