In particular, the CNIL indicated that it will examine:
- The types of cookies used by a given website (i.e., HTTP cookies, flash cookies (local shared objects), fingerprinting techniques);
- The purposes for the cookies;
- Whether the web publisher is aware of the purposes of all the cookies placed on, or accessed from, its website (whether they’re first- or third party cookies); and
- If old or obsolete cookies are on the website.
- Whether such cookies are placed or accessed before the user has given his/her consent;
- How the user provides consent (e.g., by clicking on a button, by continuing to use the website after having read a banner);
- Whether the consent mechanism is user-friendly and ergonomic;
- Whether the information provided about cookies is visible and simple;
- Whether users can withdraw their consent at any time; and
- When cookies have been set to expire.
The CNIL made it clear that it may issue sanctions following these inspections in case of non-compliance with French law. Accordingly, companies that operate French websites should take immediate steps to ensure they are complying with the CNIL’s new cookie guidance.