France imposes sanctions on Google and Facebook |
The French regulator CNIL fined Google and Facebook 150 million euros ($170 million) and 60 million euros ($68 million), respectively, for preventing users from rejecting cookies. These companies now have three months to change in France.
If you think the website has turned the problem of cookie refusal into a maze, the French Data Protection Agency can help you.
For Facebook, CNIL states that French users must first click on the accept cookies button to refuse cookies.
CNIL reported that such a classification would cause confusion. Make users think that they have no choice in the matter.
With Google, the problem is the inconsistency, not the inappropriateness of the wording. CNIL states that the company's website (including YouTube) allows users to accept all cookies with a single click. But to dismiss it, you have to click on several different menu items. It is clear that users are moving in a certain direction and that direction will only benefit Google.
European law states that users must be free and fully understand their choices when transmitting data over the Internet.
According to the CNIL decision, Google and Facebook deceived users and published a so-called dark mode in order to manipulate consent and break the law.
As a result, it faces fines and a company requirement to change its cookie user interface design within three months. CNIL stated that the company would otherwise face an additional fine of €100,000 per day.
Google faces French fine for revealing cookies
For those who are particularly interested in the specifics of European regulation on the Internet, this case is also interesting because the CNIL operates under the authority of a small European legislation called the Electronic Data Protection Directive rather than the more recently introduced general legislation.
The problem is that the GDPR is implemented by the Irish Data Inspection Authority. There are many US technology companies' headquarters in Europe.
The facts have shown that the agency has been slow to deal with such complaints, which is an important part of the friendly regulatory environment into which the Irish government first attracted US tech money.
Therefore, in order to implement the law in a timely manner, the French Data Inspection Authority resorted to the old directive on electronic secrecy, which allowed government agencies to directly monitor its territory.
CNIL has already used cyber secrecy to impose similar fines on Google and Amazon. At the same time, Google has not yet faced a single administrative penalty from the Irish data inspection body, in line with the General Data Protection Regulation (GDPR).