France fines Facebook and Google for violating European cookie law: you must make refusing a cookie as easy as accepting it | Rothwell, Figg, Ernst & Manbeck, CP
France recently fined Alphabet Inc’s Google $ 169 million and Meta Platform’s Facebook $ 67 million fine for violating the European Directive on Electronic Privacy (a.k.a. cookies ”) by requiring too many“ clicks ”for users to reject cookies. The result was that many users simply accepted cookies, allowing IDs to track their data. The French regulator has given companies three months to find a solution to reject cookies as easily as accept cookies. This is an important message for all businesses as they review their cookie compliance in 2022: It’s as easy to decline a cookie as it is to accept one.
Interestingly, these recent fines were not imposed under the GDPR, but rather under the old e-Privacy Directive which has been in effect since 2002. Unlike the GDPR, which only allows regulators to impose From fines to companies that have their European headquarters in this country, regulators can impose fines under the e-Privacy Directive on any company that does business in its jurisdiction.
The EU Cookie Law (which is not actually a law, but a directive) entered into force in 2002 and was amended in 2009 (amendment effective since 2011). This directive regulates the processing of personal data in the electronic communications sector and, in particular, regulates the use of electronic cookies on websites by conditioning the use on the prior consent of users. Unless cookies are deemed strictly necessary for the most basic functions of a website (for example, cookies that manage shopping cart content), users should be provided with clear and complete information about the purposes of processing data, storage, retention and access, and they must also be able to give consent and have a means to withhold consent.