It may be too late for Christmas cookies, but France’s data protection agency, the Commission nationale de l’informatique et des libertés (CNIL), has slapped Google with another cookie fine over their practices for tracking cookies. Facebook was also fined for the same issue.
According to TechCrunch (France spanks Google $170M, Facebook $68M over cookie consent dark patterns, written by Natasha Lomas), the CNIL said in a statement last week it has fined Google €150M (~$170M) and Facebook €60M (~$68M) for breaching French law, following investigations of how they present tracking choices to users of google.fr, youtube.com and facebook.com.
The regulator said it was acting after receiving a number of complaints.
According to the statement from CNIL, “they do not provide an equivalent solution (button or other) enabling the Internet user to easily refuse the deposit of these cookies. Several clicks are required to refuse all cookies, against a single one to accept them.”
Continuing, CNIL stated:
“The restricted committee considered that this process affects the freedom of consent: since, on the Internet, the user expects to be able to quickly consult a website, the fact that they cannot refuse the cookies as easily as they can accept them influences their choice in favor of consent. This constitutes an infringement of Article 82 of the French Data Protection Act.
As a result of this infringement, the CNIL’s restricted committee issued:
- a fine of 150 million euros against GOOGLE (90 million euros for GOOGLE LLC and 60 million euros for GOOGLE IRELAND LIMITED);
- a fine of 60 million euros against the company FACEBOOK IRELAND LIMITED.
In addition to the fines, the restricted committee ordered the companies to provide Internet users located in France with a means of refusing cookies as simple as the existing means of accepting them, in order to guarantee their freedom of consent, within three months. If they fail to do so, the companies will have to pay a penalty of 100,000 euros per day of delay.”
Apparently, the process of rejecting these cookies left a bitter taste in the mouths of users (see what I did there? 😉 ).
As I noted, this is another cookie fine issued by CNIL to Google over their cookie practices – they were also fined in December 2020 $120M (along with Amazon, which was fined $42M) for automatically dropping tracking cookies when a user visited their French domains. Sacré bleu!
The TechCrunch article has quite a bit more about the fines, including that the Irish Data Protection Commission (DPC) has been accused of dragging its feet on GDPR oversight of tech giants and creating a bottleneck for effective enforcement of the regulation. No such issue for the French!
So, what do you think? Are you surprised at the size of the fines? Will Google receive another cookie fine in the future? Please share any comments you might have or if you’d like to know more about a particular topic.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.