We Published Our CNIL Self-Assessment
If you operate a website in France, you know the challenge: the French data protection authority (CNIL) allows certain audience measurement tools to operate without cookie banners — but only if they meet strict technical and operational criteria. Rather than simply claiming compliance, we published a comprehensive self-assessment.
What we did
The CNIL released an auto-evaluation tool in July 2025 covering 5 permitted objectives and 14 technical criteria. We documented how SealMetrics addresses each requirement — covering data retention limits, cross-site tracking prevention, and every other criterion — without marketing language. Just technical documentation against regulatory requirements.
The short version
SealMetrics meets all 14 technical criteria. In several cases, we exceed the requirements:
— CNIL requires last-octet IP removal. We do not collect IP addresses at all.
— CNIL permits cookies with a 13-month maximum. We do not use persistent cookies at all.
What this means for you
If you operate a website targeting French users and use SealMetrics with the standard configuration, you can measure audiences without requesting consent. Your privacy policy must still mention the analytics tool (transparency is required), but a cookie banner is not necessary for SealMetrics specifically.
To be clear: this is compliance documentation, not official “CNIL certification.” The authority explicitly prohibits such claims. What we have done is document, criterion by criterion, how SealMetrics meets the requirements for the consent exemption.
The approach mirrors what we did for the UK PECR exemption and aligns with the direction of the EU Digital Omnibus. The regulatory trend is clear: first-party, aggregated analytics is moving toward consent exemption across Europe. Learn how cookieless analytics works.