- January 25, 2022
France Fines Google, Facebook for issues on Privacy Violations
Regulators have issued penalties to the tune of $169 million against Google Alphabet Inc.’s and $67 million against Facebook Meta Platforms Inc.’s for making it too hard for people to reject cookies – the identifiers used to track users data.
Facebook and Google required several steps for users to reject cookies used to track data on YouTube, Facebook and Google, said France’s data-protection regulator, the CNIL. The regulator also gave the companies three months to create a solution for rejecting cookies that is as simple as the button to accept them.
The penalties are the latest salvo from European regulators against big tech companies. In September, Ireland’s privacy authority fined Meta’s WhatsApp chat service 225 million euros, equivalent to about $266 million at the time, for failing to inform users about how it handles their data. In 2019, the French regulator also fined Google €50 million or about $57 million at the time, for failing to obtain sufficient consent from individuals for collecting data used to target ads.
Meanwhile, Meta is now reviewing CNIL’s decision and has stated it remains committed to working with regulators. According to Meta’s representative, “Our cookie consent controls provide people with greater control over their data, including a new settings menu on Facebook and Instagram where people can revisit and manage their decisions at any time, and we continue to develop and improve these controls”.
Some of the fines by European regulators, including the penalty against WhatsApp, were issued under the European Union’s 2018 Gener
al Data Protection Regulation, however, the French watchdog used an older EU law, known as the ePrivacy directive, to fine Google and Facebook, allowing the regulator to avoid negotiating with its counterparts in other countries.
Under the ePrivacy rules, in effect since 2002, a regulator in one of the 27 EU countries can fine any company that does business in its jurisdiction. Under the GDPR, a regulator can fine only companies that have their European headquarters in that country.