Community Manager
Community Manager

Updated GDPR Banner Guidelines (France & UK)

Instructions for updating your site notices to comply with the CNIL ruling live here.


In October 2020, the CNIL, the French data protection authority, released updated guidelines around the experiences end users should encounter when interacting with consent notices. This ruling falls within the mandates of GDPR and updates of the required specifications of what controls must be included in the first level (banner) notice experiences.

The CNIL ruling highlights

The CNIL has determined that the following new banner requirements must be adopted by March 31, 2021:

  • Inclusion of Accept and Decline buttons
  • Exclusion of banner walls; e.g., cannot force a user to provide consent in order to avail themselves of the full website experience
  • Provision of link to appropriate policy (either cookie or privacy) on the first level (banner)
  • Specific time period until the company may request consent again. Note that the preference cannot be deleted for 13 months.*
  • Inclusion of the number of partners/3rd parties on the first level (banner)
  • List all categories of 3rd parties on the first level (banner)
  • Banner required to disappear after short time lapse (e.g., 10 to 20 seconds) if the user has not made preference selections.

*Recommended duration of valid consent is now 6 months.

New consent banner settings

These updated banner settings will appear in the Universal Consent Platform in early-March 2021, where you will have access to a new default banner style within UCP that supports the new features.

For any questions regarding these updates, contact your Customer Success Representative.

Labels (1)

Has the ICO, UK regulator, changed it's position on consent notices? I see reference to the CNIL in France, but nothing in relation to the UK despite it being mentioned in the headline.

@matthewashcroft ICO have not changed their position.  This was originally put out by CNIL to which the ICO followed up on saying they would enforce the most strict approach.  This is meant to support the ideas that CNIL put out but within the tool you can set this up for whichever country you feel is needed.

Thank you. I hadn't noticed the ICO make any comment around these requirements, so wanted to check I wasn't missed anything!

Can't find what you are looking for?

Find Answers

Search our DG Forum to find answers to questions asked by other DG users.

Ask a Question

No luck? Ask a question. Our Product and Support teams are monitoring the Forum and typically respond within 48 hours.

Ask a Question