
Welcome to Osano's Developer-Centric solutions: New APIs and iOS SDK
Osano is thrilled to unveil a new suite of features designed with...
Read NowThe simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline the DSAR workflow
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
September 1, 2021
Last year, the French Data Protection Authority (CNIL) changed its rules on cookies. While EU law binds companies as a baseline, member state laws can go above and beyond those rules, according to their perceptions of how to best protect consumers.
Per the new rules, Osano now provides a consent-banner configuration that applies to French users and complies with the CNIL’s rules.
When a user encounters a consent banner, there’s an order to operations. Under EU rules, you can disclose data uses on a tiered basis. In that way, users can choose how much information they need to make a decision on whether to consent. Typically, Osano’s Consent Manager discloses cookie practices within the consent banner’s “drawer,” or the second layer of notification. The CNIL dislikes that model and said sites gathering consent from French users should announce up-front, at the “first-layer,” what they plan to do with user data.
In Osano’s French banner, then, the user is shown details about data collection and use at the first point-of-contact with the site.
In October 2020, the French Data Protection Authority (CNIL) published revised cookies guidelines on obtaining user consent to collect or store non-essential cookies -- cookies deployed for advertising purposes.
The CNIL guidelines call for entities to give more information than previously required under GDPR guidelines to collect consent. Now, the minimum information described to users must include the identity of the data controller and the purpose of the cookies deployed. It must also tell users how they can withdraw consent and the potential consequences of either choice.
The new guidelines also state that a user’s failure to opt-in to cookies must, by default, be considered non-consent.
In addition, the rules no longer completely ban cookie walls. But the CNIL indicates it frowns upon it because it’s less representative of true “affirmative consent.”
Previously, the CNIL allowed sites to collect user consent for a group of sites, provided they notified users. Now, the CNIL “strongly recommends” seeking consent for each site from each user if an entity other than the first-party website deploys non-essential cookies.
CNIL gave sites six months to comply with the new rules. That window closed in March 2021, and the regulator has since started auditing sites and issuing non-compliance letters.
Now, Osano customers can provide the correct consent banner for CNIL compliance.
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
The Osano staff is a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet. Occasionally, the team writes under the pen name of our mascot, “Penny, the Privacy Pro.”
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.