French regulators slapped US tech giants Google and Facebook with a combined $238 million in fines for allegedly violating European privacy laws by not allowing users the chance to reject data-tracking cookies.
The CNIL, the French government agency that regulates tech firms’ use of personal data, announced the fines on its website on Thursday.
Google was hit with a $170 million penalty while Facebook will be forced to surrender $68 million.
The CNIL said that Facebook, Google, and Google-owned YouTube “offer a button allowing the user to immediately accept cookies.”
“However, they do not provide an equivalent solution (button or other) enabling the Internet user to easily refuse the deposit of these cookies. Several clicks are required to refuse all cookies, against a single one to accept them.”
The agency determined that “this process affects the freedom of consent” since the user “cannot refuse the cookies as easily as they can accept them,” which it says is a violation of Article 82 of the French Data Protection Act.
The CNIL also ordered both Facebook and Google to change how they present cookie options to users in France.
The two companies were given three months to give local users the option to refuse cookie trackers “in order to guarantee their freedom of consent.” Failure to comply will result in daily fines of 100,000 euros – or $113,000.
A Google spokesperson told The Post: “People trust us to respect their right to privacy and keep them safe.
“We understand our responsibility to protect that trust and are committing to further changes and active work with the CNIL in light of this decision under the ePrivacy Directive.”
Facebook did not immediately respond to requests for comment.
A spokesperson for Facebook’s parent company Meta told TechCrunch: “We are reviewing the authority’s decision and remain committed to working with relevant authorities.”
The French government action on Thursday is the second time in recent years that it has cracked down on Google.
In December 2020, the French watchdog fined Google $113 million for dropping tracking cookies without consent. Amazon was also hit with a $40 million penalty.
Last month, the European Commission warned both Google and Facebook that it wouldn’t be deterred by the companies’ alleged use of “legal tricks” to avoid compliance with the EU’s rigid privacy rules.
Vera Jourová, the EU’s commissioner for values and transparency, told a privacy conference that member countries needed to step up enforcement of the General Data Protection Regulation (GDPR), according to TechCrunch.
Failure to do so would compel the EU to act unilaterally and impose its own penalties on companies, Jourová warned. “I want to see full compliance, not legal tricks. It’s time not to hide behind small print, but tackle the challenges head-on.”
First rolled out in 2018, the GDPR gave citizens a bigger say in how large tech firms handled their personal information.
The EU’s adoption of the GDPR inspired regulators in other countries to tighten the rules governing Big Tech as similar statutes were passed in countries like Brazil and Australia.
In the US, federal regulators have been lax in enforcing privacy regulations on Big Tech, so that has forced states like Virginia and California to enact their own consumer protection laws.