Facebook and Google fined with $200 million USD by French government for cookies policy
The French authority on information security determined to impose a €60 million penalty against and a €150 million penalty against after concluding that both companies hide from users the possibility of rejecting tracking cookies, so users must make endless clicks for this purpose.
In their resolution, the authorities point out that both companies clearly show the user the option to accept all cookies, in addition to including a single button for it. On the other hand, rejecting cookies is an unclear, non-automated and frustrating procedure, which requires users to disable each tracking option one by one.
After an investigation preceded by thousands of complaints from local users, the authorities came to three main conclusions:
- Companies make rejecting cookies an unnecessarily complicated process
- Trying to dissuade users from rejecting cookies is a systemic practice
- Both companies encourage users to consent to the collection of personal data
Both Facebook and Google were notified about this investigation a few months ago, so both companies committed to make the necessary changes so as not to have problems with the French authorities. However, months later the authorities still did not see the necessary changes, so the fines against both companies were announced.
The representatives of both companies have already spoken out on the matter, mentioning that their commitment to the safety of users is unquestionable and adding that the actions to be taken on these fines will be analyzed. Firms are likely to appeal the decision.
Other countries in Europe have taken similar steps before. In November 2021, the Italian government fined Google €10 million after discovering that the company was activating user options to collect, transfer and exploit your data for business purposes by default.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
Originally published at https://www.securitynewspaper.com on January 7, 2022.