IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Google, Facebook fined €210 million for making it difficult for users to reject cookies

Data regulator CNIL gives companies three months to provide a system for refusing cookies that is as easy as single click consent

The Google logo displayed on a smartphone in front of a French flag

Google and Facebook have been hit with a combined fine of €210 million (£175 million) over failures in policies that allow users to accept and refuse cookies on their websites.

France's National Commission for Information Technology and Civil Liberties regulator (CNIL) fined Google €150 million euros, €90 million for Google LLC and €60 million for Google Ireland Limited, while Facebook Ireland Limited was given a fine of €60 million.

CNIL said that the websites facebook.com, google.fr, and youtube.com have all failed to provide an easy way for users to reject cookie collection on their browsers, and that several clicks are required to refuse all cookies, compared with a single click to provide consent.

The regulator argued the fact users are unable to refuse cookies as easily as they can accept them influences their choice in favour of consent, constituting an infringement of Article 82 of the French Data Protection Act.

Isabelle Falque-Pierrotin, head of France's National Commission for Information Technology and Civil Liberties (CNIL), at CNIL's headquarters in Paris

Isabelle Falque-Pierrotin, head of France's National Commission for Information Technology and Civil Liberties (CNIL), speaking at CNIL's headquarters in Paris

The penalties also order the companies to provide internet users in France with a means of refusing cookies that is at least as simple as the existing mechanism for accepting them, within a three month period. If they fail to do so, the companies will have to pay a penalty of €100,000 per day of delay.

"We are reviewing the authority's decision and remain committed to working with relevant authorities,” a spokesperson from Meta told IT Pro. “Our cookie consent controls provide people with greater control over their data, including a new settings menu on Facebook and Instagram where people can revisit and manage their decisions at any time, and we continue to develop and improve these controls.”

A Google spokesperson said: “People trust us to respect their right to privacy and keep them safe. We understand our responsibility to protect that trust and are committing to further changes and active work with the CNIL in light of this decision under the ePrivacy Directive."

Related Resource

Multi-factor authentication deployment guide

A complete guide to selecting and deploying your MFA authentication guide

The whitepaper title on a strip of swirling blue and purple diagonal across the pageFree download

This isn’t the first time that CNIL has targeted big tech companies over their use of cookies. In December 2020, Amazon and Google were fined £122 million collectively for “insufficient” cookie consent. Google was hit with a €100 million (£90 million) fine while Amazon received one for €35 million (£32 million).

According to the investigation, Google didn’t provide enough information to users in France about why and how cookies are used, whereas Amazon was fined for placing cookies on people’s computers without their consent.

Google challenged this fine at the Council of State in February 2021, according to Euractiv. Politico reported that Google is still fighting this case, and a source said the company is likely to oppose the new fines and go to the French top court again.

Featured Resources

Join the 90% of enterprises accelerating to the cloud

Business transformation through digital modernisation

Free Download

Delivering on demand: Momentum builds toward flexible IT

A modern digital workplace strategy

Free download

Modernise the workforce experience

Actionable insights and an optimised experience for both IT and end users

Free Download

The digital workplace roadmap

A leader's guide to strategy and success

Free Download

Recommended

Google backs Thales' public cloud services firm
public cloud

Google backs Thales' public cloud services firm

30 Jun 2022
Google aims to court US public sector with new division
public sector

Google aims to court US public sector with new division

29 Jun 2022
Google Earth Engine open for business on Google Cloud, in corporate sustainability push
Cloud

Google Earth Engine open for business on Google Cloud, in corporate sustainability push

28 Jun 2022
Apple executive rejoins Google over remote work policy
flexible working

Apple executive rejoins Google over remote work policy

18 May 2022

Most Popular

Actively exploited server backdoor remains undetected in most organisations' networks
cyber attacks

Actively exploited server backdoor remains undetected in most organisations' networks

1 Jul 2022
Raspberry Pi launches next-gen Pico W microcontroller with networking support
Hardware

Raspberry Pi launches next-gen Pico W microcontroller with networking support

1 Jul 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022