VanityFair France Faces €750,000 Fine for Non-Compliant Cookies

CNIL has issued another major enforcement action in the cookie-compliance space. This time, the French regulator fined the publisher of VanityFair.fr a total of €750,000, citing repeated violations around cookies being set and read before users had given consent. The action serves as a clear reminder that cookie compliance must be consistent, transparent, and technically sound, not a one-off setup left unattended.

VanityFair France Faces €750,000 Fine for Non-Compliant Cookies

What CNIL Found: Cookies Dropped Without Consent

According to CNIL's findings, VanityFair.fr placed trackers as soon as users landed on the site, long before they interacted with the cookie banner or granted consent. The site also misclassified certain advertising and analytics cookies as 'strictly necessary', allowing them to fire without permission. Even when users clicked 'refuse' or later withdrew consent, cookies continued to load or remained active.

What made the situation more significant was its history. CNIL had received complaints as early as 2019 (from NOYB) and issued an order to comply in 2021. Yet follow-up inspections in 2023 and 2025 continued to show improper cookie behavior. This progression illustrates a fundamental truth: even established publishers cannot rely on partial fixes or outdated consent tools. Compliance must be maintained over time.

Why a CMP Matters More Than Ever

The VanityFair case shows what happens when consent management is treated as a minor technical detail rather than core infrastructure. A proper CMP ensures that non-essential cookies are not activated before consent, that user choices are enforced in real time, and that consent decisions are logged accurately.

Websites evolve constantly. New tags, advertising scripts, and analytics tools appear frequently. A banner that worked a year ago may no longer control today's tags correctly. That is how many violations happen, not through deliberate misconduct, but through poor integration and lack of continuous oversight. CNIL's action shows that regulators expect functioning, actively maintained consent systems, not static banners that fail silently.

Beyond regulatory risk, respecting user decisions builds trust. When a site sets cookies before consent or ignores a user's rejection, it damages credibility and weakens the relationship with its audience. Transparency and accuracy in consent handling are now essential to both compliance and user experience.

What Site Owners Must Pay Attention To

Delivering proper consent management goes far beyond displaying a banner. Consent must be obtained before any non-essential cookie is activated, and cookies must be categorized honestly rather than grouped in overly broad or misleading ways. Users must have the ability to refuse tracking, withdraw consent later, and see those choices applied immediately.

Another critical aspect is continuous maintenance. Every new script can introduce new cookies, and each update from an analytics tool or advertising partner can alter how data is collected. Without ongoing audits and regular validation, compliance can silently drift, exactly what happened in the VanityFair case. Cookie practices must be monitored, reviewed, and updated as part of routine site operations.

Selecting a reliable CMP is essential. A high-quality CMP enforces user choices across all scripts and tags, maintains accurate logs for audits, supports frameworks such as GDPR or IAB TCF, and integrates with your website’s advertising and analytics setup. This ensures consent management is continuously enforced, not just a one-time setup.

How UniConsent Helps You Stay Compliant

UniConsent is designed to support effective consent management, providing safeguards against common compliance issues revealed by regulatory actions. Its automated cookie scanning identifies all trackers present on a site and generates accurate disclosures that meet GDPR, ePrivacy, CCPA, and other global regulatory requirements.

It then enforces user choices at the technical level, ensuring advertising tags, analytics tools, and third-party scripts behave correctly. With support for frameworks like IAB TCF and Google Consent Mode, UniConsent provides the compliance infrastructure publishers need to operate responsibly in a complex adtech environment.

UniConsent also offers ongoing auditing features. Instead of relying on periodic manual checks, website owners gain a continuous view of how consent is collected, how scripts behave, and whether new trackers appear. This prevents the gradual drift into non-compliance that CNIL pointed out in the VanityFair.fr case and ensures that compliance is maintained day after day.

About UniConsent

UniConsent is a part of Transfon's privacy-first User Experience Platform serves tens of millions of users per day to provide a seamless privacy experience for both users and publishers in the age of post GDPR. Contact us to know more: hello@uniconsent.com