Securiti Named a 2022 Cool Vendor in Data Security by GartnerDownload Now
Published on January 15, 2022 AUTHOR - Privacy Research Team
If there were any lingering doubts about how seriously Europe takes its users' privacy in 2022, they were put to rest this week. Google & Facebook have been fined a combined €210m (£176m) by the Commission Nationale de l’Informatique et des Libertés (CNIL) in France.
While neither the General Data Protection Regulation (GDPR) nor France's own Data Protection Law outlaw cookies, it requires all businesses using cookies on their site to make it easier for users to opt-out. Additionally, it requires businesses to make it explicitly clear to users what information will be collected with these cookies.
Karin Kiefer, the CNIL's head of data protection and sanctions, stated that one of the primary reasons Facebook & Google faced this penalty was the failure to make the opt-out process just as easy as accepting cookies. It takes one click to accept all cookies, and yet a user may have to go to multiple pages and make several clicks before it can revoke prior given consent to cookies.
In a detailed press release, the CNIL has provided further details of what the fine means for both companies. Following the CNIL's own investigations, facebook.com, google.fr, and youtube.com, did not make opting out as easy as required by law. This imbalance hinders the users' ability to choose freely between accepting or rejecting cookies.
This was judged to be an infringement of Article 82 of the French Data Protection Act, leading to both Facebook & Google being fined.
These stringent actions from CNIL come after it mandated all organisations to keep a documented audit trail of all user rejections to cookies for a period of 6 months in 2020. Additionally, it required all businesses to keep a button or link to the preference center on all their web pages, so users can easily change their acceptance of cookies at any stage of their browsing session.
Straying afoul of that last provision is what may have led to such hefty fines for Facebook & Google. It is also being seen as a message for all other businesses operating in France to bring their practices in line or be at risk to receive similar fines.
While Facebook & Google may have gotten 3 months to remedy their current cookie consent practices, other businesses may not receive such a leeway from CNIL. Moreover, since France has now set a precedent, other regulatory authorities in Europe and globally may exercise their authority in mandating businesses’ responsibility related to cookies as well.
Securiti is a market leader in providing enterprise solutions to cookie consent management thanks to its PrivacyOps framework. Securiti’s artificial intelligence and machine-learning-based tools can help any organisation automate its cookie consent protocols and ensure they remain compliant with every major data protection law globally.
Request a demo today to see Securiti’s tools in action and see first-hand how it can aid your compliance efforts.
May 24, 2022
In today’s digital world, businesses collect a wealth of personal data, rely on it, and use it for assessing data subjects’ preferences, building their profiles, and sending targeted advertisements, promotions, customized products, and recommendations or suggestions that you...
May 16, 2022
For transfers from the UK to non-adequate third countries (mostly countries not in the EEA), the ICO has released the International Data Transfer Agreement (IDTA) and draft guidance on transfer risk assessments. The IDTA is considered to be...
May 13, 2022
Access to a user’s personal data is of immense importance to any website. It is a critical element in ensuring they can create a personalized experience for their users based on their browsing patterns. Additionally, it gives them...
PO Box 13039,
Coyote CA 95013