Securiti Named a 2022 Cool Vendor in Data Security by GartnerDownload Now
Published on January 15, 2022 AUTHOR - Privacy Research Team
If there were any lingering doubts about how seriously Europe takes its users' privacy in 2022, they were put to rest this week. Google & Facebook have been fined a combined €210m (£176m) by the Commission Nationale de l’Informatique et des Libertés (CNIL) in France.
While neither the General Data Protection Regulation (GDPR) nor France's own Data Protection Law outlaw cookies, it requires all businesses using cookies on their site to make it easier for users to opt-out. Additionally, it requires businesses to make it explicitly clear to users what information will be collected with these cookies.
Karin Kiefer, the CNIL's head of data protection and sanctions, stated that one of the primary reasons Facebook & Google faced this penalty was the failure to make the opt-out process just as easy as accepting cookies. It takes one click to accept all cookies, and yet a user may have to go to multiple pages and make several clicks before it can revoke prior given consent to cookies.
In a detailed press release, the CNIL has provided further details of what the fine means for both companies. Following the CNIL's own investigations, facebook.com, google.fr, and youtube.com, did not make opting out as easy as required by law. This imbalance hinders the users' ability to choose freely between accepting or rejecting cookies.
This was judged to be an infringement of Article 82 of the French Data Protection Act, leading to both Facebook & Google being fined.
These stringent actions from CNIL come after it mandated all organisations to keep a documented audit trail of all user rejections to cookies for a period of 6 months in 2020. Additionally, it required all businesses to keep a button or link to the preference center on all their web pages, so users can easily change their acceptance of cookies at any stage of their browsing session.
Straying afoul of that last provision is what may have led to such hefty fines for Facebook & Google. It is also being seen as a message for all other businesses operating in France to bring their practices in line or be at risk to receive similar fines.
While Facebook & Google may have gotten 3 months to remedy their current cookie consent practices, other businesses may not receive such a leeway from CNIL. Moreover, since France has now set a precedent, other regulatory authorities in Europe and globally may exercise their authority in mandating businesses’ responsibility related to cookies as well.
Securiti is a market leader in providing enterprise solutions to cookie consent management thanks to its PrivacyOps framework. Securiti’s artificial intelligence and machine-learning-based tools can help any organisation automate its cookie consent protocols and ensure they remain compliant with every major data protection law globally.
Request a demo today to see Securiti’s tools in action and see first-hand how it can aid your compliance efforts.
September 22, 2022
Organizations have suffered considerable losses due to data breaches, cybersecurity flaws, human errors, the absence of automated tools, and a lack of understanding of current and impending data privacy legislation. As a result, privacy law certifications have become...
September 22, 2022
Privacy laws and regulations are enacted to bring transparency and accountability to an organization’s behavior when it comes to collecting and processing users’ personal data. Before the introduction of the GDPR article 30, accountability and transparency associated with...
September 22, 2022
Session Cookies & How They Build a Great Browsing Experience A memorable and positive user experience on any website relies heavily on the user navigating the site seamlessly without any issues—the slightest of glitches can put that user...
PO Box 13039,
Coyote CA 95013