NEWS11 December 2020

French regulator fines Google and Amazon €135m

Europe GDPR News Privacy Technology

FRANCE – Google and Amazon have been fined a combined €135m by the French data privacy regulator CNIL for breaches of the French data protection act.

Google HQ

The fines related to the unauthorised placing of cookies for advertising purposes on the computers of visitors to the French websites of Google and Amazon. French data law requires a user’s consent for the cookies to be placed.

The regulator determined that there was a lack of information provided to users of both websites, and that the companies did not provide sufficient details to users about how the cookies worked.

Google was also found to have a partial failure of an “opposition” mechanism, where an advertising cookie was still stored on a user’s computer even after they had deactivated advertising personalisation.

CNIL investigated the breaches at Amazon between 12th December 2019 and 19th May 2020. The company was fined €35m. The regulator said Amazon should also notify all affected individuals within three months or face a further fine of €100,000 a day.

Google was investigated by CNIL from 16th March 2020, and issued a financial penalty of €60m for Google LLC and €40m for Google Ireland Limited. Google is also to notify all affected individuals within three months or face a further fine of €100,000 a day.

A Google spokesperson said: “People who use Google expect us to respect their privacy, whether they have a Google account or not. We stand by our record of providing upfront information and clear controls, strong internal data governance, secure infrastructure, and above all, helpful products.

“The decision under French eprivacy laws overlooks these efforts and doesn’t account for the fact that French rules and regulatory guidance are uncertain and constantly evolving. We will continue to engage with the CNIL as we make ongoing improvements to better understand its concerns.”

An Amazon spokesperson said: “We disagree with the CNIL’s decision. Protecting the privacy of our customers has always been a top priority for Amazon.

“We continuously update our privacy practices to ensure that we meet the evolving needs and expectations of customers and regulators and fully comply with all applicable laws in every country in which we operate.”

Amazon has updated its information and choices for customers in the EU, UK and Turkey about the use of cookies on its website.