Google and Amazon Fined a Total of $162 Million for Cookie Use Violations in France
The French Data Protection Authority, CNIL, fines companies for GDPR cookie consent violations.
Today, Dec.10, technology giants Google and Amazon got hit with a total fine of $162 million by the French Data Protection Authority, CNIL, for GDPR cookie consent violations.
CNIL fined Google a total of $120 million after an investigation carried out on March 16, 2020, revealed that Google.fr’s website placed advertising cookies automatically on users’ computers without obtaining prior consent from them.
According to the French regulator, Google LLC and Google Ireland were penalized for;
- Depositing tracking cookies in users’ computers without obtaining prior consent
- Providing insufficient information to users about the deployment of non-essential tracking cookies
- Partial failure of the "opt-out" mechanism for personalization of ads
Google’s fine is the biggest ever imposed in France for this type of breach.
In a separate announcement, the French DPA also fined e-commerce giant, Amazon, $42 million after investigations of Amazon.fr’s website between 12 December 2019 and 19 May 2020, revealed that cookies were automatically installed in consumers’ devices without any action required from them.
Amazon was fined for;
- Deploying tracking cookies without seeking consent from users
- Unclear information about the purposes of all tracking cookies placed in users’ devices
The fines against Google and Amazon were confirmed on CNIL’s website, and they are available in both French and English.
Complying with GDPR Cookie Consent with Secure Privacy
Secure Privacy offers a powerful consent management tool to help you ensure that you obtain prior consent for the use of non-essential cookies on your website.
It is essential to block non-essential plugins and tracking cookies until you have obtained consent from your users to deploy them on their devices.
Make your website compliant with these three simple steps
- Sign up for a free trial of our GDPR compliance solution
- Install the solution on your website
- Obtain GDPR-compliant cookie consent from users with our highly customizable cookie banners
Our free GDPR e-book provides a simplified step-by-step breakdown of the two laws to help you understand what you need to become compliant with the GDPR.
Additional Resources
- Learn more about cookie consent compliance in France with our simplified guide of CNIL’s Consent Guidelines. Read the latest CNIL blog posts.
- Read our detailed guide on how to comply with GDPR cookie consent requirements on your website
- Learn more about GDPR by downloading your free e-Book and get it delivered straight into your inbox
- Germany's 1&1 Telecom Fined $10.6 Million for a GDPR Violation
- Here are more of the highest GDPR fines enforced by regulators so far.
Want to try
Secure Privacy?
Get your free cookie banner up and running today!
CPRA Data Retention
Unlike other data protection laws, such as the GDPR of the EU, the CPRA does not prevent you from collecting personal data freely without asking anyone. However, it doesn’t allow you to keep it longer than needed. This article will delve into the CPRA requirements for data retention.
- USA
CPRA and Employee Data: What You Need to Know
Under the CPRA, employee personal information is any information that could be used to determine who a person is and how they work. California employees have all the same rights guaranteed by the California Privacy Rights Act as any other consumer. Learn all you need to know about CPRA and Employee Data here.
- USA
CPRA Requests
Your users have the right to know what personal information is being collected about them, and they may contact you with a request to get information about how you handle personal information, ask you to delete it, transfer it to another company, or do something similar. Under the CPRA, you are obliged to respond to them. In this article, we explain how to comply with such consumer requests and the CPRA.
- USA