CNIL found that Facebook.com and Google.fr do not allow "the refusal of cookies" as simple" as in the case of their acceptance. Therefore, they sanctioned the Silicon Valley firms under the e-Privacy Directive.
Although the CNIL didn't impose the fines in accordance with the GDPR, they serve as a good reminder for all online businesses to review their cookie policies carefully.
The two platforms have three months to comply with the French authorities' requirements. Otherwise, they risk a daily punishment of € 100,000.
Shortly, cookies are small size computer files that websites place on users' devices for a variety of reasons, including technical or targeted advertising. They allow websites to track which pages users visit and offer them with relevant advertising. These strategies frequently result in the invasion of internet users' privacy.
Having a "Refuse all cookies" button reduces the rate of consent among internet users. "These elements therefore demonstrate the undeniable financial benefit derived from the breach done by Google," stated the CNIL.
In the Google and Facebook penalties, CNIL draws attention to the discrepancy between how easy it is for a Web user to accept cookies and how difficult it is to refuse them. "The websites facebook.com, google.fr, and youtube.com all have an option that allows you to accept cookies immediately," CNIL explains. "To decline all cookies, more clicks are required."
Find more about what are the GDPR fines for non-compliance and how to avoid them. Contact us for more information.
Last updated: January 15, 2022