By Helen Huang, Senior Product Manager
In September 2014, the French Data Protection Authority, CNIL conducted a “cookie sweep” to review compliance with the EU Cookie Directive and published a combined analysis from 8 DPAs, including the Czech Republic, Denmark, France, Greece, The Netherlands, Slovenia, Spain, and the UK. The “cookie sweep” involved the CNIL conducting onsite and remote inspections to evaluate compliance with the latest EU cookie standards. The 2014 cookie sweep findings showed that many companies’ websites did not comply because insufficient notice and valid consent were being given to and/or sought from visitors. Many websites subsequently put in place compliance solutions as enforcement and possible fines continue to be very real. Details about the results of the initial sweep can be found here.
With the upcoming expanded and stricter consent requirements under the General Data Protections Regulation – the GDPR, as well as anticipated amendments to the EU Cookie Directive, it is worth paying closer attention to the actions and next steps needed to come into compliance with EU regulations.
On July 27, 2016, the CNIL announced a new round of cookie sweeps and cookie enforcement actions that will focus on specific industries: Ad Tech, Social Media and Analytics companies. The French Data Protection Authority recognizes the complexity of the online advertising ecosystem, and holds both publishers and their processors responsible for activity on a website.
Publishers should provide more information on the ad tech, social media and analytics partners they work and share data with, the nature of data collected and processed by them and the rights of the data subjects to object.
In terms of next steps, publishers partners should also “(i) assess their current cookie compliance strategy, (ii) update their publisher terms (where required) and (iii) equip publishers with actionable tool kits containing for instance FAQs, template end-user wording and means to object.” With CNIL as the lead DPA, companies should still expect different degrees of strictness and various ways to implement the consent mechanism in each EU member state.
When developing your cookie compliance strategy, one of the most critical requirements is to provide proper Notice, Consent, and Choice to visitors. Launched in 2011, TRUSTe Cookie Consent Manager has continued to keep pace with evolving laws and regulations, and has been enhanced to tackle the complex landscape and varying requirements of the EU countries. TRUSTe has deployed hundreds of cookie consent solutions for many of the world’s most recognized brands, enabling them to comply with the EU Cookie Directive. Click here to see a live demo and learn more about why TRUSTe Cookie Consent Manager is the trusted data privacy solution.
If you have any questions about consent requirements under the EU Cookie Directive or GDPR, please contact TRUSTe to learn more about how we can help.