The CNIL has sanctioned actors on several occasions for failing to comply with the legislation:
- In December 2020, Google was fined €100 million for placing advertising cookies without the prior consent of internet users or satisfactory information;
- In December 2020, Amazon was fined 35 million euros for the same breaches;
- In July 2021, Société du Figaro was fined 50,000 euros for placing cookies before any action by the user (acceptance or refusal of cookies).
Despite these sanctions and the formal notices issued by the CNIL , some economic players are still reluctant to comply.
In December 2021, the CNIL (French Data Protection Authority) once again sanctioned Google for breaches in this area. This time, the CNIL found that to consent to the reading and/or writing of cookies, a user visiting the "google.fr" page only had to click the "I agree" button in the pop-up window, which closed the window and allowed them to continue browsing. However, a user visiting the same homepage and wishing to refuse cookies had to perform at least five actions. The CNIL thus considers that making the cookie refusal mechanism more complex than the acceptance mechanism effectively discourages users from refusing cookies and encourages them to favor the ease of the "I agree" button. Under these conditions, the user's consent is not freely given, and the company is in breach of the law.
Google was fined €150 million and ordered to comply within three months, with a penalty of €100,000 per day of delay. Google was not the only company to be sanctioned in December 2021; Facebook was also fined €60 million for the same reasons.
A properly configured and comprehensive cookie banner is now absolutely essential on all websites that use cookies. We are available to assist you with this configuration and the relevant legislation.
