What are the new cookies regulations?

The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) affects how you, as a website owner, can use cookies and online tracking of visitors from the European Union.

Wednesday March 31, 2021 was the very last limit set by the National Commission for Informatics and Freedoms (Cnil), for French advertisers to comply with European rules relating to cookies.

From Thursday, April 1, 2021, the banner on websites is required to enable much more explicitly Internet users to “refuse” these computer tracers much more explicitly.

This is one of the measures voted in 2016 by the European Union in the General Data Protection Regulation (GDPR) and entered into force in May 2018 in all 28 (now 27) member states.

When they browse the web or use mobile applications, Internet users are increasingly followed by various actors (service editors, advertising agencies, social networks, etc.) who analyze their browsing, their movements and their consultation or consumption habits, in particular in order to provide them with targeted advertising or personalized services.

This tracing is carried out by means of various technical tools, tracers, of which cookies are a part.

Cookies are small pieces of text inserted into your browser while you are browsing the web.

There are various types of cookies and have multiple uses: they can be used to remember your customer ID with a merchant site, the current content of your shopping cart, the language of the web page, an identifier allowing to track your navigation for statistical or advertising purposes, etc.

They are a source of concern for many users, while others are not even aware of their existence apart from the mandatory pop-ups on all websites that ask you to Accept cookies“.

If you are a website owner, it is important that you make sure that the management of cookies and consent on your site complies with the very strict requirements of the GDPR.

In France, the National Commission for Informatics and Liberties (CNIL) carries out numerous checks and issues sanctions for non-compliance with the GDPR and French legislation.

Your website is required under the EU’s General Data Protection Regulation (GDPR) to allow European users to control the activation of cookies and trackers that collect their personal data.

This is the essential point of consent to the use of cookies according to the GDPR – and the future of our digital infrastructures.

The CNIL reminds that the consent requirement provided for by these provisions refers to the definition and the conditions provided for in Articles 4 and 7 of the GDPR.

It must therefore be free, specific, enlightened, unambiguous and the user must be able to withdraw it, at any time, with the same simplicity with which he has granted it.

In order to remind and clarify the law applicable to the deposit and reading of tracers in the user’s terminal, the CNIL adopted guidelines on September 17, 2020, supplemented by a recommendation aimed in particular at proposing examples of modalities consent collection practices.

Consent must be manifested by a positive action of the user, informed beforehand, in particular, of the consequences of his or her choice and having the means to accept, refuse and withdraw his or her consent. Appropriate systems must therefore be put in place to collect consent in practical ways that allow Internet users to benefit from easy-to-use solutions.

Acceptance of general conditions of use cannot be a valid method of obtaining consent.

The CNIL will therefore now carry out checks to assess compliance with the rules relating to tracers, in application of article 82 of the Data Protection Act and articles 4 and 7 of the RGPD on consent, as summarized in its guidelines.

Through this action, the CNIL intends to meet the expectations of Internet users who are increasingly sensitive to Internet tracking issues, as evidenced by the constant complaints it receives on this subject.

If breaches are noted following checks or complaints, the CNIL may use all the means made available to it in its repressive chain and issue, if necessary, formal notices or public sanctions.


The evolution of the applicable rules, clarified by the guidelines and the recommendation of the CNIL, marks a turning point and progress for Internet users, who will now be able to exercise better control over online tracers.

Dreyfus can assist you in the management of your trademarks portfolios in all countries of the world. Do not hesitate to contact us.