Connect with us

Hi, what are you looking for?



France Fines Google, Amazon 135 Mn Euros

France’s CNIL data privacy watchdog slapped 135 million euros in fines on US tech titans Google and Amazon for placing advertising cookies on users’ computers without consent.

France’s CNIL data privacy watchdog slapped 135 million euros in fines on US tech titans Google and Amazon for placing advertising cookies on users’ computers without consent.

The 100-million-euro fine against Google is the largest sanction the regulator has ever imposed, which it justified by the fact 90 percent of French internet users use the firm’s search engine.

CNIL said the fines were “for having placed advertising cookies on the computers of users … without obtaining prior consent and without providing adequate information.”

A cookie is a small piece of data stored on a user’s computer browser that allows websites to identify users and remember their previous activity. They are important for providing targeted advertising as well as improving user experience on websites.

The CNIL said when a user visited the website, several cookies used for advertising purposes were automatically placed on his or her computer, without any action required on the user’s part.

It said a similar thing happened when visiting one page on the website.

The regulator said “no matter what path the users used to visit the website, they were either insufficiently informed or never informed of the fact that cookies were placed on their computer.”

Advertisement. Scroll to continue reading.

CNIL said the type of cookie used “can only be placed after the user has expressed his or her consent” and thus violated regulations on receiving prior consent.

It faulted Google for providing insufficient privacy information for users as it did not let them know about the cookies which had been placed and that the procedure to block them still left one operational.

CNIL said after redesigns implemented in September 2020 the websites of both firms stopped placing cookies on computers without consent.

However, it rapped both for still not providing clear or complete information about the use of the cookies and the possibility to refuse them, ordering both to make changes within three months or face additional fines.

– French rules ‘uncertain’ –

CNIL imposed fines of 60 million euros on Google LLC and 40 million euros on Google Ireland Limited.

The 35-million-euro ($42-million) fine is on the Amazon Europe Core subsidiary.

When contacted, Google defended its “record of providing upfront information and clear controls” to users.

A Google representative also complained “that French rules and regulatory guidance are uncertain and constantly evolving” and overlooked its efforts to comply.

Amazon also expressed its disagreement with the fine in a statement sent to AFP.

“We continuously update our personal data protection practices to ensure we meet the needs and expectations of clients and regulators which are in constant evolution,” it said in a document written in French.

The sanctions were based on French regulations before Europe’s data protection regulation (GDPR) entered into force in 2018.

The GDPR stiffened fines for violations which can rise to 4 percent of a company’s worldwide revenue.

CNIL has said it will begin in April 2021 to fine companies which do not meet the GDPR’s requirement of having an option to accept or refuse all cookies.

Related: UK Data Privacy Watchdog Slashes BA Fine as Virus Bites

Related: Regulators Move to Fine Telecoms for Selling Location Data

Related: Google Loses Appeal Against 50-Mn-Euro French Fine

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem