Paris—France’s CNIL data privacy watchdog said Thursday it had fined two Google units a total of 100 million euros and an Amazon subsidiary 35 million euros over advertising cookies.
The regulator said the fines were “for having placed advertising cookies on the computers of users … without obtaining prior consent and without providing adequate information.”
A cookie is a small piece of data stored on a user’s computer browser that allows websites to identify users and remember their previous activity.
The CNIL said when a user visited the website google.fr, several cookies used for advertising purposes were automatically placed on his or her computer, without any action required on the user’s part.
It said a similar thing happened when visiting one page on the amazon.fr website.
CNIL said this type of cookie “can only be placed after the user has expressed his or her consent” and thus violated regulations on receiving prior consent.
It faulted Google for providing insufficient privacy information for users as it did not let them know about the cookies which had been placed and that the procedure to block them still left one operational.
CNIL also said Amazon had not provided clear or complete information about the cookies it placed on computers of users until a redesign in September 2020.
Google also stopped placing cookies on the computers of users without consent in September, CNIL said, but added it still does not provide a sufficient explanation for their use.
The regulator said “no matter what path the users used to visit the website, they were either insufficiently informed or never informed of the fact that cookies were placed on their computer.”
The 35-million-euro ($42-million) fine is on the Amazon Europe Core subsidiary.
CNIL imposed fines of 60 million euros on Google LLC and 40 million euros on Google Ireland Limited.