Thursday, August 18, 2022

French regulatory authority fines Google, Facebook for Cookie tracking

On Tuesday, Alphabet’s unit, Google, was hit with a $169 million fine by France’s data privacy watchdog, Commission Nationale de L’information et des Libertés (CNIL), for implementing restrictions for users to decline cookies – online trackers.

Facebook’s parent company, Meta Inc, was also caught in the regulatory crossfire, as it was also fined $67.82 million for a similar reason, according to the Commission’s statement.

“In April 2021, the CNIL conducted an online investigation on this website and found that, while it offers a button to accept cookies immediately, it does not offer an equivalent solution (button or other) enabling the user to refuse the deposit of cookies as easily,” according to the regulatory document.

“Several clicks are required to refuse all cookies, as opposed to a single one to accept them. The CNIL also noted that the button allowing the user to refuse cookies is located at the bottom of the second window and is entitled ‘Accept Cookies,’” it added.

The tech giants were given a deadline of three months to alter their Cookies policies in the country.

In the search engine’s case, the CNIL uncovered that Alphabet’s sites, including YouTube, do not have the same issue that of Facebook’s. Users can easily accept all cookies with one click, but they must go through various menu items to refuse them.

This showcases that the company is intentionally driving users towards what is more beneficial to it.

The European Union (EU) and the CNIL consider the use of cookies as one of the most significant elements that could help them build the needed framework to base their data privacy regulation on.

To tech companies, on the other hand, cookies are considered the key pillar that helps them develop accurately targeted digital ad campaigns.

“When you accept cookies, it’s done in just one click,” said CNIL’s head for data protection and sanctions, Karin Kiefer, in a statement.

“Rejecting cookies should be as easy as accepting them,” she added.

According to the EU’s law, when users submit their data online, it’s happening with their own free will and complete understanding of the decision. In this case, the French regulatory authority judges Facebook and Google’s behavior as trickery and misleading citizens for their own benefit by forcefully deploying what is referred to as “dark patterns.”

Dark patterns are user interfaces that force users to accept a policy or agree to install cookies – a decision they wouldn’t typically make. In this case, for consumers to not give their consent, they will have to exit the page.

This presents a direct breach of EU laws, given it wrangles users’ consent.

In the event these tech giants failed – or disregarded – the authoritarian demand, they’d be risking a daily fine of almost $113 million.

This also includes Google and Facebook’s responsibility to deliver French users with more straightforward tools to decline cookies and secure consumers’ consent. In parallel, the CNIL stated that both tech giants are to provide an immediate acceptance of cookies.

“People trust us to respect their right to privacy and keep them safe. We understand our responsibility to protect that trust and are committing to further changes and active work with the CNIL in light of this decision,” a Google spokesperson said in a statement.

As for Facebook, the social networking mogul refused to comment on the matter.