French privacy watchdog, CNIL, has fined Google a record breaking 100 million euros. It also fined Amazon 35 million euros.
It is being described as a record breaking day. French privacy watchdog, CNIL, has fined Google 100 million euros. In the process, the same watchdog has fined Amazon 35 million euros.
Reuters says that the fine was for not obtaining consent to put cookies on visitors computers. From the report:
France’s data privacy watchdog has handed out its biggest ever fine of 100 million euros ($121 million) to Alphabet’s Google for breaching the country’s rules on online advertising trackers (cookies).
The CNIL said on Thursday it had also fined e-commerce giant Amazon 35 million euros for breaking the same rules,
The regulator found the companies’ French websites didn’t seek the prior consent of visitors before advertising cookies – small pieces of data stored while navigating on the Web – were saved on computers, it said in a statement.
Google and Amazon also failed to provide clear information to internet users about how the firms intended to make use of such online trackers and how visitors to their French websites could refuse any use of the cookies, the watchdog said.
The article goes on to note that the regulator rejected the arguments that the watchdog didn’t have jurisdiction because the companies are headquartered in Ireland and Luxembourg.
TechCrunch makes an interesting note about the reasoning behind Amazons case:
Amazon was found to have made two violations, per the CNIL penalty notice.
CNIL also found that the information about the cookies provided to site visitors was inadequate — noting that a banner displayed by Google did not provide specific information about the tracking cookies the Google.fr site had already dropped.
Under local French (and European) law, site users should have been clearly informed before the cookies were dropped and asked for their consent.
In Amazon’s case its French site displayed a banner informing arriving visitors that they agreed to its use of cookies. CNIL said this did not comply with transparency or consent requirements — since it was not clear to users that the tech giant was using cookies for ad tracking. Nor were users given the opportunity to consent.
The law on tracking cookie consent has been clear in Europe for years. But in October 2019 a CJEU ruling further clarified that consent must be obtained prior to storing or accessing non-essential cookies. As we reported at the time, sites that failed to ask for consent to track were risking a big fine under EU privacy laws.
This sort of tactic has become common for a number of sites now. A user browse to the site and a banner pops up, saying that by continuing to use this site, the user agrees to the non-essential cookies being placed on their computer. It seems that the message is clear: in France, that is illegal. If there’s no way for a user to opt out upon visiting the site, that is not adequate consent.
This development appears to be the latest action being made on large web giants. There have been multiple actions being made in the US. Last October, the US Justice Department filed an anti-trust lawsuit against Google. The suit is seen by many as a missed opportunity because it has such weak arguments. Yesterday, we noted that US regulator, the FTC, jointly filed an anti-trust lawsuit against Facebook with 48 attorneys general.
This latest development will no doubt be positive news for those hoping to “reign in the tech giants”. What’s more is that this case shows how Europe is continuing to set the global standard for privacy rules. It ultimately leaves many other countries to play catch-up – assuming they can.
Drew Wilson on Twitter: @icecube85 and Facebook.