Published 04:39 IST, December 11th 2020
Google, Amazon slapped $163 million penalty for privacy breach in France
CNIL’s restriction committee informed that Google and Amazon committed at least three breaches of Article 82 of the French Data Protection Act.
On December 10, the French Privacy Watchdog CNIL slapped financial penalties of 60 million euros against tech giant Google and a separate 40 million euros fine against Google Ireland and an additional 35 million euros on Amazon Europe (total of $163 million) for listing advertising cookies on users’ computers illegally.
CNIL’s restriction committee informed in an update that the agency imposed sanctions on the search engine and the online portal amazon for violating guidelines of the French Data Protection Act, having sought no prior permission for ad listing for the users. Companies committed at least three breaches of Article 82 of the French Data Protection Act, CNIL informed.
The French websites of the firms breached Article 82 of France’s internet laws after they stored the cookies and used them for advertising purposes without the agreement from either the users or the government. The tech giants accumulated monetary profits without any transparency about the targeted adverts. The information banner listed by companies, for instance, stated, "By using this website, you accept our use of cookies allowing to offer and improve our services."
50 million users impacted
The information was not only incomplete but also misleading as the users wouldn’t decipher that the cookies stored by the firms will be used to display personalised ads on their computers. It also, as the CNIL noted, devoid the users of opting out of those ads.
CNIL declared that the companies failed to comply with legal obligations, adding that users were illicitly taken to another website in case they clicked on the advertisements. As many as 50 million users were impacted, according to CNIL’s report.
As a repercussion to the violation of users' privacy, the CNIL also threatened an additional penalty payment of 100, 000 euros per day after it asked the firms to adequately inform individuals within three months about the breach of privacy. The operations related to the use of cookies fall under the "ePrivacy" directive, CNIL clarified, adding that the agency was legally and materially competent to control and sanction cookies for targeted advertisement.
Updated 04:39 IST, December 11th 2020