France’s premier data protection agency, the CNIL, fined tech titans Google and Amazon today for dropping tracking cookies without user consent. This breach of cookie rules resulted in the agency slapping its biggest ever fine of $121 million on Google, and a $42 million fine on Amazon.
In its investigations over the past year, the French regulator found that both Google and Amazon were automatically dropping tracking cookies whenever a user visited their domains. This violates the country’s Data Protection Act, hence why the agency took action against the two companies.
Google got the heavier of the two fines because CNIL found three consent violations related to dropping non-essential cookies in its case. Amazon, on the other hand, was found guilty of two consent violations, as per the CNIL’s penalty notice.
“As this type of cookies cannot be deposited without the user having expressed his consent, the restricted committee considered that the companies had not complied with the requirement provided for by article 82 of the Data Protection Act and the prior collection of the consent before the deposit of non-essential cookies,” the French watchdog explained.
CNIL also noted that the information provided to site visitors about the cookies was simply not adequate enough. For instance, the banner displayed by Google did not provide specific information about the tracking cookies being dropped.
Both Amazon and Google have yet to comment on the situation.