The November 27, 2025the CNIL imposed a fine of 1.5 million fine on American Express Carte France, the French subsidiary of the American Express group.

A few days earlier, on November 20, 2025the CNIL sanctioned the publisher of the website VanityFair.fr (Condé Nast Publications) with a fine of 750 000 € for breaches relating to cookies.

❓ Why these fines?

🟦 American Express Carte France

  • Deposit of advertising cookies before any consentor even in spite of a refusal.
  • Reading cookies even after withdrawal of consent.
  • Direct violations of Article 82 of the French Data Protection Act.

🟧 VanityFair.fr (Condé Nast Publications)

  • Deposit of cookies non-essential upon arrival on the site.
  • Misclassification of cookies as “strictly necessary strictly necessary .
  • Refusal mechanism ineffectivedespite formal notice in 2021.

🔍 What it changes – and what it reminds us of

  • CNIL steps up the pressure: zero tolerance for depositing cookies without consent.
  • Compliance is not not a statebut a continuous process.
  • Companies should regularly check that their CMP really works.
  • Publishers need to audit their practices, especially when it comes to complex technologies such as advertising, measurement and personalization.

📌 To remember

  • Any installation of non-essential cookies without consent is illegal.
  • Consent must be free, clear and informed.
  • The Refuse all button must actually prevent cookies from being deposited and read.
  • Recidivism or inaction can be very costly.

🔧 How Optimal Ways can help companies achieve compliance

Against a backdrop of increasingly stringent CNIL requirements, Optimal Ways helps companies to ensure robust, sustainable and and measurable compliance.

Our Data & Digital Analytics expertise enables us to intervene at several levels:

1️⃣ Full audit of cookies and tracers

  • Exhaustive mapping of cookies (including third-party tags).
  • Identification of non-compliant cookies or cookies set without consent.
  • Analysis of TMS and CMP.

2️⃣ Customized compliance recommendations

  • Consent banner set up correctly.
  • Setting up the blocking for marketing/advertising cookies.
  • Correct reclassification of necessary vs. consent cookies.

3️⃣ Technical implementation & acceptance

  • TMS configuration to guarantee no deposit without consent.
  • Deployment of CNIL-compliant measurement solutions (server-side, consent mode, etc.).
  • Regular functional testing in various environments.

4️⃣ Training internal teams

  • Raising awareness of legal obligations and best practices.
  • A pedagogical approach to understanding the impact of consent on performance.

5️⃣ Ongoing monitoring and updates

  • Proactive regulatory watch.
  • Periodic monitoring and checks to avoid regression.
  • Support in the event of a CNIL inspection.

🔒 Our goal

Ensure a transparent transparent, reliable and compliant data collection environmentindispensable for an effective strategy.

Plan a discovery call