The CNIL heavily sanctioned the giants Google and Facebook, pinned for not having respected the rule according to which ” refusing cookies should be as easy as accepting them ” for the user. By the way, the authority offers itself a record in terms of the amount of penalties.
Many criticized the National Commission for Informatics and Freedoms, the CNIL, for a certain passivity vis-à-vis the big digital players. But it seems that cookies have made authority greedier in recent years. After inflicting record fines on Google and Amazon at the end of 2020 for their management of small tracers (100 million euros for one, 35 million for the other), the data policeman has reoffended! On Wednesday, he announced that he had sanctioned Google with two fines, up to 150 million euros, and Facebook another, in the amount of 60 million euros. How? ‘Or’ What ? Why exactly? Let’s see this together.
The reasons for the intervention of the CNIL and the criticisms made against Google (and YouTube) and Facebook
The CNIL received several complaints denouncing the terms of refusal of cookies on the google.fr, youtube.com and facebook.com websites. In April 2021, it carried out an online check of the social network Facebook and observed, in the process, that the site offers a button that allows you to accept cookies, without offering an equivalent solution to refuse them. In June 2021, the CNIL made the same observation on the Google and YouTube sites.
A button allows you to immediately accept cookies, but there is no equivalent solution to refuse them so easily.
The CNIL’s criticism of Google, YouTube and Facebook, January 6, 2022
Remember, the recommendations and guidelines of the French data gendarme are clear: refusing a cookie should be as easy as accepting it. The authority thus suggests making an “Accept all” button coexist with a “Refuse all” button, on the same level, so as to offer the user a clear and simple choice, which, in this case, does not exist. This was not the case on Google, YouTube or Facebook.
The CNIL here denounces the fact that ” several clicks are necessary to refuse all cookies, against just one to accept them “. With regard to Facebook more particularly, the authority regrets that the button allowing to refuse the tracers is located at the bottom of the second window and is entitled “Accept cookies”. The restricted formation of the authority affirms that the process is not clear and that it causes confusion, because the user then has the feeling that it is not possible for him to refuse the deposit of cookies. Regarding Google, the CNIL deplores a more complex refusal mechanism. This discourages the user who ultimately comes to favor the ease of the “I accept” button.
210 million euros fine (s) and 3 months to meet the requirements of the CNIL
For this breach of article 82 of the Information and Freedoms law, which undermines the freedom of consent of Internet users, the CNIL banged its fist on the table and decided to sanction fairly heavily, on a French scale, the groups Google and Facebook. She decided to impose a global fine of 150 million euros on Google. This is divided into two: 90 million euros charged to Google LLC, the Californian company which develops the search engine and YouTube; and 60 million euros charged to Google Ireland Limited, the group’s European headquarters, based in Ireland. As for Facebook, the fine is 60 million euros and is addressed to Facebook Ireland Limited, European headquarters of the firm of Mark Zuckerberg. The amounts are records for the CNIL.
The two groups have obviously reacted to these sanctions, which also require them to introduce, within 3 months, a means to refuse cookies as simply as the existing one to accept them. For Google, through a spokesperson, “ Internet users trust us to respect their right to privacy and ensure their security. In accordance with these expectations, we are committed to implementing new changes as well as to working actively with the CNIL in response to its decision, within the framework of the ePrivacy directive. “
Facebook, for its part, indicates to examine the decision of the authority, through a spokesperson for the parent company, the Meta group: ” We remain committed to working with the relevant authorities. Our cookie consent controls give people greater control over their data, including a new settings menu on Facebook and Instagram
where people can review and manage their decisions at any time, and we continue to develop and improve these controls. It should be noted that Facebook’s cookie banner already offers granular controls to its European users, with some control over their data. But, in the eyes of the CNIL, the two companies must do more.
Source: CNIL
9