The French Data Protection Authority (CNIL) announced that between September 15 and 19, European Union (EU) data protection authorities will conduct a “sweep” of websites to review compliance with the EU Cookie Directive. “Sweeps” are described by the EU as “simultaneous, coordinated checks to identify breaches of consumer law and to subsequently ensure its enforcement.”10
In this case, the sweep will be an EU-wide screening of websites to assess whether the sites provide consumers with notice and acquire consent to cookie practices in accordance with the EU Directive. Following the sweep, the national data protection authorities could undertake enforcement actions, such as contacting companies about irregularities and seeking corrective or legal action. To date, EU data protection authorities have revealed scant details about the upcoming sweep, particularly whether it is primarily informational or investigative in nature. The sweeps follow a similar effort in May 2013, by the Global Privacy Enforcement Network, in conjunction with 18 data protection authorities, which led to an “Internet privacy” sweep that examined the presence, location, and substance of website privacy policies.
CNIL has announced plans to conduct further examinations of websites in October, 2014, to assess compliance with French data protection laws, and specifically guidance issued by CNIL in December 2013.