COOKIES. CONSENT. COMPLIANCE
Schedule a Demo
secure privacy badge logo
Regulations
EUROPE
GDPR (EU) UK DPA (United Kingdom) FADP (Switzerland) NewDPA (Norway)

View All

North America
PIPEDA (Canada) CCPA/CPRA (California) CPA (Colorado) VCDPA (Virginia)

View All

Middle East
PDPL (UAE) DIFC DPA (Dubai) PDPL (Saudi Arabia) KVKK (Turkey)

View All

Asia
PIPA (South Korea) NewPIPL (China) Data Privacy Act 2012 (Philippines) PDPA (Singapore)

View All

Central and South America
LGPD (Brazil) DPL (Colombia) Personal Data Protection Law (Argentina) LSPDP (Panama)

View All

Africa
POPIA (South Africa) Law no.09-08 (Morocco) LPDP (Egypt) DPA (Kenya)
Oceania
APP (Australia) Privacy Act (New Zealand)
Features
Cookie BannersPreference CenterCookie & Website ScannerConsent LoggingData Subject Request FormsCookie PolicyPolicy CenterLegal Templates70+ Language Support
Cookie Banners
Integrations
HubspotWordpressMagentoAdobe Tag ManagerWixShopifyDrupalGoogle Tag ManagerWeeblySquarespaceWebviewSitecoreUmbracoJoomlaBigcommerceGoogle Consent ModeAdobe LaunchTealium IAB TCF v2.2
Hubspot badge
Pricing
Partner
Resources
BlogSupportContact UsDocsRequest DemoTraining & CertificationGDPR Website Scanner
December 10, 2020

Google and Amazon Fined a Total of $162 Million for Cookie Use Violations in France

The French Data Protection Authority, CNIL, fines companies for GDPR cookie consent violations. 

Today, Dec.10, technology giants Google and Amazon got hit with a total fine of $162 million by the French Data Protection Authority, CNIL, for GDPR cookie consent violations

CNIL fined Google a total of $120 million after an investigation carried out on March 16, 2020, revealed that Google.fr’s website placed advertising cookies automatically on users’ computers without obtaining prior consent from them. 

According to the French regulator, Google LLC and Google Ireland were penalized for;

  • Depositing tracking cookies in users’ computers without obtaining prior consent  
  • Providing insufficient information to users about the deployment of non-essential tracking cookies
  • Partial failure of the "opt-out" mechanism for personalization of ads

Google’s fine is the biggest ever imposed in France for this type of breach

In a separate announcement, the French DPA also fined e-commerce giant, Amazon, $42 million after investigations of Amazon.fr’s website between 12 December 2019 and 19 May 2020, revealed that cookies were automatically installed in consumers’ devices without any action required from them. 

Amazon was fined for; 

  • Deploying tracking cookies without seeking consent from users
  • Unclear information about the purposes of all tracking cookies placed in users’ devices

The fines against Google and Amazon were confirmed on CNIL’s website, and they are available in both French and English.

Complying with GDPR Cookie Consent with Secure Privacy

Secure Privacy offers a powerful consent management tool to help you ensure that you obtain prior consent for the use of non-essential cookies on your website. 

It is essential to block non-essential plugins and tracking cookies until you have obtained consent from your users to deploy them on their devices. 

Make your website compliant with these three simple steps

  • Sign up for a free trial of our GDPR compliance solution
  • Install the solution on your website 
  • Obtain GDPR-compliant cookie consent from users with our highly customizable cookie banners 

Our free GDPR e-book provides a simplified step-by-step breakdown of the two laws to help you understand what you need to become compliant with the GDPR.

Schedule a call to learn more

Additional Resources

  •  Learn more about cookie consent compliance in France with our simplified guide of CNIL’s Consent Guidelines.
  • Read our detailed guide on how to comply with GDPR cookie consent requirements on your website
  • Learn more about GDPR by downloading your free e-Book and get it delivered straight into your inbox
  • Germany's 1&1 Telecom Fined $10.6 Million for a GDPR Violation
  • Here are more of the highest GDPR fines enforced by regulators so far.
image

Kentucky Consumer Privacy Act (KCPA): What Businesses Need to Do

You run a mid-sized e-commerce platform. You have customers in about twenty states. Your analytics stack processes behavioral data on roughly 130,000 users a year, a fair share of them Kentucky residents. Until January 1, 2026, that was a background fact. As of that date, it is a compliance obligation — and if you have not mapped what you collect from those users, updated your privacy notice, or built a process to respond to their rights requests, you are already operating in violation of a law that carries penalties of up to $7,500 per violation.

  • USA
  • Data Protection
image

Operational AI Risk Management: From Frameworks to Real Controls

Your fraud detection model has been running in production for eight months. It was validated before launch, documented in a model card, and signed off by the risk committee. Nobody has touched it since. Last week, it started flagging 40% more transactions as suspicious — a quiet drift nobody noticed because the monitoring dashboard was set to alert only on catastrophic failure rates. Customers are being declined for legitimate purchases. The business impact is real and mounting. The compliance exposure, under the EU AI Act's post-market monitoring requirements for high-risk systems, is worse.

  • AI Governance
image

Mobile App Privacy Compliance Guide: GDPR, CCPA & Beyond

Your app is live. Downloads are growing. Then someone in legal asks: "What happens when an analytics SDK fires before the consent banner resolves?" You review the network logs and discover that device identifiers are being transmitted to three different ad networks within 200 milliseconds of app launch — before a single user has touched the consent interface. The banner looked correct. The underlying behavior was not. That gap is where enforcement happens.

  • Mobile Consent