Google Fined $121 Million By French Watchdog Over Cookies

AdvertisingeCommerceJusticeMarketingRegulationSocialMedia

Stiff financial penalty imposed on Google by French privacy watchdog, which at the time also fined Amazon over advertising cookies

The French data privacy watchdog, CNIL, has this week hit two tech giants with stiff financial penalties over forcing the use of advertising tracking cookies on people’s devices.

CNIL announced that it has fined Google LLC 60 million euros, plus 40 million euros against Google Ireland. This 100 million euros fine equates to $121.2m or £92 million, and is the largest ever fine issued by the CNIL.

At the same time CNIL also confirmed that it has fined Amazon Europe 35 million euros ($42m or £32m).

CNIL fines

The French regulator said that it imposed the fines on both Amazon and Google because the firms had “placed advertising cookies on users’ computers, from the page (amazon.fr/search engine google.fr), without obtaining prior consent and without providing adequate information.”

“On 16 March 2020, the CNIL conducted an online investigation on the website google.fr and found that when a user visited this website, cookies were automatically placed on his or her computer, without any action required on his or her part,” the French regulator said. “Several of these cookies were used for advertising purposes.”

It alleged pretty much the same about Amazon.

The regulator felt that both companies had failed to clearly explain the cookies and how they would be used, and they failed to obtain user consent, resulting in breaches of Article 82 of the French Data Protection Act.

Both firms have three months to change the information banners on their respective websites, and failure to do with result in an additional fine of 100,000 euros per day until they comply.

Google/Amazon response

But both tech firms said they did not agree with the CNIL over the matter.

“We stand by our record of providing upfront information and clear controls, strong internal data governance, secure infrastructure, and above all, helpful products,” Google was quoted by Reuters as saying in a statement.

“Today’s decision under French ePrivacy laws overlooks these efforts and doesn’t account for the fact that French rules and regulatory guidance are uncertain and constantly evolving,” it added.

Amazon said separately it disagreed with CNIL’s decision.

“We continuously update our privacy practices to ensure that we meet the evolving needs and expectations of customers and regulators and fully comply with all applicable laws in every country in which we operate,” it reportedly said.

User tracking

Google has been pinged before over the use of cookies for tracking purposes.

In October 2019 the Court of Appeals in London ruled that legal action against Google over allegations it collected data from more than 4 million iPhone users, could go ahead.

That case centred over whether Google allegedly misused Safari’s security settings in order to track user activity between September 2011 and February 2012.

Safari is designed to block tracking but default, but Google apparently bypassed this feature (the so called ‘Safari Workaround’) to place cookies that gathered information on users and their habits so the search giant could deliver more targeted adverts.

In 2013 Google had to pay a $17 million (£10.5m) settlement to 37 US states to resolve the allegations the company violated consumer privacy by using tracking cookies.

Also in 2013 three UK Safari users launched legal proceedings, inviting anyone who had used the browser on PC, Mac, iPhone, iPad and iPod during the period in question to join them.

Google had sought to move the court case to the United States, but the UK Appeal court ruled in 2015 that the lawsuit could be filed in the UK.

After that in 2017 Google was hit lawsuit over the matter, but in October 2018 London’s High Court ruled that Google’s alleged role in the collection, collation and use of data from the browser was wrongful and a breach of duty, but claimants had not suffered “damage” as specified by Britain’s Data Protection Act.

Read also :
Author: Tom Jowitt
Click to read the authors bio  Click to hide the authors bio