France’s privacy watchdog fined Google nearly $170 million and Facebook almost $70 million on Thursday for making it harder for users to refuse cookies — which store user information — than to accept them.
The National Commission on Informatics and Liberty, or CNIL, also ordered Google and Facebook to fix that issue within three months or face daily fines of more than $100,000 from the restricted committee, the CNIL body that handles sanctions.
“The restricted committee considered that this process affects the freedom of consent: since, on the Internet, the user expects to be able to quickly consult a website, the fact that they cannot refuse the cookies as easily as they can accept them influences their choice in favor of consent,” the CNIL wrote.
That puts the two companies in violation of the French Data Protection Act, the commission said. On Facebook, YouTube and Google sites, one click can enable cookies but it takes multiple clicks to refuse them all, the CNIL said.
While cookies are largely a matter of privacy and convenience, criminals can hijack them to spy on users.
Google’s cookie policies has earned millions in CNIL fines before, as well as Amazon. Overall, the agency has issued nearly 100 orders and sanctions since the end of March, “when the deadline set for websites and mobile applications to comply with the new rules on cookies expired.”
Google and Facebook did not immediately respond to a request for comment, but Facebook told news outlets that it was reviewing the fine, while Google said it was working to to make changes in response to the CNIL commandment.
The post French privacy regulator slaps Facebook, Google with fines totaling nearly $240M appeared first on CyberScoop.
