CNIL Guidance: FAQ

What is the CNIL and what changed recently?

The CNIL (Commission nationale de l'informatique et des libertés) is France's data protection authority and the regulatory body responsible for enforcing privacy and data protection laws, including GDPR and ePrivacy rules.
In April 2026, the CNIL published updated guidance that further clarifies its expectations around consent, transparency, and tracking in email communications. This guidance reinforces how organizations should lawfully collect and use data in marketing interactions with individuals in France.

 

Why is the CNIL issuing new guidance now?

The CNIL has increased its focus on ensuring that consent and tracking practices are implemented consistently and transparently. The updated guidance reflects evolving regulatory scrutiny and is intended to provide clearer expectations for companies operating marketing and messaging programs in France.

 

Who is impacted by this guidance?

Any organization that markets to individuals in France, or processes data related to digital communications sent to French recipients, may be impacted. This includes brands that rely on digital marketing platforms, messaging, analytics, or tracking technologies as part of their customer engagement strategies.

 

What are the main concerns the CNIL is addressing?

At a high level, the CNIL is focused on three core areas:

• Clear and valid consent for tracking and data usage.

• Transparency into how data is collected and used.

• Demonstrable compliance, including the ability to honor user choices.

These principles are designed to protect individual privacy while ensuring responsible data practices.

 

How is Selligent responding?

To help you comply with CNIL rules for individual (user-level) email open tracking, Selligent now lets you manage the required consent.

Detailed info can be found in the following user guide: Managing Opt‑out for Email Open Tracking in Selligent.