Back in April 2021, we wrote that if your website is accessible in France (and hey, aren’t they all?), chances are website owners had to bring their cookie consent practices in line with new French rules or face the wrath of France's data protection supervisor, the Commission nationale de l'informatique et des libertés, (CNIL), which had automated audits to periodically analyze cookie deposit practices.
Now, after checking the 1.000 websites with the highest traffic in France, and with several sanctioning procedures already launched, the CNIL announced a continuation of the program in the next months. Moreover, the CNIL reminded the public that in the event of non-compliance with the rules, organisations may incur financial penalties of up to 2% of their turnover.
As they started with the 1.000 websites with the highest traffic in France, it could well be that organisations have some time to bring your website in order. Being an automated process, the CNIL could choose to bring up the pace at any time however.
The program’s pilot seems successful, as most organisations which had received formal notices regarding non-compliance with CNIL's cookie rules have come in compliance within the one-month deadline set by CNIL. Since privacy authorities around the world remain understaffed and underfunded, and the CNIL having a history with open-source software, we expect the approach to be exported to other countries as well. You can read the press release here (only available in French)