Google and Facebook are about to get slapped with even more fines from French regulators, CNIL. This under the e-Privacy laws.
Reports are indicating that Google and Facebook are going to get hit with even more fines in Europe. The fines are being handed out by French data regulator, CNIL. CNIL laid the fines because of the difficulty in allowing French citizens to reject tracking cookies. From Politico:
PARIS — French data regulator the CNIL is set to fine Google €150 million and Facebook €60 million for violating EU privacy rules.
According to a document seen by POLITICO, the CNIL will fine Google’s United States and Irish operations €90 million and €60 million respectively, and Facebook’s Irish arm €60 million for failing to allow French users to easily reject cookie tracking technology.
The CNIL confirmed the fines Thursday morning, publishing the decisions against Google and Facebook on its website.
What is particularly interesting is the fact that French regulators chose not to fine the two tech giants under the GDPR (General Data Protection Regulation). Instead, the regulators opted to utilize the e-Privacy rules:
Under the GDPR, only the privacy agency in the country where a company is established in the EU can take direct enforcement action against that company. For Facebook and Google, that would be the Irish Data Protection Commission (DPC), since both are legally based in Dublin.
But the French regulator is able to act directly against the U.S. multinationals this time since the violations are covered by the e-Privacy Directive, which governs the privacy of communications rather than the GDPR.
So, these fines were partly made possible by utilizing a different law that has a different set of rules surrounding jurisdiction. This, of course, is happening at an interesting time. Already, there have been many questions swirling around the effectiveness of the GDPR. It has led some to conclude that, thank in part to the Irish DPC, the GDPR could become little more than a paper tiger. The questions surrounding the effectiveness of the GDPR have gotten so heated, that European officials had to step in and make assurances that things are still going well with the directive.
As for the tech giants, these are far from the only fines that were put on these companies in Europe. In 2019, Google was fined $57 million by French regulators for privacy violations. Last year, French regulators hit Google with an additional €500 million fine for supposedly failing to negotiate a link tax with big publishing in good faith. In 2020, Google was fined by French regulators €100 million for not being clear enough about how it uses cookies. So, so far, the fines are really adding up for Google.
Meanwhile, WhatsApp, a company that is part of the Meta company which Facebook is also a member of, was hit with a €225 million fine for not being transparent enough about how it handles people’s personal information.
The two companies have challenged most, if not, all of these fines. Still, it does show that the fines against the companies have grown in recent years. Obviously, both are extremely wealthy companies. According to one source, Alphabet (Google’s parent company) is worth $1.8 Trillion USD. Facebook, meanwhile, is reportedly worth $992 Billion USD. So, it’s not as though these fines are going to kill them off or anything like that. Still, these fines are growing increasingly eye-popping. If anything, some would consider these fines minor raps on the wrist.
The long term question is whether or not these fines will continue to grow or not. Will these companies find that happy medium with regulators or will regulators continue to find holes in how the large tech giants conduct themselves. At any rate, we know how big the fines have grown to today and they have most certainly grown from where they were in years past. It’ll be interesting to see where things head to from here.
Drew Wilson on Twitter: @icecube85 and Facebook.