Google, Facebook fined €210 million for making it difficult for users to reject cookies

Data regulator CNIL gives companies three months to provide a system for refusing cookies that is as easy as single click consent

The Google logo displayed on a smartphone in front of a French flag

Google and Facebook have been hit with a combined fine of €210 million (£175 million) over failures in policies that allow users to accept and refuse cookies on their websites.

France's National Commission for Information Technology and Civil Liberties regulator (CNIL) fined Google €150 million euros, €90 million for Google LLC and €60 million for Google Ireland Limited, while Facebook Ireland Limited was given a fine of €60 million.

CNIL said that the websites facebook.com, google.fr, and youtube.com have all failed to provide an easy way for users to reject cookie collection on their browsers, and that several clicks are required to refuse all cookies, compared with a single click to provide consent.

The regulator argued the fact users are unable to refuse cookies as easily as they can accept them influences their choice in favour of consent, constituting an infringement of Article 82 of the French Data Protection Act.

Isabelle Falque-Pierrotin, head of France's National Commission for Information Technology and Civil Liberties (CNIL), at CNIL's headquarters in Paris

Isabelle Falque-Pierrotin, head of France's National Commission for Information Technology and Civil Liberties (CNIL), speaking at CNIL's headquarters in Paris

The penalties also order the companies to provide internet users in France with a means of refusing cookies that is at least as simple as the existing mechanism for accepting them, within a three month period. If they fail to do so, the companies will have to pay a penalty of €100,000 per day of delay.

"We are reviewing the authority's decision and remain committed to working with relevant authorities,” a spokesperson from Meta told IT Pro. “Our cookie consent controls provide people with greater control over their data, including a new settings menu on Facebook and Instagram where people can revisit and manage their decisions at any time, and we continue to develop and improve these controls.”

A Google spokesperson said: “People trust us to respect their right to privacy and keep them safe. We understand our responsibility to protect that trust and are committing to further changes and active work with the CNIL in light of this decision under the ePrivacy Directive."

Related Resource

Multi-factor authentication deployment guide

A complete guide to selecting and deploying your MFA authentication guide

The whitepaper title on a strip of swirling blue and purple diagonal across the pageFree download

This isn’t the first time that CNIL has targeted big tech companies over their use of cookies. In December 2020, Amazon and Google were fined £122 million collectively for “insufficient” cookie consent. Google was hit with a €100 million (£90 million) fine while Amazon received one for €35 million (£32 million).

According to the investigation, Google didn’t provide enough information to users in France about why and how cookies are used, whereas Amazon was fined for placing cookies on people’s computers without their consent.

Google challenged this fine at the Council of State in February 2021, according to Euractiv. Politico reported that Google is still fighting this case, and a source said the company is likely to oppose the new fines and go to the French top court again.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Google banned from importing patent-infringing tech following Sonos IP victory
Policy & legislation

Google banned from importing patent-infringing tech following Sonos IP victory

7 Jan 2022
Google is working with leading PC manufacturers to improve Android on Windows
Google Android

Google is working with leading PC manufacturers to improve Android on Windows

6 Jan 2022
Google Cloud acquires Israeli security startup Siemplify
cloud security

Google Cloud acquires Israeli security startup Siemplify

5 Jan 2022
Google Cloud extends partnership with Minsait
digital transformation

Google Cloud extends partnership with Minsait

20 Dec 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022