- What is the context?
This transition period will end on March 31, 2021.
- Why should organizations fear an enforcement campaign by the CNIL ?
Since October 2020 and during all the transition period, the CNIL has been relentlessly promoting its Revised Guidelines to the public as well as among sectoral organizations and professional associations.
The CNIL has also specifically stated during that transition period that it would begin enforcing the Revised Guidelines from April 1st, 2021.
The CNIL has most notably :
- announced that compliance of websites with the rules applicable to cookies and other trackers is part of its three main focuses in the context of its investigations program for 2021, along with websites cybersecurity and health data (see here). As the CNIL has used for years the possibility to carry out investigations online, there is a high risk that an organization website be investigated by the CNIL, in particular if the site targets consumers ; and
- published several communications on its website (cnil.fr) in order to guide organizations in their path to compliance with the Revised Guidelines. Most notably, the authority has specified the criteria it deems necessary to benefit from the consent exemption applicable to audience measurement trackers under Article 82 of the French Data Protection Act and launched a program enabling audience measurement solutions providers to assess whether their solutions could benefit from the exemption (see here).
In light of the above, it has become urgent for organizations that have not yet started measures to comply with the Revised Guidelines or which have not finalized their compliance measures, to take all the measures necessary to comply with the Revised Guidelines, as it makes no doubt that the CNIL will launch a massive control campaign regarding the Revised Guidelines and will show little leniency for non-compliances.