On 11 August 2026, a page turns. French law no. 2025-594 of 30 June 2025, originally passed to fight public-aid fraud, contains an article 13 that quite simply reverses the logic of commercial canvassing in France: from that date, you must have said yes to be solicited, rather than having remembered to say no. At the same time, the CNIL has just published its recommendation on tracking pixels in emails — the invisible trackers that tell a sender you have opened their message.
Two texts, one underlying shift: prior consent becomes the rule, objection after the fact the exception. Here is what that changes, for individuals and for the companies that prospect them.
Opt-in, opt-out: two opposite logics
Behind the jargon sit two ways of thinking about the commercial relationship.
✅ Opt-in — prior consent
No one may solicit you until you have agreed, through a clear, active gesture: a box you tick yourself, never pre-ticked, for a clearly stated purpose. Consent buried in general terms and conditions is legally worthless.
✋ Opt-out — the right to object
Solicitation is allowed by default, and it is up to you to refuse: an unsubscribe link, registration on a do-not-call list. That was the principle behind France's Bloctel list since 2016 — a scheme that had largely shown its limits.
What flips on 11 August 2026
From that date, cold-calling a consumer in France without their prior consent becomes illegal. In practice:
A company will no longer be able to call you to sell you anything unless it holds proof of free, specific, informed and unambiguous consent, collected before the call. That consent must cover telephone canvassing specifically — a blanket agreement such as “receive offers from our partners” will not hold up.
One exception remains: a professional with whom you have an ongoing contract may contact you about anything related to performing that contract. Your insurer may call you about your insurance policy; it may no longer use the opportunity to pitch you an investment product.
Bloctel, now pointless, is abolished. When no one is allowed to call you by default, an objection list no longer serves any purpose.
The law only covers consumers. Between businesses, prospecting remains possible on the basis of legitimate interest, provided it relates to the role of the person being contacted.
So what about emails?
This is the part that often surprises people: for email, opt-in is nothing new. It has been the rule in France since the 2004 law on confidence in the digital economy (LCEN), codified in article L.34-5 of the French post and electronic communications code. In principle, no marketing email may be sent to you without your prior agreement. The telephone is merely catching up, twenty-two years later, with the regime that already applies to your inbox.
Two exceptions keep opt-out alive in the world of email:
The existing customer
If a company collected your address in the course of a sale, it may send you offers for products or services similar to the one you bought — provided it told you about that use when collecting your address and lets you unsubscribe from every message. The CNIL clarified in 2023 that “similar” is judged from the customer's point of view: same category of use, not merely the same seller.
B2B
A named business email address may be prospected without prior consent, as long as the message is related to the recipient's role and every message contains an unsubscribe link. Writing to a head of procurement to pitch supplier-management software is lawful; selling them a gym membership is not.
Tracking pixels: email tracking finally regulated
Opening an email is not as innocuous as it looks. Most marketing messages carry a tracking pixel: an invisible one-by-one-pixel image which, when it loads, tells the sender that you opened the message, when, on which device, and sometimes from roughly where. That data then feeds the targeting: follow-ups scheduled for “openers”, adjusted sales pressure, personalised content.
The CNIL ended the ambiguity on 14 April 2026 by publishing its recommendation on tracking pixels, after a public consultation launched in June 2025. Its position is clear-cut: measuring open rates to optimise campaigns, personalising content or adjusting sending frequency requires the recipient's prior consent. The pixel falls under the same regime as the cookie: no agreement, no tracker.
One exemption made it into the final text: individually measuring the deliverability of emails tied to a service you asked for. An order confirmation, a security alert or a password-reset email may carry a pixel used solely to check that the message arrived.
For addresses collected before the recommendation was published, senders had three months — until mid-July 2026 — to clearly inform recipients that pixels are present and let them object easily. In other words, the deadline is now.
What you can do right now
As an individual, a few reflexes are enough to take back control:
- Only tick explicit boxes. Beware of vague wording about “partners”: valid consent must say who will contact you and through which channel.
- Use unsubscribe links. Since 2004, ignoring them has never made a mailing stop — and every unsubscribe is enforceable against the sender.
- Turn off automatic image loading in your email client: most tracking pixels then stop working.
- Exercise your right to erasure. For the data already scattered across the brokers that feed canvassing, the GDPR (article 17) lets you demand its deletion from every organisation.
For companies, summer 2026 is compliance season: proof of consent to keep for every number called, email databases to audit against the exceptions that genuinely apply, and consent banners to rework to cover tracking pixels. The cost of doing nothing is now counted in hundreds of thousands of euros.
The key dates to remember
| Date | What applies |
|---|---|
| 21 June 2004 | The LCEN law makes opt-in mandatory for marketing emails in France (article L.34-5 of the CPCE). |
| 1 June 2016 | Launch of Bloctel, France's do-not-call list (opt-out logic). |
| 30 June 2025 | Enactment of law no. 2025-594 against public-aid fraud, whose article 13 reforms canvassing. |
| 14 April 2026 | The CNIL publishes its recommendation on tracking pixels in emails: consent required to measure opens. |
| mid-July 2026 | End of the three-month window to inform existing recipients about pixels and allow them to object. |
| 11 August 2026 | Telephone opt-in becomes mandatory: canvassing banned without prior consent. Bloctel abolished. |
Frequently asked questions
What is the difference between opt-in and opt-out?
Does the French law of 30 June 2025 also ban marketing emails?
Is the Bloctel do-not-call list still useful?
Can a company tell that I opened its email?
What does a company risk if it canvasses without consent?
How do I remove my data from prospecting files that already exist?
Key takeaways
French law is completing its shift from “silence means consent” to “silence means refusal”. Telephone from 11 August 2026, email since 2004, tracking pixels since April: on every channel, your silence now protects your peace. What remains is the backlog — the files already built up by data brokers, which the law does not erase with a wave of a wand. That is exactly where the GDPR's right to erasure, and Sheeldy to automate it, take over.
Official sources
- Law no. 2025-594 of 30 June 2025 against all public-aid fraud — Légifrance (in French)
- Telephone canvassing: the new rules — Service-public.fr
- Recommendation on tracking pixels in emails — CNIL, 14 April 2026 (in French)
- Commercial prospecting by email, SMS-MMS and automated calls — CNIL (in French)
- Article L.34-5 of the French post and electronic communications code — Légifrance (in French)