IDC Names Securiti a Worldwide Leader in Data Privacy


Facebook & Google Face €210m Fine For Privacy Non-Compliance

Published January 15, 2022 / Updated November 22, 2023

Listen to the content

If there were any lingering doubts about how seriously Europe takes its users' privacy in 2022, they were put to rest this week. Google & Facebook have been fined a combined €210m (£176m) by the Commission Nationale de l’Informatique et des Libertés (CNIL) in France.

Google was fined the bulk of that amount at €150m while Facebook was handed out a €60m fine for making it cumbersome and difficult for internet users in the country to refuse the use of cookies.

While neither the General Data Protection Regulation (GDPR) nor France's own Data Protection Law outlaw cookies, it requires all businesses using cookies on their site to make it easier for users to opt-out. Additionally, it requires businesses to make it explicitly clear to users what information will be collected with these cookies.

Karin Kiefer, the CNIL's head of data protection and sanctions, stated that one of the primary reasons Facebook & Google faced this penalty was the failure to make the opt-out process just as easy as accepting cookies. It takes one click to accept all cookies, and yet a user may have to go to multiple pages and make several clicks before it can revoke prior given consent to cookies.

In a detailed press release, the CNIL has provided further details of what the fine means for both companies. Following the CNIL's own investigations, ​​,, and, did not make opting out as easy as required by law. This imbalance hinders the users' ability to choose freely between accepting or rejecting cookies.

This was judged to be an infringement of Article 82 of the French Data Protection Act, leading to both Facebook & Google being fined.

That's not the end of the bad news for both the organisations as CNIL added that both are required to comply with its orders and reform their cookie policy within a period of 3 months. If unsuccessful, both Facebook & Google will be fined €100,000 for every day of delay after the period of 3 months.

These stringent actions from CNIL come after it mandated all organisations to keep a documented audit trail of all user rejections to cookies for a period of 6 months in 2020. Additionally, it required all businesses to keep a button or link to the preference center on all their web pages, so users can easily change their acceptance of cookies at any stage of their browsing session.

Straying afoul of that last provision is what may have led to such hefty fines for Facebook & Google. It is also being seen as a message for all other businesses operating in France to bring their practices in line or be at risk to receive similar fines.

Avoid Similar Fines With Securiti

While Facebook & Google may have gotten 3 months to remedy their current cookie consent practices, other businesses may not receive such a leeway from CNIL. Moreover, since France has now set a precedent, other regulatory authorities in Europe and globally may exercise their authority in mandating businesses’ responsibility related to cookies as well.

Securiti is a market leader in providing enterprise solutions to cookie consent management thanks to its PrivacyOps framework. Securiti’s artificial intelligence and machine-learning-based tools can help any organisation automate its cookie consent protocols and ensure they remain compliant with every major data protection law globally.

Request a demo today to see Securiti’s tools in action and see first-hand how it can aid your compliance efforts.

Omer Imran Malik

Authored by Omer Imran Malik

Omer Imran Malik (CIPP/US, CIPM) is a data privacy and technology lawyer with significant experience in advising governments, technology companies, NGOs and legislative think-thanks on data privacy and technology related legal issues and is an expert in modeling legal models for legal technology. He has been a prominent contributor to numerous esteemed publications, including Dawn News, IAPP and has spoken at the World Ethical Data Forum as well.

His in-depth knowledge and extensive experience in the industry make him a trusted source for cutting-edge insights and information in the ever-evolving world of data privacy, technology and AI related legal developments.

Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox


More Stories that May Interest You

At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.


Gartner Cool Vendor Award Forrester Badge IAPP Innovation award 2020 IDC Worldwide Leader RSAC Leader CBInsights Forbes Security Forbes Machine Learning G2 Users Most Likely To Recommend