Paris (AFP)

The Cnil, French gendarme of personal data, announced Tuesday the formal notice of "twenty organizations", including unidentified web giants, for not having made it possible to easily refuse cookies, these criticized computer tracers long-standing by privacy advocates.

The checks started in April "showed that a certain number of organizations still did not allow Internet users to refuse cookies as easily as to accept them", explains the regulator in a press release.

The organizations targeted are "mainly large companies in the digital economy" including "international players", but the formal notices being non-public, no name has been disclosed.

The companies and public actors concerned have one month to comply and incur penalties of up to 2% of turnover, indicates the CNIL.

"This is the first campaign of verifications and corrective measures since the expiration (on April 1) of the deadline given to actors to bring their sites and mobile applications into compliance with the new rules on cookies. Similar actions will be taken. conducted over the next few months, ”she recalls.

In October 2020, the National Commission for Data Protection and Civil Liberties published its "recommendation" on targeted advertising, the result of a long consultation process to apply the principles of the European General Data Protection Regulation (GDPR), which entered into force in 2018.

- "Failure of the GDPR vis-à-vis Gafam"

In particular, the regulation provides for explicit consent to the collection of personal data.

Concretely, the regulator had specified in October that he wished that on the banners of collection of the consent, the button "Refuse all" be as easy of access as "Accept all".

The CNIL had left the publishers of sites and mobile applications six months to adapt.

In the meantime, however, it had sanctioned Google and Amazon with record fines of 100 and 35 million euros due to non-compliant information banners, on the basis of legislation prior to the GDPR.

But for the association for the defense of digital freedoms La Quadrature du net, "the Cnil (has) offered without justification three years of respite to websites violating the law."

In a statement, the association regrets that out of five complaints filed in 2018 against Google, Amazon, Apple, Facebook and LinkedIn (a subsidiary of Microsoft), none were successful.

"The failure of the GDPR vis-à-vis Gafam is so total and blatant that it is difficult to imagine that it is not voluntary or, at the very least, knowingly permitted", accuses the Quadrature du net.

"The legal framework applicable to cookies and tracers is old and increasingly clear", explains to AFP Sylvain Staub, associate lawyer at DS Avocats and president and founder of Data Legal Drive, a compliance with the GDPR.

"The companies whose sites are not in conformity have deliberately decided to use cookies in violation of the texts and to the detriment of Internet users. (...) It is above all the companies which live off advertising and navigation statistics" , he adds.

According to him, "the Cnil is still in a logic of pedagogy but the residences are a signal sent to the market to say that from now on it monitors and it sanctions".

© 2021 AFP