Google

CNIL: Google and Amazon must pay 135 million euros fine for abusive cookies

The CNIL condemns Google to pay a fine of 100 million euros and Amazon to a 35 million fine for their failure to comply with the rules on privacy and cookies. The authority considers that French Internet users still lack control over the cookies of these platforms.

Google
Credit: Unsplash

The CNIL believes that Google and Amazon continue to abuse cookies. “On December 7, 2020, the restricted formation of the CNIL sanctioned the companies GOOGLE LLC and GOOGLE IRELAND LIMITED for a total amount of 100 million euros fine, in particular for having filed advertising cookies on the computers of users of the google.fr search engine without prior consent or satisfactory information, explains the authority.

And to continue, about Amazon: “The restricted training of the CNIL sanctioned the company AMAZON EUROPE CORE with a fine of 35 million euros for placing advertising cookies on users’ computers from the amazon.fr site ” here again without prior consent and without satisfactory information.

Read also: Google Home, Amazon Echo – the Cnil alerts users to the dangers of smart speakers for privacy

The CNIL sanctions Google and Amazon for their failure to comply with the Data Protection Act

In France, the Data Protection Act transposes the European GDPR directive. Since the entry into force of this regulation, web giants must be transparent about the collection of data from internet users. In particular, it is no longer possible to bombard visitors with advertising cookies without having asked for their prior consent. And it is precisely on this point that the CNIL raises its tone.

The CNIL thus noted during an inspection that “Cookies were automatically placed” on the visitor’s computer without any action on his part. Several of these cookies pursued an advertising objective, adds the CNIL. Who pursues: “This type of cookie cannot be placed without the user having expressed his consent, the restricted committee considered that the companies had not complied with the requirement provided for by article 82 of the Data Protection Act prior collection of consent before depositing cookies that are not essential to the service ”.

Google nevertheless displays a information banner at the bottom of the page with the mention “Reminder concerning Google’s privacy rules” and two buttons “Remind me later” and “Consult now”. But in the case of Google this headband “Did not provide the user with any information relating to cookies which had already been placed on his computer, as soon as he arrived on the site. This information was also not provided to him when he clicked on the ‘Consult now’ button ”.

The information on cookies and the means to refuse them remains very insufficient on Google like Amazon

Especially since” it seems impossible for the moment to completely disable cookies on Google, even by disabling the personalization of the ads, since one of the advertising cookies remains stored on the computer. There is therefore room for improvement for Google. Especially since the CNIL points to the overwhelming market share of Google in France and the enormous benefits it derives from this abusive advertising targeting.

In the case of Amazon the situation is hardly better. During its checks, the CNIL was able to observe once again that the visitor was bombarded with cookies sometimes with an advertising objective, without it being possible to refuse them first. “This type of cookies, which are not essential for the service, do not [peuvent] be deposited only after the Internet user has expressed his consent ”, recalls the CNIL. Who thinks that the fact of placing cookies concomitantly on arrival on the site was a practice which, by nature, was incompatible with prior consent“.

Here again Amazon does display an information banner on cookies. But this one is not in accordance with the law. In fact, the headband just says “ By using this site, you agree to our use of cookies to provide and improve our services. Learn more ». Without giving the means to refuse the cookies in question or to make the user understand that the main purpose of these cookies is to display targeted advertising.

To make matters worse, the CNIL found another breach in the case of Amazon “In the case of users who went to the amazon.fr site after clicking on an ad posted on another website”. In that case the same cookies were placed without any information delivered to Internet users“. Both platforms have a three month deadline to get into compliance. Under penalty of having to pay a fine of 100,000 euros per day of delay.

This is not the first time that Google and Amazon have been pinned down by the CNIL. Google has already had to pay a fine of 50 million euros in January 2019. As for Amazon, the platform had already been checked, but no fine from the CNIL to date.