• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

French data protection regulator fines Google and Amazon for non-compliance with EU cookie rules

December 14, 2020 By Yung Shin Van Der Sype and Wim Nauwelaerts

On 7 December 2020, the French supervisory authority CNIL (Commission nationale de l’informatique et des libertés, French data protection authority) imposed substantive fines on Amazon and Google for allegedly placing advertising cookies on the computers of users in France without prior consent or providing adequate information. Amazon Europe Core was fined 35 million euros, and Google LLC and Google Ireland Limited received a total fine of 100 million euros. In determining the level of these fines, the CNIL took account of the seriousness of the alleged violations, the number of users that were affected, and the companies’ advertising revenues indirectly generated from the data collected via advertising cookies.

Although both Amazon and Google made recent changes to their cookie use and consent practices, the CNIL ruled that the companies’ cookie banners still failed to comply with French data protection law. Regarding the website google.fr, the CNIL concluded that the banner did not allow users in France to understand the purposes for which Google uses cookies, or properly disclose that they can refuse these cookies. As regards the website amazon.fr, the CNIL took the position that that the information banner did not allow French users to understand that Amazon was using cookies mainly for personalized advertising purposes, and that in this case as well, users were not informed about the option to refuse the cookies. In addition to the financial penalties, the CNIL ordered the companies to provide additional information around their cookie use – within a period three months – subject to a daily penalty of 100.000 euros for each day of delay.

These cases predate the CNIL’s amended guidelines and recommendations regarding the use of cookies and other tracking devices, which were published on October 1st, 2020. However, in its press releases on the Google and Amazon cases, the CNIL urges companies using cookies or other tracking devices to ensure compliance with the new guidelines and recommendations by April 2021.

Filed Under: Data Protection, International

About Yung Shin Van Der Sype

Yung Shin is an associate in the Technology & Privacy Group.

About Wim Nauwelaerts

Wim Nauwelaerts is a partner in the Brussels office, leading Alston & Bird’s European Privacy & Data Security Team. Wim has over 20 years of experience working with global companies on their data protection, privacy, and cybersecurity needs, including General Data Protection Regulation (GDPR) readiness, data transfer, data security and breach requirements, and compliance training.

[Read Bio]

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • The GDPR Reaches the US Supreme Court in Cert Petition
  • Another Court Dismisses Data Breach Class Action Lawsuit for Lack of Standing
  • NYDFS Reports Major Cybersecurity Settlement
  • Virginia Becomes First State with Comprehensive Privacy Law after CCPA
  • President Biden Issues Executive Order on America’s Supply Chains
Copyright © 2021 · Alston & Bird · All Rights Reserved. Privacy.