Privacy & Information Security Law Blog

On September 18, 2014, the French Data Protection Authority (the “CNIL”) announced plans to review 100 French websites on September 18-19, 2014. This review is being carried out in the context of the European “cookies sweep day” initiative, an EU online compliance audit. The Article 29 Working Party organized this joint action, which runs from September 15-19, 2014, to verify whether major EU websites are complying with EU cookie law requirements.

The eight EU data protection authorities (“DPAs”) that are taking part in this initiative are spending one or two days checking the most popular EU e-commerce and media websites.

In particular, the CNIL will examine:

• The number and type of the cookies placed on the user’s computer;
• The methods by which users are informed of cookies;
• The visibility and the quality of the information provided to users;
• How the site obtains user consent;
• What happens if a user refuses the cookie; and
• How long the website’s cookies remain on users’ computers.

The CNIL and other participating DPAs will use a common analysis grid when reviewing the sites.

The EU cookies sweep day is intended to provide the EU DPAs with an overview of existing cookie-related practices. Although the CNIL will not impose sanctions based on this review, it may impose sanctions following its planned inspections, which will begin in October 2014 and will verify compliance with the CNIL’s new guidance on the use of cookies.