CNIL fines Google $120 Million & Amazon $42 Million for Cookie Consent Violations
French regulator CNIL fines Google $120 Million & Amazon $42 Million for Cookie Consent Violations
CNIL is France’s data protection authority responsible for individual’s rights & applications of GDPR. They have been very active in ensuring that websites comply with the cookie consent requirements. CNIL’s combined fine of $162 Million is the largest for cookie consent violation and will definitely lead to website operator’s to change their cookie practices.
What’s Cookie Consent:
Cookie consent is a requirement of ePrivacy directive of 2009, popularly known as cookie law which makes consent from users mandatory before a website drops cookies on the browser. GDPR just made the definition of consent strict and a compliant cookie consent banner should have the following:
- Accept & Deny Buttons: Both the buttons should be there and both buttons should have the same visibility. Website owners should not use any dark patterns to encourage click on Accept Button.
- Cookie Settings: This should ideally link to a cookie preference center where users can give consent for each purpose separetly. This should also have a list of cookies for each purpose
- Withdrawal of Cookies: For the user withdrawal of consent for cookies should be as easy as giving consent. This can be accomplished by adding a cookie settings button on the footer.
- Auto-Blocking Cookies & Tracking Technologies: This is the most crucial step, ensure no cookies are dropped before user gives consent. You can use privado’s cookie consent solution to auto-block cookies.
Why was Amazon fined?
- Failed to auto-block cookies: On amazon.fr, cookies were being dropped before user gave cookie consent.
Why was Google fined?
- Failed to auto-block cookies: When users visited google.fr, google automatically loaded advertisement cookies before user could give cookie consent
- Notice in the banner was incomplete: Banner just gave a privacy reminder with options to Access Now and Remind Later and failed to inform cookies that were loaded on browser and use of them
- Denying Cookies did not worked: Even when users deactivated personalized ads from the Access Now button, one advertising cookie will still be loaded and will keep sending information to the server.
In 2020, European DPA’s have been very active to enforce cookie consent on websites. You can comply with Europe’s cookie law along with other countries like CCPA with our free cookie consent solution. Sign up today or scan your website to find cookie compliance gaps.