Google in major cookie fine
On December 10, 2020, the French Data Protection authority (CNIL) announced it had issued two fines against Google LLC and Google Ireland totaling €100 million for not complying with current cookie requirements.
Based on a cookie audit of google.fr in March 2020, the CNIL found Google in three violations of Article 82 of the Act n°78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties.
On google.fr the CNIL found that:
- cookies for marketing purposes were automatically placed on users’ devices without their prior consent.
- an information banner with two options (buttons) “Remind me later” and “Access now” did not offer the user sufficient, or any, information about the automatic placement of marketing cookies.
- opt-out mechanism for deactivating personalized ads was not working as described since marketing cookies were still placed on the users’ equipment collecting personal information.
Calculating the fine, the CNIL considered the severity of the three violations; the fact they have had consequences for 50 million users of Google Search services; and the obvious financial gain of collecting and processing personal data for marketing purposes.
Since September 2020, marketing cookies are no longer automatically placed when users visit google.fr.
Same day, the CNIL also announced a €35 million fine against Amazon Europe for not complying with French guidelines to cookies, consent and personal data processing.
How to comply with current privacy regulations
The European rules on cookies are described in the ePrivacy Directive, yet most information cookies collect are personal and thus regulated by the GDPR.
Cookies from abovementioned services all collect your users’ personal data with marketing purposes. Therefore, using these types of cookies requires you to collect a consent which meets the requirement of recital 32 in the GDPR.
- Inform your users of the cookies your site uses
- Give your user a possibility to say no thanks to cookies
Here’s a complete checklist to collecting valid consent to cookies.
Checklist for collecting
valid consent to cookies
When it comes to informing users about cookies, obtaining and storing valid consents, you should use a certified Consent Management Platform.
You can try our Consent Management Platform and our professional cookie banner for free for 30-days. We guide you all the way from setup to implementation to onboarding if you like.