The Cnil, guardian of the privacy of the French, has sanctioned the American computer giant Microsoft with a fine of 60 million euros for not having allowed to simply refuse the “coNoel Celis
This is the largest fine imposed in 2022 by the authority, which indicated last year to launch a campaign of controls against sites that do not respect the rules on these web cookies.
This sanction is also one of the last of this cycle and the CNIL has already announced that it is looking into irregularities within mobile applications.
Microsoft is first sanctioned because French Bing users could not, until March 29, refuse all cookies without going through a tedious configuration.
These cookies are small computer files installed by websites on the terminals of their visitors, for technical purposes or targeted advertising.
In particular, they allow the advertising agencies to trace the user’s navigation, in order to be able to send him personalized advertising in connection with his centers of interest. They are regularly denounced to reach them to the private life that they can cause.
“The Restricted Committee noted that making the refusal mechanism more complex amounts, in reality, to discouraging users from refusing cookies and encouraging them to favor the ease of the consent button appearing in the first window”, writes the Cnil in a statement.
The commission also identified the installation of two cookies without the prior consent of Internet users, while they served advertising purposes, including the “fight against advertising fraud”, i.e. the consultation of advertisements by robots.
On this point, the restricted formation of the commission ordered Microsoft to modify its practices on the “bing.com” site within three months, under penalty of having to pay 60,000 euros per day of delay.
– “Up to 2% of global turnover” –
“Even before the start of this investigation, we have cooperated with the Cnil and introduced key changes to our cookie practices,” a Microsoft spokesperson told AFP.
“We are concerned about the CNIL’s position on advertising fraud and believe that it will harm the general public as well as French companies by contributing to the generalization of online fraud”, he added.
For these breaches related to the European ePrivacy directive transposed into French law in the Data Protection Act, the Cnil could impose a fine of up to 2% of worldwide turnover.
In its press release, the Cnil justified the amount of the amendment “by the scope of the processing (of data), by the number of people concerned and by the profits that the company derives from the advertising revenues generated from the additional data by the cookies”, much less than those of Google and Facebook.
The online search giant and the social network had been sanctioned at the end of December 2021 by the Cnil with amendments of 150 and 60 million euros respectively for similar breaches, and had been forced to comply within three months. .
Google had announced changes to this effect in April and the Cnil had announced in July the injunction pronounced against Facebook, after the company set up a button to accept “only essential cookies”.
Google and Amazon were also sanctioned at the end of 2020 with fines of 100 and 35 million euros for failure to provide information prior to the deposit of cookies.