The websites do not give users enough information about cookies and other tracking devices placed in their browsers, and do not seek proper consent, CNIL said (link in French).
Under European legislation users must be informed of, and must give consent to, cookies that are to be stored on their computers.
"These audits found that, in general, websites do not sufficiently inform internet users, and do not gain their consent before installing cookies," CNIL said.
While they may add a banner informing users, sites often do not wait for consent, CNIL said.
The 'notice' given is not a sanction, CNIL said, and no action will be taken if the sites comply with the law within a set time limit. It has not said what the time limit is.
"The initial response from the websites concerned shows willingness to comply," CNIL said.
CNIL's approach has always been to encourage companies to follow the rules rather than to punish those who don't, said Paris-based Annabelle Richard of Pinsent Masons, the law firm behind Out-Law.com.
"CNIL tends to use notices like this, along with other communications like its annual report, to explain the guidelines and how it can help companies to comply. In reality, these companies have had a lot of warning and opportunities to make sure their sites are compliant," Richard said.
The regulator is unlikely to impose sanctions on these companies unless they choose to completely ignore its notices, Richard said.
"Some may decide to just ignore it – some may say that they're not subject to this sort of French regulation, or that they don't have the resources to comply. But with new EU regulations due, they will save more time and money by engaging with CNIL than by ignoring it," she said.
The EU's rules on cookies are due to be reviewed by the European Commission this year as part of the digital single market strategy.
The Privacy and Electronic Communications (e-Privacy) Directive was last reformed in 2009 and resulted in major changes to the way website operators display information about cookies and obtain internet users' consent to their use.
CNIL is likely to adopt similar rules to the EU, Richard said, so companies who follow its guidelines now will find it easier to make sure they are in line with regulations.
CNIL noted that the rules on cookies apply not just to website owners, but to all organisations in the sector including advertising agencies.