On 11 August 2026, a page turns. French law no. 2025-594 of 30 June 2025, originally passed to fight public-aid fraud, contains an article 13 that quite simply reverses the logic of commercial canvassing in France: from that date, you must have said yes to be solicited, rather than having remembered to say no. At the same time, the CNIL has just published its recommendation on tracking pixels in emails — the invisible trackers that tell a sender you have opened their message.

Two texts, one underlying shift: prior consent becomes the rule, objection after the fact the exception. Here is what that changes, for individuals and for the companies that prospect them.

Opt-in, opt-out: two opposite logics


Behind the jargon sit two ways of thinking about the commercial relationship.

✅ Opt-in — prior consent

No one may solicit you until you have agreed, through a clear, active gesture: a box you tick yourself, never pre-ticked, for a clearly stated purpose. Consent buried in general terms and conditions is legally worthless.

✋ Opt-out — the right to object

Solicitation is allowed by default, and it is up to you to refuse: an unsubscribe link, registration on a do-not-call list. That was the principle behind France's Bloctel list since 2016 — a scheme that had largely shown its limits.

What flips on 11 August 2026


From that date, cold-calling a consumer in France without their prior consent becomes illegal. In practice:

A company will no longer be able to call you to sell you anything unless it holds proof of free, specific, informed and unambiguous consent, collected before the call. That consent must cover telephone canvassing specifically — a blanket agreement such as “receive offers from our partners” will not hold up.

One exception remains: a professional with whom you have an ongoing contract may contact you about anything related to performing that contract. Your insurer may call you about your insurance policy; it may no longer use the opportunity to pitch you an investment product.

Bloctel, now pointless, is abolished. When no one is allowed to call you by default, an objection list no longer serves any purpose.

The law only covers consumers. Between businesses, prospecting remains possible on the basis of legitimate interest, provided it relates to the role of the person being contacted.

⚖️ The penalties are dissuasive: up to €75,000 in administrative fines for an individual and €375,000 for a company. The CNIL has also shown it does not joke about the quality of consent: in April 2024 it fined Hubside.Store €525,000 for prospecting with data bought from brokers without valid consent.

So what about emails?


This is the part that often surprises people: for email, opt-in is nothing new. It has been the rule in France since the 2004 law on confidence in the digital economy (LCEN), codified in article L.34-5 of the French post and electronic communications code. In principle, no marketing email may be sent to you without your prior agreement. The telephone is merely catching up, twenty-two years later, with the regime that already applies to your inbox.

Two exceptions keep opt-out alive in the world of email:

The existing customer

If a company collected your address in the course of a sale, it may send you offers for products or services similar to the one you bought — provided it told you about that use when collecting your address and lets you unsubscribe from every message. The CNIL clarified in 2023 that “similar” is judged from the customer's point of view: same category of use, not merely the same seller.

B2B

A named business email address may be prospected without prior consent, as long as the message is related to the recipient's role and every message contains an unsubscribe link. Writing to a head of procurement to pitch supplier-management software is lawful; selling them a gym membership is not.

📬 In every case, each marketing email must clearly identify the advertiser and offer a simple way to say stop. An unsubscribe link that does not work, or that requires logging into an account, puts the sender in breach.

Tracking pixels: email tracking finally regulated


Opening an email is not as innocuous as it looks. Most marketing messages carry a tracking pixel: an invisible one-by-one-pixel image which, when it loads, tells the sender that you opened the message, when, on which device, and sometimes from roughly where. That data then feeds the targeting: follow-ups scheduled for “openers”, adjusted sales pressure, personalised content.

The CNIL ended the ambiguity on 14 April 2026 by publishing its recommendation on tracking pixels, after a public consultation launched in June 2025. Its position is clear-cut: measuring open rates to optimise campaigns, personalising content or adjusting sending frequency requires the recipient's prior consent. The pixel falls under the same regime as the cookie: no agreement, no tracker.

One exemption made it into the final text: individually measuring the deliverability of emails tied to a service you asked for. An order confirmation, a security alert or a password-reset email may carry a pixel used solely to check that the message arrived.

For addresses collected before the recommendation was published, senders had three months — until mid-July 2026 — to clearly inform recipients that pixels are present and let them object easily. In other words, the deadline is now.

What you can do right now


As an individual, a few reflexes are enough to take back control:

For companies, summer 2026 is compliance season: proof of consent to keep for every number called, email databases to audit against the exceptions that genuinely apply, and consent banners to rework to cover tracking pixels. The cost of doing nothing is now counted in hundreds of thousands of euros.

Your details are already in canvassing files? Sheeldy erases them

The law regulates future calls and emails — but your contact details are already circulating among data brokers. Sheeldy automatically sends your GDPR deletion requests and watches for your data reappearing, in full compliance with the GDPR and the Swiss nFADP.

Remove my data — €2.50/month

The key dates to remember


Timeline of the rules governing opt-in, opt-out and email tracking in France
Date What applies
21 June 2004 The LCEN law makes opt-in mandatory for marketing emails in France (article L.34-5 of the CPCE).
1 June 2016 Launch of Bloctel, France's do-not-call list (opt-out logic).
30 June 2025 Enactment of law no. 2025-594 against public-aid fraud, whose article 13 reforms canvassing.
14 April 2026 The CNIL publishes its recommendation on tracking pixels in emails: consent required to measure opens.
mid-July 2026 End of the three-month window to inform existing recipients about pixels and allow them to object.
11 August 2026 Telephone opt-in becomes mandatory: canvassing banned without prior consent. Bloctel abolished.

Frequently asked questions

What is the difference between opt-in and opt-out?
Opt-in requires prior consent: no one may solicit you until you have agreed through a clear, active gesture (a box you tick yourself, never pre-ticked). Opt-out allows solicitation by default: it is up to you to refuse, for instance through an unsubscribe link.
Does the French law of 30 June 2025 also ban marketing emails?
No. Law no. 2025-594 targets telephone canvassing. For email, prior consent has been mandatory in France since 2004 (article L.34-5 of the CPCE), with two exceptions: existing customers for similar products, and B2B prospecting related to the recipient's role.
Is the Bloctel do-not-call list still useful?
Until 10 August 2026, yes: registering on Bloctel remains the way to object to cold calls in France. From 11 August 2026 the scheme is abolished: canvassing without prior consent becomes illegal by default, so silence means refusal.
Can a company tell that I opened its email?
Technically yes, through tracking pixels — invisible images that report when a message is opened. Legally, since the CNIL recommendation of 14 April 2026, the sender must have collected your consent to do so, except to check the delivery of a transactional email you were expecting (order confirmation, password reset…).
What does a company risk if it canvasses without consent?
Up to €75,000 in administrative fines for an individual and €375,000 for a company for illegal telephone canvassing in France, on top of CNIL sanctions under the GDPR: Hubside.Store, for instance, was fined €525,000 in April 2024 for prospecting based on invalid consent.
How do I remove my data from prospecting files that already exist?
The GDPR gives you a right to object (article 21) and a right to erasure (article 17) that you can exercise with every organisation holding your data, including the data brokers that feed canvassing campaigns. A service like Sheeldy automates these deletion requests with the data brokers active in France and Europe.

Official sources