The National Commission on Informatics and Liberty (CNIL), France’s data protection and security regulator, has sanctioned Facebook for 60 million euros and Google for 150 million euros. The penalties are for making it harder for website users to decline cookies by concealing the options behind a series of clicks. Visitors to Facebook and Google’s websites can accept the complete set of cookies in a single interaction by clicking a button on the first page.
Denying the cookies, on the other hand, is a time-consuming and frustrating operation that needs users to disable each one individually. As a result, the commission that looked into the subject after receiving many concerns from French users found that Facebook and Google are:
“Complicate the cookie refusal mechanisms unnecessarily.
Users are being discouraged from refusing cookies.
Encouraging users to provide their consent to the acquisition of their personal data.“
The approach is deemed a violation of internet users’ freedom of consent, and as such, it is in violation of Article 82 of the French Data Protection Act.
CNIL notified the two organizations of the infringement a few months ago and obtained assurance that the problems would be resolved. Facebook sent pictures of a new cookie management interface in December 2021, citing changes in the system that no longer favored acceptance.
Nevertheless, the commission discovered that denying the cookies was still difficult while accepting them was still easier. As a consequence, the CNIL recently announced a 60 million Euro administrative penalties against Facebook Ireland Ltd., with an extra 100,000 Euro punishment each day of non-compliance, effective March 2022. Google was hit with the same deadline and delay fines, with a payment of 150 million Euros split between Google LLC and Google Ireland Ltd., with 90 million Euros and 60 million Euros correspondingly.
The Italian competition commission fined Google 10 million euros in November of last year for automatic data collecting that was too excessive. The Italian investigators discovered that by default, Google was allowing users to authorize the collection, transfer, and use of personal data for commercial reasons.