Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

France Fines Microsoft 60 Million Euros Over Advertising Cookies

France’s privacy watchdog said Thursday it has fined US tech giant Microsoft 60 million euros ($64 million) for foisting advertising cookies on users.

France’s privacy watchdog said Thursday it has fined US tech giant Microsoft 60 million euros ($64 million) for foisting advertising cookies on users.

In the largest fine imposed in 2022, the National Commission for Technology and Freedoms (CNIL) said Microsoft’s search engine Bing had not set up a system allowing users to refuse cookies as simply as accepting them.

The French regulator said that after investigations it found that “when users visited this site, cookies were deposited on their terminal without their consent, while these cookies were used, among others, for advertising purposes.”

It also “observed that there was no button allowing to refuse the deposit of cookies as easily as accepting it.”

The CNIL said the fine was justified in part because of the profits the company made from advertising profits indirectly generated from the data collected via cookies — tiny data files that track online browsing.

Bing offered a button for the user to immediately accept all cookies, but two clicks were need to refuse them, it said.

The company has been given three months to rectify the issue, with a potential further penalty of 60,000 euros per day overdue.

The fine was issued to Microsoft Ireland, where the company has its European base.

In a statement Microsoft said that it had “introduced key changes to our cookie practices even before this investigation started.”

“We continue to respectfully be concerned with the CNIL’s position on advertising fraud,” it said, adding that it believes the French watchdog’s “position will harm French individuals and businesses.”

– Cookie control –

Cookies are installed on a user’s computer when they visit a website, allowing web browsers to save information about their session.

They are hugely valuable for tech platforms as ways to personalise advertising — the primary source of revenue for the likes of Facebook and Google. 

But privacy advocates have long pushed back. 

Since the European Union passed a 2018 law on personal data, internet companies have faced stricter rules that oblige them to seek consent from users before installing cookies.

Last year, the CNIL said it would carry out a year of checks against sites not following the rules on using web cookies.

Google and Facebook were sanctioned by the French regulator with fines of 150 million and 60 million euros respectively for similar breaches around their use of cookies.

The two firms also face scrutiny over their practice of sending the personal data of EU residents to servers in the United States.

And tech giants continue to face a slew of cases across Europe.

Earlier this month, Europe’s data watchdog imposed binding decisions concerning the treatment of personal data by Meta, the owner of Facebook, Instagram and WhatsApp.

The European Data Protection Supervisor said in a statement that the rulings concerned Meta’s use of data for targeted advertising, but did not give details of its ruling or recommended fines. 

The latest case follows complaints by privacy campaigning group Noyb that Meta’s three apps fail to meet Europe’s strict rules on data protection. 

Related: Ireland Fines WhatsApp 225M Euros for Breaching EU Privacy Laws

Related: France Closes ‘Cookies’ Case Against Facebook

Related: France Slaps Fine on Face Recognition Firm Clearview AI

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.