Google and Amazon must pay 135 million euros in fine for abusive cookies

The CNIL condemns Google to pay 100 million euros in fines and Amazon to 35 million euros in fines for their failure to comply with the rules on privacy and cookies. The authority believes that French Internet users still lack control over the cookies of these platforms.

Credit: Unsplash

The CNIL believes that Google and Amazon continue to abuse cookies. “On December 7, 2020, the restricted formation of the CNIL sanctioned the companies GOOGLE LLC and GOOGLE IRELAND LIMITED for a total amount of 100 million euros fine, in particular for having filed advertising cookies on the computers of users of the search engine without prior consent or satisfactory information, explains the authority.

And to continue, speaking of Amazon: “The restricted training of the CNIL sanctioned the company AMAZON EUROPE CORE with a fine of 35 million euros for having placed advertising cookies on users’ computers from the site “ here again without prior consent and without satisfactory information.

Read also: Google Home, Amazon Echo – the CNIL alerts users to the dangers of smart speakers for privacy

The CNIL sanctions Google and Amazon for their failure to comply with the Data Protection Act

In France, the Data Protection Act transposes the European GDPR directive. Since the entry into force of this regulation, web giants must be transparent about the collection of data from internet users. In particular, it is no longer possible to bombard visitors with advertising cookies without having asked for their prior consent. And it is precisely on this point that the CNIL is raising its tone.

The CNIL thus noted during an inspection that “Cookies were automatically placed” on the visitor’s computer without any action on his part. Several of these cookies pursued an advertising objective, adds the CNIL. Who pursues: “This type of cookie cannot be placed without the user having expressed his consent, the restricted committee considered that the companies had not complied with the requirement set out in article 82 of the Data Protection Act prior collection of consent before depositing cookies that are not essential to the service ”.

Google nevertheless displays a information banner at the bottom of the page with the mention “Reminder concerning Google’s privacy rules” and two buttons “Remind me later” and “Consult now”. But in the case of Google this headband “Did not provide the user with any information relating to cookies that had already been placed on his computer, upon arrival on the site. This information was also not provided to him when he clicked the “Consult now” button.

The information on cookies and the means to refuse them remains very insufficient on Google like Amazon

Especially since‘It seems impossible for the moment to completely disable cookies on Google, even by disabling the personalization of the ads, since one of the advertising cookies remains stored on the computer. There is therefore room for improvement for Google. Especially since the CNIL points to Google’s overwhelming market share in France and the enormous profits it derives from this abusive advertising targeting.

In the case of Amazon the situation is hardly better. During its checks, the CNIL was able to observe again that the visitor was bombarded with cookies sometimes with an advertising objective, without it being possible to refuse them first. “This type of cookies, which are not essential to the service, [peuvent] be filed only after the user has expressed their consent “, recalls the CNIL. Who thinks that the fact of placing cookies concomitantly on arrival on the site was a practice which, by its nature, was incompatible with prior consent“.

Here again Amazon does display an information banner on cookies. But this one is not in accordance with the law. In fact, the headband just says “ By using this site, you agree to our use of cookies to provide and improve our services. Learn more ». Without giving the means to refuse the cookies in question or to make the user understand that the main purpose of these cookies is to display targeted advertising.

To make matters worse, the CNIL found another breach in the case of Amazon “In the case of users who went to the site after having clicked on an ad published on another website”. In that case the same cookies were placed without any information delivered to Internet users“. Both platforms have a three month deadline to come into compliance. Under penalty of having to pay a fine of 100,000 euros per day of delay.

This is not the first time that Google and Amazon have been pinned down by the CNIL. Google has already had to pay a fine of 50 million euros in January 2019. As for Amazon, the platform had already been checked, but no CNIL fine to date.

Leave a Comment