wordpress blog stats
Connect with us

Hi, what are you looking for?

, , ,

French data authority fines Google $120 million, Amazon $42 million for violating cookie consent rules

France, phones, Mona Lisa

The French data authority, CNIL, has fined Google and Amazon after investigations revealed that the tech giants were placing cookies on their websites, without the consent of consumers. In two orders, the CNIL placed a €100 million ($120 million) penalty on Google LLC and Google Ireland, and a €35 million ($42 million) on Amazon Europe.

Websites use cookies primarily to collect information about users and can be used for targeted advertising. Both Google and Amazon were found to be in breach of the French Data Protect Act, in terms of pushing cookies prior to the consent of their users and poor transparency in explaining the functions of various cookies. Previously, in January 2019 the CNIL fined Google $57 million for failing transparency requirements under the European Unions’ General Data Protection Regulation.

Over the last few months, there has been increased scrutiny over Big Tech companies from regulators and legislatures across the world. The United States’ Department of Justice recently launched a lawsuit against Google and a coalition of states has come together to take on Facebook. Earlier in November, the European Commission launched an antitrust investigation into Amazon’s marketplace and retail practices in Germany and France, while Competition Commission of India has opened several investigations into Google, from its policies on the Play Store to alleged abuse of the smartphone Operating Systemm market, and in the smart TV market.

Violations by Amazon

In the case of Amazon, the restricted committee of the CNIL found that when users visited amazon.fr (French domain) a large number of cookies were automatically placed on their computer. The committee said these types of cookies for advertising purposes can only be placed after the user has expressed their consent, therefore the “deposit of cookies at the same time as arriving on the site was a practice which, by its nature, was incompatible with a prior consent.”

The CNIL also said that the information on amazon.fr was “neither clear, not complete” as the banner on the website only contained general information about the cookies on the website and did not explain how users could refuse these cookies. “Then, the restricted committee noticed that the company’s failure to comply with its obligation was even more obvious regarding the case of users that visited the website amazon.fr after they had clicked on an advertisement published on another website. It underlined that in this case, the same cookies were placed but no information was provided to the users about that,” the order says.

Advertisement. Scroll to continue reading.

It noticed that, no matter what path the users used to visit the website, they were either insufficiently informed or never informed of the fact that cookies were placed on their computer. In the case of users visiting the website amazon.fr after they had clicked on an advertisement, the restricted committee considered that the instant deposit of cookies, added to the absence of any information, was violating the internet users’ rights CNIL order dated December 10, 2020

The CNIL noted that amazon.fr was redesigned in September this year and the new website does not place cookies prior to the consent of users. ” However, it considered that the new information banner set up still does not allow the users living in France to understand that the cookies are mainly used to propose personalized ads and that they were still not informed that they could refuse these cookies,” it said. The CNIL also ordered Amazon to inform individuals adequately within three months from the order, or the company would have to pay a €100,00 for each day of delay.

Violations by Google

The CNIL found that Google LLC and its subsidiary Google Ireland had violated three aspects the French Data Protection Act, compared to Amazons’ two breaches. Similar to Amazon, the CNIL found that several advertising related cookies were automatically placed on a users’ computer when they visited google.fr.

“Since this type of cookies can only be placed after the user has expressed his or her consent, the restricted committee considered that the companies had not complied with the requirement provided for in Article 82 of the French Data Protection Act regarding the collection of prior consent before placing cookies that are not essential to the service,” it said.

The CNIL found that whenever a user deactivated the ad personalization on the Google search, advertising cookies ‘was still stored on his or her computer and kept reading information aimed at the server to which it is attached. “Therefore, the restricted committee considered that the “opposition” mechanism set up by the companies was partially defective, breaching Article 82 of the French Data Protection Act,” it said.

While websites have stopped automatically placing advertising cookies when a user arrives on the page google.fr, since September 2020, the new information banner does not explain the purposes for which the cookies are used and does not let users know that they can refuse these cookies, it said.

In both Google and Amazon’s case, the CNIL also ordered them to “adequately inform individuals, in accordance with Article 82 of the French Data Protection Act, within three months after the notification of the decision. Otherwise, the company must pay a penalty payment of 100 000 euros for each day of delay.”

Also read: 

Advertisement. Scroll to continue reading.

Written By

Reports on banking, payments, fintech and crypto-curencies. Additional reporting on media regulations, data protection and other areas.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.


Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.


This article addresses the legal and practical ambiguities in understanding the complex crypto ecosystem in India.


It is widely argued that the PDP Bill report seeks to discard the intermediary status of social media platforms but that may not be...


Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ