records analyzed: 1,877,252
GDPR 8 Years Later: A Compliance Reality Check
The General Data Protection Regulation (GDPR) came into force in May 2018. Eight years later, cookie consent banners have become a familiar part of the European web experience — or have they? While major corporations and high-traffic websites have largely adopted consent management platforms, the reality for the broader business web in France tells a very different story.
IBLead analyzed 1,877,252 French business websites with detectable technologies to answer a simple question: how many actually display a cookie consent banner? The answer is sobering. Just 23.0% of these websites show any form of cookie consent mechanism. The remaining 77.0% — over 1.4 million sites — appear to operate without any visible consent tool.
This study goes beyond simple banner detection. We cross-referenced consent presence with analytics trackers and advertising pixels to expose the true scale of France's compliance gap. The findings have serious implications for businesses, agencies, and the CNIL, France's data protection authority.
The Consent Gap: Only 23.0% Show a Banner
Of the 1,877,252 websites in our sample with detectable technologies, 431,361 (23.0%) display a cookie consent banner powered by one of the eight major consent management platforms (CMPs) we track. The remaining 1,445,891 websites (77.0%) show no detectable consent mechanism.
To put this in perspective: more than three out of four French business websites operate without any visible tool to collect or manage user consent for cookies and trackers. While some of these sites may genuinely not use any cookies requiring consent (e.g., purely static sites with no analytics), the cross-analysis with tracking tools tells a much more concerning story.
It is worth noting that our detection covers the most widely used CMPs. A small number of sites may use custom or lesser-known consent solutions that our scanner does not detect. However, the eight platforms we track represent the vast majority of the consent market, making this a reliable picture of the French compliance landscape.
Consent Tool Market: Complianz vs Tarteaucitron — Dual Leaders
Among the 431,361 websites that do show a consent banner, the market is led by two solutions that together account for nearly half of all deployments:
| Tool | Sites | Market Share |
|---|---|---|
| Complianz | 109,416 | 25.4% |
| Tarteaucitron | 106,396 | 24.7% |
| OneTrust | 58,365 | 13.5% |
| Axeptio | 50,617 | 11.7% |
| Didomi | 45,247 | 10.5% |
| Cookiebot | 37,002 | 8.6% |
| CookieYes | 31,104 | 7.2% |
| Iubenda | 4,205 | 1.0% |
Complianz leads with 25.4% of the consent market (109,416 sites). This is a WordPress plugin, and its dominance directly mirrors the overwhelming presence of WordPress in the French CMS market — as our CMS Market Share study showed, WordPress powers 68.5% of French business websites. For WordPress site owners, Complianz offers a straightforward, plugin-based path to cookie compliance, which explains its strong adoption.
Tarteaucitron is a razor-close second at 24.7% (106,396 sites). This open-source French solution, created by developer Amaury Balmer, holds a special place in the consent ecosystem. It is free, lightweight, and specifically designed to meet CNIL guidelines. Its strong showing reflects the preference of many French developers and agencies for a local, transparent solution.
Together, these two tools power 50.1% of all consent banners in France — a remarkable duopoly at the top of the market.
French vs International Tools: A Strong Local Ecosystem
One of the most striking findings of this study is the strength of French-made consent solutions. Three of the eight major CMPs in our dataset are French companies:
- Tarteaucitron (24.7%) — Open-source, created in France, specifically built for CNIL compliance. Its name, a playful reference to the French word for "lemon tart," reflects its local origins.
- Axeptio (11.7%) — A French SaaS platform known for its user-friendly, visually appealing consent interface. Used by 50,617 sites.
- Didomi (10.5%) — A French consent and preference management platform that has grown into a significant player in the enterprise segment. Present on 45,247 sites.
Combined, these three French solutions represent 46.9% of the consent market — nearly half. This is a rare case where local tools outperform international giants in a technology category. For comparison, the leading international platforms are:
- Complianz (25.4%) — Dutch-origin WordPress plugin (technically not French, but deeply integrated with the WordPress ecosystem)
- OneTrust (13.5%) — US-based enterprise compliance platform
- Cookiebot (8.6%) — Danish consent management solution
- CookieYes (7.2%) — UK-based CMP
- Iubenda (1.0%) — Italian compliance platform
The dominance of French tools suggests that CNIL-specific compliance requirements have created a distinct market advantage for local solutions that understand the regulatory nuances. Businesses seeking compliance are choosing tools that explicitly market CNIL alignment.
The Compliance Crisis: 52.6% Use Analytics Without Consent
The banner adoption rate alone does not capture the full picture. To understand the real compliance risk, we cross-referenced consent banner presence with analytics tracker detection:
- 1,276,749 sites (68.0%) use at least one analytics tool (Google Analytics 4, Matomo, Plausible, etc.)
- Of these, only 297,637 (23.2%) also display a consent banner
- The remaining 986,661 (76.8%) use analytics with no visible consent mechanism
This means that 986,661 websites — 52.6% of all tech sites in our sample — are collecting analytics data without any apparent user consent. Under GDPR and the French ePrivacy Directive (as enforced by the CNIL), most analytics tools that use cookies require prior user consent before activation.
It is important to note that some analytics solutions can be configured to run without cookies (e.g., Matomo in cookieless mode, or Plausible Analytics which is cookie-free by design). However, the vast majority of analytics installations in France use Google Analytics 4, which does rely on cookies and requires consent under CNIL guidelines. The sheer volume — over 986,000 sites — makes it clear that the compliance gap is not explained by cookieless analytics alone.
This finding represents one of the most significant compliance challenges in the French digital landscape. Every one of these sites is potentially in violation of CNIL guidelines and exposed to enforcement action.
Advertising Without Consent: 72.6% of Ad Pixel Sites Have No Banner
If the analytics compliance gap is concerning, the advertising situation is even more alarming. Advertising pixels are among the most privacy-invasive technologies on the web, tracking users across sites for targeted advertising. GDPR is unambiguous: these require explicit, informed consent before deployment.
Our data shows:
- 256,151 sites (13.6%) use at least one advertising pixel
- Only 60,706 (27.2%) of these also display a consent banner
- 186,651 sites (72.8%) deploy ads tracking pixels with no visible consent mechanism
The advertising pixel landscape breaks down as follows:
| Ads Pixel | Sites |
|---|---|
| Facebook Pixel (Meta) | 182,799 |
| Google Ads | 111,155 |
| Microsoft Ads (Bing) | 19,373 |
| TikTok Pixel | 9,803 |
Facebook Pixel alone is present on nearly 160,000 French business websites. This tracker sends detailed user behavior data back to Meta for advertising purposes — without user consent on the majority of these sites. Google Ads conversion tracking appears on almost 99,000 sites, and both TikTok and Microsoft Ads add thousands more.
The 72.6% non-compliance rate for advertising pixels is particularly significant because these technologies represent the most clear-cut case for consent requirements. Unlike analytics, which can in some cases be deployed without cookies, advertising pixels by definition collect personal data for cross-site tracking and profiling. There is no gray area here under GDPR.
CNIL Enforcement Context and Risks
The CNIL has significantly stepped up its enforcement of cookie consent rules since 2020. Key milestones include:
- October 2020: Updated CNIL guidelines on cookies and trackers, requiring explicit consent before any non-essential cookies are set
- March 2021: End of the grace period — all websites must comply with the new cookie rules
- December 2021: Record fines of €150 million to Google and €60 million to Facebook for making cookie rejection more difficult than acceptance
- 2022–2025: Continued enforcement with fines against TikTok (€5 million), Microsoft (€60 million), and dozens of smaller companies
- 2025–2026: Increased focus on SMEs and smaller websites, with the CNIL announcing targeted campaigns for sectors including e-commerce, healthcare, and real estate
The risks for non-compliant websites are real and growing:
- Financial penalties: Up to €20 million or 4% of global annual revenue under GDPR
- CNIL formal notices: The CNIL regularly issues formal notices (mises en demeure) giving businesses a deadline to comply, with publication of the company name
- Reputational damage: Public sanctions are published on the CNIL website, creating lasting reputational harm
- Civil liability: Users can file individual or class-action complaints for privacy violations
While the CNIL has traditionally focused enforcement on large companies and high-traffic websites, the authority has explicitly signaled a shift toward broader enforcement. With over 986,000 sites using analytics without consent and 186,000 deploying ads pixels without a banner, the potential scale of enforcement action is enormous.
Conclusion: A Massive Compliance Gap, a Clear Opportunity
Eight years after GDPR came into force, the French business web remains overwhelmingly non-compliant with cookie consent requirements. The numbers are stark:
- 77.0% of websites with detectable technologies show no consent banner
- 52.6% of all tech sites use analytics without any consent mechanism
- 72.6% of sites with advertising pixels operate without a consent banner
- Over 986,000 websites are potentially in violation of CNIL cookie guidelines
For businesses currently operating without consent management, the message is clear: the compliance gap is closing. The CNIL's enforcement capacity is growing, the fines are increasing, and the risk of being caught is no longer limited to the largest players.
For web agencies, legal consultants, and consent management platform providers, these numbers represent a massive market opportunity. With over 1.4 million French business websites lacking a consent solution, the addressable market for CMP tools is enormous and largely untapped.
The consent tool market itself is dynamic, with a strong French ecosystem (Tarteaucitron, Axeptio, Didomi) competing effectively against international platforms. This suggests that businesses looking for compliance solutions have quality options at every price point, from free open-source tools to enterprise SaaS platforms.
The question is no longer whether French businesses need to comply with cookie consent rules — it is how quickly they will act. Our data suggests that for the vast majority, that action is long overdue.
Want to explore the data yourself?
Access IBLead's database of 50M+ businesses with technology detection, emails, and more.
Try IBLead freeRelated articles
Is it legal to scrape Google Maps? Complete guide 2025
Discover the legality of Google Maps scraping, risks, best practices, and how to collect data in full compliance.
Google Maps Scraping: Complete 2025 Guide to Extract Business Data & Generate Leads
Learn how to scrape Google Maps data for lead generation. Step-by-step guide covering 5 methods, legal considerations, and best practices for 2025.
Is it legal to scrape Google Maps? Complete guide 2025
Discover the legality of Google Maps scraping, risks, best practices, and how to collect data in full compliance.
Related studies
Website Technologies in France: 1.88M Sites Analyzed (2026)
Comprehensive analysis of web technologies used by French businesses. CMS, analytics, ads, chat tools — based on 1.88 million websites crawled by IBLead.
CMS Market Share in France: WordPress at 68.5% (2026)
WordPress, Wix, Squarespace, Joomla — which CMS do French businesses actually use? Real data from 1.88M websites, not surveys.
44% of French Businesses Have No Website (2026)
How digitized are French businesses listed on Google Maps? Website ownership, email availability, social media presence — hard data from 4.81M listings.