France: Issued ruling in CNIL investigation into alleged misleading cookie consent banners

On 12 December 2024, the French Data Protection Authority (CNIL) ruled in its investigation into complaints about misleading cookie consent banners. The CNIL found that several website publishers were not complying with the Data Protection Act (Article 82), particularly regarding the presentation of consent collection banners. The investigation determined that refusal options for cookies were not as straightforward as acceptance options, and information was often presented in an ambiguous or misleading manner. Practices such as using non-distinctive opt-out links, confusing layout placements, insufficient spacing, and repetitive acceptance options while minimizing refusal terms were identified as non-compliant. Consequently, the CNIL has mandated these publishers to amend their banners within one month to ensure that the consent collected is valid, in line with the General Data Protection Regulation (GDPR) and the ePrivacy Directive.