French DPA Issues New Cookie Compliance FAQsBy: Richard Beaumont | Wednesday, January 8, 2014 | Tagged: CNIL, Cookie Law, French Cookie Compliance | Leave Comment
The French Data Protection Authority the CNIL has recently issued guidance and FAQs for website operators on how to comply with the French implementation of the cookie law. Details can be found here: http://www.cnil.fr/vos-obligations/sites-web-cookies-et-autres-traceurs/
These are only available in French but basic summary of the requirements are:
- Visitors should be shown a banner on arrival at the site, explaining that cookies are in use, and including a link to more information.
- The banner should stay in place at least until a visitor clicks on a link.
- Consent can be given by clicking a link, where the result of this action has been made clear, however cookies requiring consent should not be set prior to this action.
- Any consent should be deemed to expire after a maximum of 13 months – when new consent would be required.
- Navigating to the more information page should not be construed as consent to set cookies.
- The site should provide a mechanism to accept or reject different types of cookies by purpose.
- Relying solely on browser settings is acceptable only in a very narrow set of conditions – which they recognise is unlikely to be met by most websites.
- Where a browser sends a Do Not Track flag – the site should not set cookies that might be used to ‘profile’ a user.
All of which means that in effect, French websites should be operating on an opt-in model and therefore need a product like Optanon to be fully compliant with these guidelines.