Yesterday, the French Supervisory AuthorityAn authority established by its member state to supervise the compliance of data protection regulation. (CNIL) imposed a fine of €60 million on Facebook (for facebook.com) and a whopping €150 million on Google (for google.fr and youtube.com) due to their non-compliant cookie management platforms.
Following investigations into both Google and Facebook, the CNIL found that the tech giants were in breach of Article 82 of the French Data Protection Act when they offered an ‘accept all’ button but failed to create a ‘reject all’ option for users. The CNIL highlighted that organisations must make rejecting the use of non-essential cookiesCookies created by third parties and dropped on website users, for the purposes of analytics or advertisement tracking. as easy as they make it for users to accept the use of non-essential cookiesData which tracks a visitor’s movement on a website and remembers their behaviour and preferences..
In the cases of Google and Facebook, both organisations’ consentAn unambiguous, informed and freely given indication by an individual agreeing to their personal data being processed. management platforms had “accept all” buttons that the user could click immediately, however, if the user wanted to reject all cookies, they had to click on a number of links in order to do so.
The huge fines handed out by the CNIL in these cases indicate that cookies are becoming a hot topic among regulators, and this may well be the beginning of a year in which compliance with ePrivacy legislation comes more to the forefront. Whilst we will have to wait and see whether this crackdown on cookies continues, these fines should certainly be a wake up call to all businesses using cookies that they need to get their house in order.