French regulators fined Google and Facebook 210 million euros ($237 million) for their use of “cookies,” the data used to track users online, officials announced Thursday.
US tech behemoths such as Apple and Amazon have come under increasing scrutiny for their business practices in Europe, where they have faced massive fines and plans to impose far-reaching EU rules on how they operate.
The 150-million-euro fine imposed on Google was a record for France’s National Commission for Information Technology and Freedom (CNIL), surpassing the company’s previous cookie-related fine of 100 million euros in December 2020.
Facebook was fined 60 million euros.
The two platforms have three months to change their practices before France imposes fines of 100,000 euros per day, according to CNIL.
Following the ruling, Google told AFP that it would change its practices.
“In accordance with internet users’ expectations… we are committed to implementing new changes as well as actively working with CNIL in response to its decision,” the US firm said in a statement.
Cookies are small data packets that are installed on a user’s computer when they visit a website, allowing web browsers to save session information.
They are extremely valuable to Google and Facebook as methods of personalizing advertising, which is their primary source of revenue.
However, privacy advocates have long resisted.
Since the European Union passed a personal data law in 2018, internet companies have been subject to stricter rules requiring them to obtain users’ explicit consent before installing cookies on their computers.
CNIL contended that Google, Facebook, and YouTube make it very simple to consent to cookies through a single click.
It had given internet companies until April 2021 to comply with the stricter privacy rules, warning that if they did not, they would face sanctions.
The French newspaper Le Figaro was the first to be sanctioned, receiving a 50,000 euro fine in July for allowing advertising partners to install cookies without the direct approval of users, or even after they had rejected them.
CNIL recently stated that it had issued 90 formal notices to websites since April.
The fines were levied in accordance with an earlier EU law, the General Data Protection Regulation, with CNIL claiming that the companies failed to provide “sufficiently clear” information about cookies to users.