On May 18, 2021, the President of the CNIL, the French Data Protection Authority, sent about twenty formal notices to private and public organizations including international actors, on the grounds that they did not allow Internet users to refuse cookies as simply as they could accept them.

In April 2021, the CNIL, the French Data Protection Authority, had announced that if privacy breaches were discovered following controls or complaints, it could use all the repressive means at its disposal to pronounce public sanctions or send formal notices.

The recipients of said formal notices have one month to comply with the cookies legislation, otherwise they incur financial penalties of up to 2% of their turnover.

In apress release issued on May 25, 2021, the CNIL indicates that this actions are part of the first campaign of controls and corrective measures since the expiry of the tolerance period granted to actors to ensure that their sites and mobile applications comply with the new legislation on cookies. Similar actions will be carried out in the upcoming months, this subject being one of the priority grounds for controls carried out by the CNIL in 2021.