This post is also available in: Español

Online advertising is one of the sectors most affected by the entry into force of the General Data Protection Regulation (GDPR), particularly regarding the requirements for the installation of cookies and users’ prior consent (opt-in) for online advertising.

In order to ensure that French online service providers comply with the obligations of the GDPR, the Commission Nationale de l’Informatique et des Libertés (“CNIL”) has published an action plan for 2019-2020 divided into two phases.

In the first phase, the CNIL will repeal its 2013 recommendation on cookies, which has become outdated in some respects—especially with regard to consent requirements. Data controllers will have 12 months to implement the new guidelines after their publication. The CNIL will continue to monitor that cookies are installed only after obtaining consent from the users.

The second phase includes a consultation period with interested parties (publishers, advertisers, service providers and intermediaries in the adverising industry, etc.) to prepare new guidelines with practical recommendations on consent for online commercial communications. The CNIL will carry out new inspections to verify the correct implementation of these guidelines after 6 months of their final publication.

At a domestic level, service providers established in Spain are fully affected by the obligations of the GDPR. It is therefore advisable to follow the initiatives and recommendations of the Spanish Data Protection Agency (AEPD).

By Sergi Gálvez and Albert Agustinoy

This post is also available in: Español



106 artículos


42 artículos

Asociado del Área de Propiedad Intelectual y Protección de Datos. Especialista en protección de datos y tecnologías disruptivas. Participa en el asesoramiento recurrente en materia de protección de datos y contratación tecnológica de compañías nacionales e internacionales, especialmente en la configuración jurídica de evaluaciones de impacto, transferencias internacionales de datos personales, contratos de encargo de tratamiento y en el asesoramiento durante violaciones de seguridad. Además de prestar asesoramiento continuado a clientes en los ámbitos mencionados, tiene experiencia en asesorar a empresas de diferentes sectores en la configuración legal de proyectos que implementan tecnologías disruptivas, tales como el Big Data, Internet of Things, artificial intelligence y smart robots.