DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

🇫🇷 European Union

Cookie consent in France

Consent and privacy law in France

In short
The CNIL has issued some of Europe's most detailed cookie guidance. Its rules require that refusing cookies be as easy as accepting them, that consent be collected through a clear affirmative action, and that scrolling or continued browsing never count as consent. The CNIL has fined large platforms heavily where the reject path took more clicks than the accept path. France treats the ePrivacy cookie rule strictly and expects a Reject All button on the first layer. The CNIL also publishes a recommendation that consent be refreshed periodically and that the purposes of each tracker be described in plain French.
Authority
Commission Nationale de l'Informatique et des Libertés (CNIL)
Status

GDPR applies since 25 May 2018, alongside the Loi Informatique et Libertés

Primary law
GDPR
Languages

fr

Who must comply

Any organization that offers goods or services to people in the EU or monitors their behavior, wherever the organization is based.

Penalties

Up to 20 million euros or 4 percent of global annual turnover, whichever is higher

Key obligations

  • Obtain prior, opt-in consent before non-essential cookies
  • Make refusing as easy as accepting
  • Keep records that prove consent
  • Honor withdrawal at any time
  • Respect data subject rights (access, erasure, portability)

Local guidance

  • Provide a Reject All button with equal prominence to Accept All on the first layer
  • Never rely on scrolling or continued navigation as consent
  • Describe each tracking purpose in plain French
  • Refresh consent periodically, in line with CNIL recommendations

How ConsentX helps

  • Prior-script blocking for true opt-in
  • Equal-weight Allow and Reject controls
  • Tamper-evident consent receipts and evidence
  • One-click withdrawal trigger
  • Built-in DSAR workflow with 30-day SLA
Get started free
yoursite.com
🇫🇷 France

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with France using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under France.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that France requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a France audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Does France require a Reject All button on cookie banners?+

Yes. The CNIL requires that refusing be as simple as accepting, which in practice means offering a Reject All option on the same banner layer as Accept All.

Can scrolling count as cookie consent in France?+

No. The CNIL has stated that continued browsing or scrolling does not constitute valid consent. A clear affirmative action is required for each non-essential tracker.

Governing law

🇪🇺 GDPR

Other countries in European Union

🇩🇪 Deutschland🇪🇸 España🇮🇹 Italia🇳🇱 Nederland🇧🇪 België / Belgique🇵🇱 Polska🇵🇹 Portugal🇸🇪 Sverige🇦🇹 Österreich🇮🇪 Éire / Ireland🇩🇰 Danmark🇫🇮 Suomi