The French privacy regulator announced on Thursday that it had penalized Microsoft, a major US technology company, 60 million euros ($64 million) for forcing advertising cookies on customers.
CNIL Conducted a Number of Inspections
The CNIL carried out several checks on the website regarding the terms for the deposit of cookies on “bing.com.”
It was discovered that when a user went to that site, cookies were secretly installed on his computer while they, among other things, sought an advertising goal. It also mentioned the absence of a button that would make rejecting the deposit of cookies as simple as accepting it.
It was found that when a user visited the “bing.com” search engine, a cookie was immediately and without his consent placed on his terminal with multiple goals in mind, including preventing advertising fraud.
A cookie for advertising purposes was placed on his computer when he continued to use the search engine, always without first obtaining his permission.
Further, two clicks were required to refuse all cookies, and only one to accept them. It considered that such a procedure infringed the freedom of permission of internet users.
Therefore, according to the legislation, this kind of cookie can only be placed with the user’s permission.
France Fines Microsoft 60 Million Euros
Hence, the company MICROSOFT IRELAND OPERATIONS LIMITED was fined 60 million euros by the restricted formation, the CNIL body in charge of issuing sanctions, and this decision was made public.
This sum was justified by the extent of the processing, the number of data subjects, and the profits the business makes from advertising income derived in part from cookie-collected data.
The report states that the restricted formation also approved a penalty-based injunction requiring the company to obtain the consent of persons residing in France before depositing cookies and tracers on their terminals on the website “bing.com” within three months.
In any other case, the business will be required to pay a fine of 60,000 euros for each day of delay.
Because the usage of cookies is done in the “context of the activities” of the company MICROSOFT FRANCE, which is the “establishment” of the MICROSOFT group on French territory, the restricted formation believed that the CNIL also has territorial jurisdiction.
Managed DDoS Attack Protection for Applications – Download Free Guide