France’s data privacy watchdog has handed out its biggest ever fine of 100 million euros ($121 million) to Alphabet’s Google for breaching the country’s rules on online advertising trackers (cookies).
The CNIL said on Thursday (10 December) it had also fined e-commerce giant Amazon 35 million euros for breaking the same rules,
The regulator found the companies’ French websites didn’t seek the prior consent of visitors before advertising cookies – small pieces of data stored while navigating on the Web – were saved on computers, it said in a statement.
Google and Amazon also failed to provide clear information to internet users about how the firms intended to make use of such online trackers and how visitors to their French websites could refuse any use of the cookies, the watchdog said.
The CNIL rejected the companies’ arguments that it had no right to impose the sanctions because their respective European headquarters are in Ireland and Luxembourg – two countries perceived by some data privacy advocacy groups as being lenient toward Silicon Valley companies.
The CNIL said Google’s fine had to be paid for the most part by its U.S. entity Google LLC (60 million euros) and the rest by EU-based Google Ireland Limited (40 million).
Amazon’s fine has to be paid by its Luxembourg-based entity.
The CNIL said the companies had three months to change the information banners. If they fail to do so, they will face an additional fine of 100,000 euros per day until they comply.
The financial penalty against Google is the biggest ever issued by the CNIL, a spokesman for the watchdog said.
The previous record fine of 50 million euros also targeted the U.S. tech giant for breaching EU data privacy rules.
“We stand by our record of providing upfront information and clear controls, strong internal data governance, secure infrastructure, and above all, helpful products,” Google said in a statement.
“Today’s decision under French ePrivacy laws overlooks these efforts and doesn’t account for the fact that French rules and regulatory guidance are uncertain and constantly evolving.”
Amazon said separately it disagreed with CNIL’s decision.
“We continuously update our privacy practices to ensure that we meet the evolving needs and expectations of customers and regulators and fully comply with all applicable laws in every country in which we operate,” it said.