Today we are digging into a rather intriguing development from France that could ripple across the world of digital services: the CNIL (Commission nationale de l'informatique et des libertés) has just opened a public consultation on a draft recommendation about collecting consent across multiple devices.

If that sounds a bit dry, stay with us. It's actually about one of the thorniest real-world issues for any online business: how to manage consent properly when your users are bouncing between laptops, phones, tablets, smart TVs and, who knows, maybe even their fridge next year. And spoiler alert: the CNIL’s proposed rules could end up being the blueprint everyone else follows!

Let’s break it all down.

Why Is Multi-Device Consent Suddenly a Hot Topic?

For years, regulators were happy enough if you slapped a cookie banner on your website. As long as users clicked "Accept," you were generally considered to be doing your bit for GDPR compliance.

But times change. Today’s users are no longer tied to a single device. They might browse your site on their phone during lunch, then buy something on their laptop that evening. In between, they might have Googled your brand on a smart speaker or watched a video ad on their TV.

And here’s the rub: if consent is only collected on a per-device basis, it’s hardly meaningful. Users could be subjected to conflicting privacy settings across different devices, creating confusion and undermining the principle that consent should be “specific, informed, and unambiguous.”

The CNIL has recognised that we need a better way. Their draft recommendation sets out principles to allow businesses to collect and manage consent consistently across multiple devices, while still staying faithful to GDPR standards.

What’s Actually in the Draft Recommendation?

The CNIL’s full consultation page can be found here if you want to take a deep dive.

But we will summarise the essentials:

• Transparency remains king. Users must be clearly informed that their consent will apply across multiple devices.

• Freedom of choice must be preserved. Users should be able to give or withdraw consent easily on any device.