French regulators have hit Google and Facebook with 210 million euros ($237 million) in fines over their use of “cookies”, the data used to track users online, authorities said Thursday.
US tech giants, including the likes of Apple and Amazon, have come under growing pressure over their businesses practices across Europe, where they have faced massive fines and plans to impose far-reaching EU rules on how they operate.
The 150-million-euro fine imposed on Google was a record by France’s National Commission for Information Technology and Freedom (CNIL), beating a previous cookie-related fine of 100 million euros against the company in December 2020.
Facebook was handed a 60-million-euro fine.
The two platforms have three months to adapt their practices, after which France will impose fines of 100,000 euros per day, CNIL added.
Google told AFP it would change its practices following the ruling.
“In accordance with the expectations of internet users… we are committed to implementing new changes, as well as to working actively with CNIL in response to its decision,” the US firm said in a statement.
Cookies are little packets of data that are set up on a user’s computer when they visit a website, allowing web browsers to save information about their session.
They are highly valuable for Google and Facebook as ways to personalise advertising—their primary source of revenue.
But privacy advocates have long pushed back.
Since the European Union passed a 2018 law on personal data, internet companies face stricter rules that oblige them to seek the direct consent of users before installing cookies on their computers.
90 notices issued
CNIL argued that Google, Facebook and YouTube make it very easy to consent to cookies via a single button, whereas rejecting the request requires several clicks.
It had given internet companies until April 2021 to adapt to the tighter privacy rules, warning that they would start facing sanctions after that date.
French newspaper Le Figaro was the first to be sanctioned, receiving a fine of 50,000 euros in July for allowing cookies to be installed by advertising partners without the direct approval of users, or even after they had rejected them.
CNIL said recently that it had sent 90 formal notices to websites since April.
The fines were based on an earlier EU law, the General Data Protection Regulation, with CNIL arguing that the companies had failed to give “sufficiently clear” information to users about cookies.