The CNIL condemns Google to pay 100 million euros in fines and Amazon to 35 million euros in fines for their failure to comply with the rules on privacy and cookies. The authority believes that French Internet users still lack control over the cookies of these platforms.
And to continue, speaking of Amazon: “The restricted training of the CNIL sanctioned the company AMAZON EUROPE CORE with a fine of 35 million euros for having placed advertising cookies on users’ computers from the amazon.fr site “ here again ” without prior consent and without satisfactory information” .
Read also: Google Home, Amazon Echo – the CNIL alerts users to the dangers of smart speakers for privacy
The CNIL sanctions Google and Amazon for their failure to comply with the Data Protection Act
In France, the Data Protection Act transposes the European GDPR directive. Since the entry into force of this regulation, web giants must be transparent about the collection of data from internet users. In particular, it is no longer possible to bombard visitors with advertising cookies without having asked for their prior consent. And it is precisely on this point that the CNIL is raising its tone.
The CNIL thus noted during an inspection that “Cookies were automatically placed” on the visitor’s computer without any action on his part. ” Several of these cookies pursued an advertising objective” , adds the CNIL. Who pursues: “This type of cookie cannot be placed without the user having expressed his consent, the restricted committee considered that the companies had not complied with the requirement set out in article 82 of the Data Protection Act prior collection of consent before depositing cookies that are not essential to the service ”.
Google nevertheless displays a information banner at the bottom of the page with the mention “Reminder concerning Google’s privacy rules” and two buttons “Remind me later” and “Consult now”. But in the case of Google this headband “Did not provide the user with any information relating to cookies that had already been placed on his computer, upon arrival on the site. This information was also not provided to him when he clicked the “Consult now” button.
The information on cookies and the means to refuse them remains very insufficient on Google like Amazon
Especially since‘It seems impossible for the moment to completely disable cookies on Google, even by disabling the personalization of the ads, since one of the advertising cookies remains stored on the computer. There is therefore room for improvement for Google. Especially since the CNIL points to Google’s overwhelming market share in France and the enormous profits it derives from this abusive advertising targeting.
In the case of Amazon the situation is hardly better. During its checks, the CNIL was able to observe again that the visitor was bombarded with cookies sometimes with an advertising objective, without it being possible to refuse them first. “This type of cookies, which are not essential to the service, [peuvent] be filed only after the user has expressed their consent “, recalls the CNIL. Who thinks that ” the fact of placing cookies concomitantly on arrival on the site was a practice which, by its nature, was incompatible with prior consent“.
To make matters worse, the CNIL found another breach in the case of Amazon “In the case of users who went to the amazon.fr site after having clicked on an ad published on another website”. In that case ” the same cookies were placed without any information delivered to Internet users“. Both platforms have a three month deadline to come into compliance. Under penalty of having to pay a fine of 100,000 euros per day of delay.
This is not the first time that Google and Amazon have been pinned down by the CNIL. Google has already had to pay a fine of 50 million euros in January 2019. As for Amazon, the platform had already been checked, but no CNIL fine to date.