France’s premier data protection agency, the CNIL, fined tech titans Google and Amazon today for dropping tracking cookies without user consent. This breach of cookie rules resulted in the agency slapping its biggest ever fine of $121 million on Google, and a $42 million fine on Amazon.
In its investigations over the past year, the French regulator found that both Google and Amazon were automatically dropping tracking cookies whenever a user visited their domains. This violates the country’s Data Protection Act, hence why the agency took action against the two companies.
Google got the heavier of the two fines because CNIL found three consent violations related to dropping non-essential cookies in its case. Amazon, on the other hand, was found guilty of two consent violations, as per the CNIL’s penalty notice.
“As this type of cookies cannot be deposited without the user having expressed his consent, the restricted committee considered that the companies had not complied with the requirement provided for by article 82 of the Data Protection Act and the prior collection of the consent before the deposit of non-essential cookies,” the French watchdog explained.
CNIL also noted that the information provided to site visitors about the cookies was simply not adequate enough. For instance, the banner displayed by Google did not provide specific information about the tracking cookies being dropped.
Amazon, on the other hand, did inform visitors to its French site that they were agreeing to its use of cookies. However, the banner wasn’t transparent enough as it did not make it clear to the visitors that the cookies were being used for ad tracking. And in any case, the visitors were not asked to consent to it in the first place.
Both Amazon and Google have yet to comment on the situation.
