Google and Facebook are facing major fines in France for not making it easy enough for French users to reject technology that tracks cookies, according to a report from Politico on Wednesday.
Reporters from the outlet obtained documents that showed French tech regulator Commission Nationale de I’informatique et Des Libertés (CNIL) is planning to fine Google 150 million euros and Facebook 60 million euros for violating French data privacy rules.
CNIL says in the document that both companies will be fined another 100,000 euros per day if they do not resolve the issues within three months of the decision being issued. Politico noted that this applies to google.fr, youtube.fr and all of Facebook’s platforms in France.
A Meta spokesperson told ZDNet that they are reviewing the decision and “remain committed to working with relevant authorities.”
“Our cookie consent controls provide people with greater control over their data, including a new settings menu on Facebook and Instagram where people can revisit and manage their decisions at any time, and we continue to develop and improve these controls,” the spokesperson said.
Google did not respond to requests for comment. In December 2020, Google was fined 100 million euros by CNIL for violating Article 82 of the French Data Protection Act, which centers on depositing cookies without a user’s consent.
CNIL investigated google.fr in March 2020 and found that when users visited this website, cookies “were automatically placed on his or her computer, without any action required on his or her part.” CNIL noted that several of these cookies were used for advertising purposes and that Google brought in “significant profits” from the practice.
CNIL also found that when users went to google.fr, a banner displayed at the bottom of the page did not provide any information about the cookies that had already been placed. CNIL further discovered that even when a user deactivated the ad personalization on Google search, one of the advertising cookies was still stored on their computer and kept reading information.
Google stopped automatically placing advertising cookies on google.fr in September 2020 but faced further criticism from CNIL because the new information banner did not “allow the users living in France to understand the purposes for which the cookies are used and does not let them know that they can refuse these cookies.” CNIL threatened the same daily 100,000 euro fine.
Facebook updated its own cookie consent controls in September 2021 because of the GDPR, building out a settings menu on Facebook and Instagram where people in Europe can manage their cookie consent decisions.
WhatsApp, which is owned by Facebook, was hit with a 225 million euro fine in September for not being transparent about how it shared data with its parent company. Facebook itself is facing millions in fines for violating GDPR privacy rules about deceptive data collection policies.
- Why the CIA wanting encryption backdoors is a failure of leadership, not intelligence
- Apple, in refusing backdoor access to data, may face fines
- NSA is so overwhelmed with data, it’s no longer effective, says whistleblower
- As the Snowden leaks began, there was “fear and panic” in Congress
- How Microsoft’s data case could unravel the US tech industry
- If you have ‘nothing to hide’, here’s where to send your passwords
- Meet the shadowy tech brokers that deliver your data to the NSA