On 7 December 2020, the French supervisory authority CNIL (Commission nationale de l’informatique et des libertés, French data protection authority) imposed substantive fines on Amazon and Google for allegedly placing advertising cookies on the computers of users in France without prior consent or providing adequate information. Amazon Europe Core was fined 35 million euros, and Google LLC and Google Ireland Limited received a total fine of 100 million euros. In determining the level of these fines, the CNIL took account of the seriousness of the alleged violations, the number of users that were affected, and the companies’ advertising revenues indirectly generated from the data collected via advertising cookies.
Although both Amazon and Google made recent changes to their cookie use and consent practices, the CNIL ruled that the companies’ cookie banners still failed to comply with French data protection law. Regarding the website google.fr, the CNIL concluded that the banner did not allow users in France to understand the purposes for which Google uses cookies, or properly disclose that they can refuse these cookies. As regards the website amazon.fr, the CNIL took the position that that the information banner did not allow French users to understand that Amazon was using cookies mainly for personalized advertising purposes, and that in this case as well, users were not informed about the option to refuse the cookies. In addition to the financial penalties, the CNIL ordered the companies to provide additional information around their cookie use – within a period three months – subject to a daily penalty of 100.000 euros for each day of delay.
These cases predate the CNIL’s amended guidelines and recommendations regarding the use of cookies and other tracking devices, which were published on October 1st, 2020. However, in its press releases on the Google and Amazon cases, the CNIL urges companies using cookies or other tracking devices to ensure compliance with the new guidelines and recommendations by April 2021.
