The CNIL recently announced that, as from October 2014, it will verify compliance with its Recommendation on cookies and tracking technologies issued on December 5, 2013. Compliance checks will be conducted through on-site and online inspections.
The CNIL may review:
- The types of cookies used by internet websites (e.g.: HTTP cookies, local shared object, finger printing techniques, etc.);
- The purpose of the cookies: (i) whether website operators are aware of the purpose of all the cookies that are set or read from their websites (including first-party and third-party cookies), and (ii) whether cookies are set that have no purpose (e.g.: obsolete cookies).
Furthermore, in cases where the cookies’ purpose requires obtaining users’ prior consent, the CNIL will review:
- How users’ consent is obtained;
- The possibility for users to withdraw their consent at any time;
- Cookies’ lifespan and consent period (the CNIL recommends a maximum validity of 13 months).