Amazon and Google fined £122m for "insufficient" cookie consent

The CNIL gives both firms three-month ultimatum to make changes or face further daily fines

Tech giants Amazon and Google have both been fined by the French privacy regulator over the way the companies use cookies on their services. 

The Commission nationale de l'informatique et des libertés (CNIL) has imposed two penalties on Google that amount to €100 million (£90m), and one on Amazon for €35 million (£32m). 

Both firms were also given a three-month ultimatum to make changes to the way they notify users about cookies or face additional daily fines of €100,000-plus.

According to CNIL's investigations, Google didn't provide enough information to users in France about why and how cookies are used and Amazon was fined for placing cookies on people's computers without their consent.

"On 16 March 2020, the CNIL conducted an online investigation on the website google.fr and found that when a user visited this website, cookies were automatically placed on his or her computer, without any action required on his or her part," the regulator said. "Several of these cookies were used for advertising purposes."

In a statement, Google said it stood by its record of providing upfront information, clear controls, strong internal data governance, secure infrastructure and helpful products.

"Today's decision under French ePrivacy laws overlooks these efforts and doesn't account for the fact that French rules and regulatory guidance are uncertain and constantly evolving," a Google spokesperson said. "We will continue to engage with the CNIL as we make ongoing improvements to better understand its concerns."

Amazon also disagreed with CNIL's findings, which said that French users who clicked on an adverts risked being exposed to privacy violations because cookies were instantly deployed without any information given. 

"We continuously update our privacy practices to ensure that we meet the evolving needs and expectations of customers and regulators and fully comply with all applicable laws in every country in which we operate," an Amazon spokesperson said in a statement.

Featured Resources

Consumer choice and the payment experience

A software provider's guide to getting, growing, and keeping customers

Download now

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Download now

Business in the new economy landscape

How we coped with 2020 and looking ahead to a brighter 2021

Download now

How to increase cyber resilience within your organisation

Cyber resilience for dummies

Download now

Recommended

CVS Health data breach leaves a billion records exposed
data protection

CVS Health data breach leaves a billion records exposed

16 Jun 2021
Researchers send “unhackable” quantum data over 370-mile optical fiber
data protection

Researchers send “unhackable” quantum data over 370-mile optical fiber

11 Jun 2021
New study shows global privacy investments increasing
data protection

New study shows global privacy investments increasing

2 Jun 2021
Misconfigured cloud services exposed 100 million Android users' data
data breaches

Misconfigured cloud services exposed 100 million Android users' data

21 May 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
What is HTTP error 400 and how do you fix it?
Network & Internet

What is HTTP error 400 and how do you fix it?

16 Jun 2021
EU plans to launch bloc-wide cyber task force
cyber attacks

EU plans to launch bloc-wide cyber task force

22 Jun 2021