The official data protection agency of France, the CNIL, fined Google and Amazon for dropping unsolicited tracking cookies. Google’s fine amounts to $120 million, while Amazon’s fine stands at $42 million. The French regulators have been carrying out the investigation against the two giant companies for the past year.
Breach Of France’s Data Protection Act
According to TechCrunch, CNIL has found tracking cookies that were allegedly dropped automatically in case of a specific user visiting the website. The above-mentioned is a breach of France’s Data Protection Act.
In the case of Google, the main French regulator found three violations, all related to dropping non-essential cookies. In the case of Amazon, there were two violations of the Data Protection Act.
Strict EU Privacy Laws
Not only the French law but the privacy laws of the European Union, in general, are quite strict. The users must be clearly notified and asked for consent even before the cookies were dropped.
Amazon Sketchy Banner
As reported by TechTimes, the French website of Amazon included a banner that informed the site’s visitors that they had agreed to the use of the website’s cookies. However, according to the CNIL, the website did not make it clear that the cookies would be used for ad tracking. The users were also not given the chance to express their consent. Thus, the regulator decided that Amazon’s practices were not compliant with the regulations and transparency requirements.
Adjustments To The Existing Laws
Although the law that includes regulations on tracking cookies has not been drastically changed for several years, there have been some adjustments and clarifications. In October 2019, the Court of Justice of the European Union has ruled that the user consent shall be obtained before not only storing but even accessing certain non-essential cookies, TechTimes continues to write.
TechCrunch translates parts of CNIL’s penalty notice from French to English and points out that the notice states that, “As this type of cookies cannot be deposited without the user having expressed his consent, the restricted committee considered that the companies had not complied with the requirement provided for by article 82 of the Data Protection Act and the prior collection of the consent before the deposit of non-essential cookies”
Size Of Penalties
The size of the penalties is dependent on the seriousness of the breach, as well as the reach of Google’s search engine and Amazon’s website. Moreover, the CNIL stated that if the companies fail to change the information banners and comply with the Data Privacy Act, they will both be charged with an additional daily amount of 100,000 euros that will be fined each day the companies do not comply with the set-out rules.
Google Fined The Largest Fine By The French Regulators
Yahoo reported that the $120 million that Google has been fined is the largest penalty that the French regulator has issued.
Amazon and Google have both separately reacted to the news and both said they disagree with the CNIL’s ruling. In a statement released by Google, we can read,
“We stand by our record of providing upfront information and clear controls, strong internal data governance, secure infrastructure, and above all, helpful products,”
Amazon has had a similar reaction, commenting on the decision with,
“We continuously update our privacy practices to ensure that we meet the evolving needs and expectations of customers and regulators and fully comply with all applicable laws in every country in which we operate,”