Advertising cookies: after Google, Facebook and Amazon, the Cnil sanctions Microsoft

The use of cookies on the internet is regulated by law. It should be as easy for the user to accept them as to refuse them, but this is not always the case. Microsoft has been pinned by the CNIL for its practices.

It’s not always easy to get rid of cookies when browsing the internet. However, the user must be able to refuse them as simply as to accept them, it is the law. After Google, Facebook and Amazon, the CNIL (National Commission for Computing and Liberties) announced on Thursday a fine of 60 million euros against the American computer giant Microsoft for not allowing to simply refuse cookies on its Bing search engine.

This is the most important amendment pronounced in 2022 by the authority, which had indicated last year to launch a campaign of controls against the sites not respecting the rules on these cookies of the web.

This sanction is also one of the last of this cycle and the Cnil has already been announced look to irregularities within mobile applications.

Rejecting cookies should be as simple as accepting them

Microsoft is first sanctioned because French Bing users could not, until March 29, refuse all cookies without going through a tedious configuration. The rule is clear: The user must be able to accept or refuse the deposit and/or the reading of cookies with the same degree of simplicity “, specifies the Cnil.

These cookies are small computer files installed by websites on the patients of their visitors, for technical purposes or targeted advertising. In particular, they allow the authorities to trace the user’s navigation, to be able to send him personalized advertising related to his areas of interest. They are regularly denounced to reach them to the private life that they can cause.

The Restricted Committee noted that making the refusal mechanism more complex amounts, in reality, to discouraging users from refusing cookies and encouraging them to favor the ease of the consent button appearing in the first window.“, writes the Cnil in a press release.

The commission also identified the installation of two cookies without the prior consent of Internet users, while they served advertising purposes, including the “fight against advertising fraud”, i.e. the consultation of advertisements by robots.

On this point, the committee’s restricted formation ordered Microsoft to modify its practices on the “” site within three months, under penalty of having to pay 60,000 euros per day of delay.

“Up to 2% of global turnover”

Even before the start of this investigation, we have cooperated with the Cnil and introduced key changes to our cookie practices“Reacted a Microsoft spokesperson.

We are concerned about the CNIL’s position on advertising fraud and believe that it will harm the general public as well as French companies by contributing to the generalization of online fraud.“, he added.

For these breaches related to the European ePrivacy directive transposed into French law in the Data Protection Act, the Cnil could impose a fine of up to 2% of worldwide turnover.

In its press release, the CNIL justified the amount of the fine “by the scope of the (data) processing, by the number of data subjects and by the profits that the company derives from the advertising revenue generated from the data generated by the cookies“, much less than those of Google and Facebook.

The online search giant and the social network had been sanctioned at the end of December 2021 by the Cnil fines of 150 and 60 million euros respectively for similar breachesand had been forced to comply within three months.

Google had announced changes to this effect in April and the Cnil had announced in July the injunction issued against Facebook, after the company set up a button to accept “only essential cookies“.

Google and Amazon were also sanctioned at the end of 2020 with fines of 100 and 35 million euros for failure to provide information prior to the deposit of cookies.

Leave a Comment